You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2019/12/03 11:17:00 UTC
[jira] [Commented] (HADOOP-16741) Make `dynamodb:TagResource` an
explicit client-side permission for S3Guard
[ https://issues.apache.org/jira/browse/HADOOP-16741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16986803#comment-16986803 ]
Steve Loughran commented on HADOOP-16741:
-----------------------------------------
[~gabor.bota] -fancy a look at this?
It'll show you how we dynamically generate the permissions for AssumedRole delegation tokens
> Make `dynamodb:TagResource` an explicit client-side permission for S3Guard
> --------------------------------------------------------------------------
>
> Key: HADOOP-16741
> URL: https://issues.apache.org/jira/browse/HADOOP-16741
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.3.0
> Reporter: Steve Loughran
> Priority: Minor
>
> We now attempt to tag a DDB table on init if it is untagged (HADOOP-16520). This isn't covered in the documentation (assumed_roles.md), or in the set of permissions generated in {{RolePolicies.allowS3GuardClientOperations()}} where it is used to create assumed role permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org