You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2018/08/14 20:14:00 UTC
[jira] [Created] (HADOOP-15672) add s3guard CLI command to generate
session keys for an assumed role
Steve Loughran created HADOOP-15672:
---------------------------------------
Summary: add s3guard CLI command to generate session keys for an assumed role
Key: HADOOP-15672
URL: https://issues.apache.org/jira/browse/HADOOP-15672
Project: Hadoop Common
Issue Type: Sub-task
Components: fs/s3
Affects Versions: 3.2
Reporter: Steve Loughran
the aws cli [get-session-token|https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html] can generate the keys for short-lived session.
I'd like something similar in an s3guard command, e.g. "create-role-keys", which would take the existing (full) credentials and optionally:
* ARN of role to adopt
* duration
* name
* restrictions as path to a JSON file or just stdin
* output format
* whether to use a per-bucket binding for the credentials in the property names generated
* MFA secrets
output formats
* A JCEKS file (with chosen passwd? For better hive use: append/replace entries in existing file); saved through the hadoop FS APIs to HDFS, file:// or elsewhere
* hadoop config XML
* spark properties
The goal here is to have a workflow where you can generate role credentials to use for a limited time, store them in a JCEKS file and then share them in your jobs. This can be for: Jenkins, Oozie, build files, ..
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org