Red Hat Bugzilla – Bug 1473190
Test various S3 authentication mechanisms added to S3a in Hadoop 2.8.0
Last modified: 2017-11-09 09:18:49 EST
Insofar our testing of S3A has been by simply providing the two configuration options for the management of S3 Access credentials:
Hortonworks documentation outlines a number of alternative authentication mechanisms that we need to verify with Ceph RADOS gateway.
1. AWS Session Tokens with S3A
2. S3A with Credentials File
* More secure way of managing keys
3. Per bucket access keys
* When access is required for plural buckets with distinct access credentials)
4. IAM instances for OpenStack?
* I'm not sure we can do this, but perhaps there is a way to do something similar by extending Keystone or similar?
I would prioritize 1,2,3. Doing 4 likely requires collaboration with the OSP folks. The folks relevant to this work would are probably engineers working on keystone and sahara.
I think this should be part of rhcs 3.0 trello card instead of bz so that it can get the right priority and planning.
We should definitely put these BZs and/or the tracking BZ #1473188 to the RHCS 3.0 Trello planning.
#1 will not be possible without STS.