Details
-
Sub-task
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.3.2
-
None
-
None
Description
There are some minor issues in using the S3A connector's more advanced features in china
see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
Specifically, that "arn:aws:" prefix we use for all arns needs to be configurable so that aws-cn can be used instead.
This means finding where we create and use these in production code (dynamically creating IAM role policies) and in tests, and making it configurable.
proposed
- add an option fs.s3a.aws.partition, default aws.
- new StoreContext methods to query this, and create the arn for the current bucket (string concat or from the bucket's ARN if created with an AP ARN)
- docs
I remember ABFS had a problem with oauth endpoints, that was a lot more serious.
Can't think of real tests for this, other than verifying that if you create an invalid partition "aws-mars" some things break.
someone needs to run all our existing tests in china, including those with IAM roles and SSE-KMS.
Attachments
Issue Links
- relates to
-
-
- Open
-
-
HADOOP-18328 S3A supports S3 on Outposts
-
- Resolved
-