Bug 1473190 - Test various S3 authentication mechanisms added to S3a in Hadoop 2.8.0
Summary: Test various S3 authentication mechanisms added to S3a in Hadoop 2.8.0
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 3.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: 4.0
Assignee: Matt Benjamin (redhat)
QA Contact: ceph-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks: 1473188
TreeView+ depends on / blocked
 
Reported: 2017-07-20 08:19 UTC by Kyle Bader
Modified: 2019-02-20 14:31 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-20 14:31:39 UTC
Embargoed:


Attachments (Terms of Use)

Description Kyle Bader 2017-07-20 08:19:11 UTC
Insofar our testing of S3A has been by simply providing the two configuration options for the management of S3 Access credentials:

fs.s3a.access.key
fs.s3a.secret.key

Hortonworks documentation outlines a number of alternative authentication mechanisms that we need to verify with Ceph RADOS gateway.

1. AWS Session Tokens with S3A
2. S3A with Credentials File
   * More secure way of managing keys
3. Per bucket access keys
   * When access is required for plural buckets with distinct access credentials)
4. IAM instances for OpenStack?
   * I'm not sure we can do this, but perhaps there is a way to do something similar by extending Keystone or similar?

I would prioritize 1,2,3. Doing 4 likely requires collaboration with the OSP folks. The folks relevant to this work would are probably engineers working on keystone and sahara.

Comment 2 Vasu Kulkarni 2017-07-20 19:55:29 UTC
I think this should be part of rhcs 3.0 trello card instead of bz so that it can get the right priority and planning.

Comment 4 Kyle Bader 2017-07-26 16:53:33 UTC
We should definitely put these BZs and/or the tracking BZ #1473188 to the RHCS 3.0 Trello planning.

Comment 9 Kyle Bader 2017-11-09 14:18:49 UTC
#1 will not be possible without STS.

Comment 19 Drew Harris 2019-02-20 14:31:39 UTC
I have closed this issue because it has been inactive for some time now. If you feel this still deserves attention feel free to reopen it.


Note You need to log in before you can comment on or make changes to this bug.