Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.4.0
Description
With the directory marker change (HADOOP-13230) you need the s3:deleteObjectVersion permission in your role, else the operation will fail in the bulk delete, if S3Guard is in use
Root cause
-if fileStatus has a versionId, we pass that in to the delete KeyVersion pair
-an unguarded listing doesn't get that versionId, so this is not an issue
-but if files in a directory were previously created such that S3Guard has their versionId in its tables, that is used in the request
-which then fails if the caller doesn't have the permission
Although we say "you need s3:delete*", this is a regression as any IAM role without the permission will have rename fail during delete
Attachments
Issue Links
- is caused by
-
HADOOP-13230 S3A to optionally retain directory markers
- Resolved
- links to