Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15226 Über-JIRA: S3Guard Phase III: Hadoop 3.2 features
  3. HADOOP-15572

Test S3Guard ops with assumed roles & verify required permissions

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 3.1.0
    • Fix Version/s: None
    • Component/s: fs/s3
    • Labels:
      None

      Description

      We haven't documented permissions for S3Guard (WiP of mine); when I try to test using the AssumedRoleCredentialProvider & a role nominally restricted to R/W of S3guard but not create/delete, I can still create and destroy buckets

      Either I've got my list wrong, or how S3Guard sets up its auth isn't right & somehow falling back to the full role

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                stevel@apache.org Steve Loughran
                Reporter:
                stevel@apache.org Steve Loughran
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: