Bug 1473190 - Test various S3 authentication mechanisms added to S3a in Hadoop 2.8.0 [NEEDINFO]
Test various S3 authentication mechanisms added to S3a in Hadoop 2.8.0
Status: POST
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RGW (Show other bugs)
Unspecified Unspecified
low Severity unspecified
: rc
: 3.1
Assigned To: Matt Benjamin (redhat)
Depends On:
Blocks: 1473188
  Show dependency treegraph
Reported: 2017-07-20 04:19 EDT by Kyle Bader
Modified: 2017-11-09 09:18 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mbenjamin: needinfo? (uboppana)

Attachments (Terms of Use)

  None (edit)
Description Kyle Bader 2017-07-20 04:19:11 EDT
Insofar our testing of S3A has been by simply providing the two configuration options for the management of S3 Access credentials:


Hortonworks documentation outlines a number of alternative authentication mechanisms that we need to verify with Ceph RADOS gateway.

1. AWS Session Tokens with S3A
2. S3A with Credentials File
   * More secure way of managing keys
3. Per bucket access keys
   * When access is required for plural buckets with distinct access credentials)
4. IAM instances for OpenStack?
   * I'm not sure we can do this, but perhaps there is a way to do something similar by extending Keystone or similar?

I would prioritize 1,2,3. Doing 4 likely requires collaboration with the OSP folks. The folks relevant to this work would are probably engineers working on keystone and sahara.
Comment 2 Vasu Kulkarni 2017-07-20 15:55:29 EDT
I think this should be part of rhcs 3.0 trello card instead of bz so that it can get the right priority and planning.
Comment 4 Kyle Bader 2017-07-26 12:53:33 EDT
We should definitely put these BZs and/or the tracking BZ #1473188 to the RHCS 3.0 Trello planning.
Comment 9 Kyle Bader 2017-11-09 09:18:49 EST
#1 will not be possible without STS.

Note You need to log in before you can comment on or make changes to this bug.