HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add #4753

jmahonin · 2022-08-17T13:43:50Z

Description of PR

This applies an externalId value to the STSAssumeRoleSessionCredentialsProvider.Builder, if provided in the Hadoop config field fs.s3a.assumed.role.externalid.

This allows for AWS resources to have a trust policy for sts:AssumeRole that can match on the externalId which is now provided as part of the assume role request, in order to solve the confused deputy problem

I'm happy to take guidance on an improved unit test or any other changes. I'm relatively unfamiliar with the Hadoop unit testing framework.

How was this patch tested?

Manual testing, and now running in a production SaaS offering.

For code changes:

Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

steveloughran · 2022-08-17T14:33:31Z

which s3 region did you run the hadoop-aws integration tests against?

hadoop-yetus · 2022-08-17T15:27:57Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 11s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	37m 39s		trunk passed
+1 💚	compile	1m 3s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 54s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 53s		trunk passed
+1 💚	mvnsite	1m 1s		trunk passed
+1 💚	javadoc	0m 48s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 50s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 33s		trunk passed
+1 💚	shadedclient	25m 15s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 40s		the patch passed
+1 💚	compile	0m 44s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 44s		the patch passed
+1 💚	compile	0m 35s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 35s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 24s		the patch passed
+1 💚	mvnsite	0m 42s		the patch passed
+1 💚	javadoc	0m 24s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 30s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 17s		the patch passed
+1 💚	shadedclient	20m 41s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	3m 2s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 51s		The patch does not generate ASF License warnings.
		102m 8s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/1/artifact/out/Dockerfile
GITHUB PR	#4753
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint
uname	Linux d194f91c3a26 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `5afe1ed`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/1/testReport/
Max. process+thread count	700 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran

production code looks good.
proposed test changes
do need your declaration of which s3 endpoint you ran all the hadoop-aws tests

steveloughran · 2022-08-18T10:52:05Z

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java

@@ -182,6 +196,12 @@ protected Configuration createValidRoleConf() throws JsonProcessingException {
    return conf;
  }

+  protected Configuration createValidRoleConfWithExternalId() throws JsonProcessingException {


why this method? on L160 its setting is completely overwritten

steveloughran · 2022-08-18T10:53:52Z

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/ITestAssumeRole.java

@@ -152,6 +152,20 @@ public void testCreateCredentialProvider() throws IOException {
    }
  }

+  @Test
+  public void testCreateCredentialProviderWithExternalId() throws IOException {


how about a test where a known invalid id set, with the expectation of a failure. that way wire up can be verified and a new stack trace for troubleshooting.md/assumed_roles.md is created.

use intercept() to catch the exception by type, but don't include any string match on the message text...that has turned out to be very brittle with SDK updates

jmahonin · 2022-08-19T20:26:41Z

I've updated the test, and I attest that I ran all of the hadoop-aws tests, as well as integration tests against us-east-1.

However, I was unable to successfully run ITestDelegatedMRJob.testJobSubmissionCollectsTokens, I believe due to https://issues.apache.org/jira/browse/HADOOP-17784, although it may also be possible that I don't have the assume role configured correctly for this test.

This seems unrelated to the feature at hand, but I can revisit if required.

hadoop-yetus · 2022-08-19T21:42:46Z

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 59s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 1 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	38m 11s		trunk passed
+1 💚	compile	1m 1s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 56s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 53s		trunk passed
+1 💚	mvnsite	1m 2s		trunk passed
+1 💚	javadoc	0m 50s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 50s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 36s		trunk passed
+1 💚	shadedclient	21m 3s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 39s		the patch passed
+1 💚	compile	0m 43s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 43s		the patch passed
+1 💚	compile	0m 38s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 38s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 28s		the patch passed
+1 💚	mvnsite	0m 42s		the patch passed
+1 💚	javadoc	0m 24s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 32s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 15s		the patch passed
+1 💚	shadedclient	20m 38s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	3m 3s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 51s		The patch does not generate ASF License warnings.
		98m 23s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/2/artifact/out/Dockerfile
GITHUB PR	#4753
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint
uname	Linux 6303de1777b9 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `7e12347`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/2/testReport/
Max. process+thread count	722 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/2/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran · 2022-08-20T15:44:43Z

I was unable to successfully run ITestDelegatedMRJob.testJobSubmissionCollectsTokens

got a stack trace?

jmahonin · 2022-08-22T13:20:37Z

Tried with and without an fs.s3a.assumed.role.arn setting. I'm not sure if I'm expected to set up this dataset manually, or if there's some magic behind the scenes that should make it available?

[ERROR] testJobSubmissionCollectsTokens[0](org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob)  Time elapsed: 10.84 s  <<< ERROR!
org.apache.hadoop.fs.s3a.AWSBadRequestException: getFileStatus on s3a://landsat-pds/scene_list.gz: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: 16AXE4CXSVZBN8BH; S3 Extended Request ID: 3F4W4GXGPmUqh9fgojrQoGZYInEGXbKez4G3LAzmbSvL/1nyyyAq0kfXrr5LszB5B6wg7Inr6SM=; Proxy: null), S3 Extended Request ID: 3F4W4GXGPmUqh9fgojrQoGZYInEGXbKez4G3LAzmbSvL/1nyyyAq0kfXrr5LszB5B6wg7Inr6SM=:400 Bad Request: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: 16AXE4CXSVZBN8BH; S3 Extended Request ID: 3F4W4GXGPmUqh9fgojrQoGZYInEGXbKez4G3LAzmbSvL/1nyyyAq0kfXrr5LszB5B6wg7Inr6SM=; Proxy: null)
	at org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob.testJobSubmissionCollectsTokens(ITestDelegatedMRJob.java:281)
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: 16AXE4CXSVZBN8BH; S3 Extended Request ID: 3F4W4GXGPmUqh9fgojrQoGZYInEGXbKez4G3LAzmbSvL/1nyyyAq0kfXrr5LszB5B6wg7Inr6SM=; Proxy: null)
	at org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob.testJobSubmissionCollectsTokens(ITestDelegatedMRJob.java:281)

[ERROR] testJobSubmissionCollectsTokens[1](org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob)  Time elapsed: 7.758 s  <<< ERROR!
org.apache.hadoop.fs.s3a.AWSBadRequestException: getFileStatus on s3a://landsat-pds/scene_list.gz: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: W01GKMAXC95KHVPR; S3 Extended Request ID: OGWbDa4Lv6wwE9mBU6+QV+cYjZOgkRT3PFAvful1QZykKZ2t1ql/bNJaeiTZd/GjxFyE52/itms=; Proxy: null), S3 Extended Request ID: OGWbDa4Lv6wwE9mBU6+QV+cYjZOgkRT3PFAvful1QZykKZ2t1ql/bNJaeiTZd/GjxFyE52/itms=:400 Bad Request: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: W01GKMAXC95KHVPR; S3 Extended Request ID: OGWbDa4Lv6wwE9mBU6+QV+cYjZOgkRT3PFAvful1QZykKZ2t1ql/bNJaeiTZd/GjxFyE52/itms=; Proxy: null)
	at org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob.testJobSubmissionCollectsTokens(ITestDelegatedMRJob.java:281)
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: W01GKMAXC95KHVPR; S3 Extended Request ID: OGWbDa4Lv6wwE9mBU6+QV+cYjZOgkRT3PFAvful1QZykKZ2t1ql/bNJaeiTZd/GjxFyE52/itms=; Proxy: null)
	at org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob.testJobSubmissionCollectsTokens(ITestDelegatedMRJob.java:281)

steveloughran · 2022-08-22T15:47:32Z

maybe its a permissions thing. show the full stack trace for the failed tests, please

jmahonin · 2022-08-22T16:33:45Z

[ERROR] testJobSubmissionCollectsTokens[0](org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob)  Time elapsed: 15.048 s  <<< ERROR!
org.apache.hadoop.fs.s3a.AWSBadRequestException: getFileStatus on s3a://landsat-pds/scene_list.gz: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: D2F7W48K28SJYAQ8; S3 Extended Request ID: jFvfXqdgBlubfaH3svMYtDxgAqD9Ij9RZ/saXipGPoRXDeVUDT/ApOXfYINPOYfG/U+AjZyhfzc=; Proxy: null), S3 Extended Request ID: jFvfXqdgBlubfaH3svMYtDxgAqD9Ij9RZ/saXipGPoRXDeVUDT/ApOXfYINPOYfG/U+AjZyhfzc=:400 Bad Request: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: D2F7W48K28SJYAQ8; S3 Extended Request ID: jFvfXqdgBlubfaH3svMYtDxgAqD9Ij9RZ/saXipGPoRXDeVUDT/ApOXfYINPOYfG/U+AjZyhfzc=; Proxy: null)
	at org.apache.hadoop.fs.s3a.S3AUtils.translateException(S3AUtils.java:241)
	at org.apache.hadoop.fs.s3a.S3AUtils.translateException(S3AUtils.java:172)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.s3GetFileStatus(S3AFileSystem.java:3567)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.innerGetFileStatus(S3AFileSystem.java:3473)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.lambda$getFileStatus$24(S3AFileSystem.java:3450)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.invokeTrackingDuration(IOStatisticsBinding.java:547)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.lambda$trackDurationOfOperation$5(IOStatisticsBinding.java:528)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.trackDuration(IOStatisticsBinding.java:449)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.trackDurationAndSpan(S3AFileSystem.java:2341)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.trackDurationAndSpan(S3AFileSystem.java:2360)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.getFileStatus(S3AFileSystem.java:3448)
	at org.apache.hadoop.fs.Globber.getFileStatus(Globber.java:115)
	at org.apache.hadoop.fs.Globber.doGlob(Globber.java:349)
	at org.apache.hadoop.fs.Globber.glob(Globber.java:202)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.lambda$globStatus$32(S3AFileSystem.java:4387)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.invokeTrackingDuration(IOStatisticsBinding.java:547)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.lambda$trackDurationOfOperation$5(IOStatisticsBinding.java:528)
	at org.apache.hadoop.fs.statistics.impl.IOStatisticsBinding.trackDuration(IOStatisticsBinding.java:449)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.trackDurationAndSpan(S3AFileSystem.java:2341)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.trackDurationAndSpan(S3AFileSystem.java:2360)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.globStatus(S3AFileSystem.java:4380)
	at org.apache.hadoop.mapreduce.lib.input.FileInputFormat.singleThreadedListStatus(FileInputFormat.java:310)
	at org.apache.hadoop.mapreduce.lib.input.FileInputFormat.listStatus(FileInputFormat.java:278)
	at org.apache.hadoop.mapreduce.lib.input.FileInputFormat.getSplits(FileInputFormat.java:432)
	at org.apache.hadoop.mapreduce.JobSubmitter.writeNewSplits(JobSubmitter.java:310)
	at org.apache.hadoop.mapreduce.JobSubmitter.writeSplits(JobSubmitter.java:327)
	at org.apache.hadoop.mapreduce.JobSubmitter.submitJobInternal(JobSubmitter.java:200)
	at org.apache.hadoop.mapreduce.Job$11.run(Job.java:1677)
	at org.apache.hadoop.mapreduce.Job$11.run(Job.java:1674)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1919)
	at org.apache.hadoop.mapreduce.Job.submit(Job.java:1674)
	at org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob.testJobSubmissionCollectsTokens(ITestDelegatedMRJob.java:281)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
	at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
	at org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:61)
	at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:299)
	at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:293)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: D2F7W48K28SJYAQ8; S3 Extended Request ID: jFvfXqdgBlubfaH3svMYtDxgAqD9Ij9RZ/saXipGPoRXDeVUDT/ApOXfYINPOYfG/U+AjZyhfzc=; Proxy: null), S3 Extended Request ID: jFvfXqdgBlubfaH3svMYtDxgAqD9Ij9RZ/saXipGPoRXDeVUDT/ApOXfYINPOYfG/U+AjZyhfzc=
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1879)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1418)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1387)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1157)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:814)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:781)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:755)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:715)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:697)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:561)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:541)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5456)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5403)
	at com.amazonaws.services.s3.AmazonS3Client.getObjectMetadata(AmazonS3Client.java:1372)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.lambda$getObjectMetadata$11(S3AFileSystem.java:2511)
	at org.apache.hadoop.fs.s3a.Invoker.retryUntranslated(Invoker.java:468)
	at org.apache.hadoop.fs.s3a.Invoker.retryUntranslated(Invoker.java:431)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.getObjectMetadata(S3AFileSystem.java:2499)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.getObjectMetadata(S3AFileSystem.java:2479)
	at org.apache.hadoop.fs.s3a.S3AFileSystem.s3GetFileStatus(S3AFileSystem.java:3545)
	... 46 more

The other test stack trace is basically the same

steveloughran · 2022-08-23T12:36:44Z

that test adds "s3a://osm-pds/planet/planet-latest.orc" as a requester-pays source of data. make sure your role has the permissions to access it

jmahonin · 2022-08-23T16:23:00Z

It looks like the issue is in retrieving s3a://landsat-pds/scene_list.gz. The corresponding role should have full S3 access at this point.

I've enabled the low-level request tracing. Here's what it looks like for the first parameterized test:
testJobSubmissionCollectsTokens[0](org.apache.hadoop.fs.s3a.auth.delegation.ITestDelegatedMRJob)

2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "HEAD /scene_list.gz HTTP/1.1[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "Host: landsat-pds.s3.amazonaws.com[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "amz-sdk-invocation-id: <redacted>[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "amz-sdk-request: attempt=1;max=21[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "amz-sdk-retry: 0/0/500[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "Authorization: AWS4-HMAC-SHA256 Credential=<redacted>/20220823/us-east-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;amz-sdk-retry;content-type;host;referer;user-agent;x-amz-content-sha256;x-amz-date, Signature=<redacted>[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "Content-Type: application/octet-stream[\r][\n]"
2022-08-23 16:15:25,838 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "Referer: https://audit.example.org/hadoop/1/op_get_file_status/<redacted>/?op=op_get_file_status&p1=scene_list.gz&pr=jmahonin/localhost@EXAMPLE.COM&ps=<redacted>&id=<redacted>&t0=15&fs=<redacted>&t1=15&ts=1661271325482[\r][\n]"
2022-08-23 16:15:25,839 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "User-Agent: Hadoop 3.4.0-SNAPSHOT, aws-sdk-java/1.12.262 Linux/5.10.104-linuxkit OpenJDK_64-Bit_Server_VM/25.342-b07 java/1.8.0_342 kotlin/1.4.10 vendor/Private_Build cfg/retry-mode/legacy[\r][\n]"
2022-08-23 16:15:25,839 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "x-amz-content-sha256: UNSIGNED-PAYLOAD[\r][\n]"
2022-08-23 16:15:25,839 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "X-Amz-Date: 20220823T161525Z[\r][\n]"
2022-08-23 16:15:25,839 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
2022-08-23 16:15:25,839 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 >> "[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "HTTP/1.1 400 Bad Request[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "x-amz-request-id: ZMY1169S2RC7NEHP[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "x-amz-id-2: ENtHr5DR7HX+qkh5FfYQublaU82ykB/SD5fAvR5kC6JZJibFVLH6Rq+F/EutrE3dAL1uTz6yad8=[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "Content-Type: application/xml[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "Date: Tue, 23 Aug 2022 16:15:25 GMT[\r][\n]"
2022-08-23 16:15:25,936 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "Server: AmazonS3[\r][\n]"
2022-08-23 16:15:25,937 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "Connection: close[\r][\n]"
2022-08-23 16:15:25,937 [JUnit-testJobSubmissionCollectsTokens[0]] DEBUG http.wire (Wire.java:wire(73)) - http-outgoing-7 << "[\r][\n]"

I've also tried adding this to my auth-keys, which likewise does not work:

<property>
  <name>fs.s3a.bucket.landsat-pds.aws.credentials.provider</name>
  <value>org.apache.hadoop.fs.s3a.AnonymousAWSCredentialsProvider</value>
</property>

I've seen mention in HADOOP-13551 and HADOOP-18340 that folks have run into similar issues with this test, although I haven't been able to determine what, if anything, was done to correct it.

dannycjones · 2022-08-23T16:45:53Z

Unfortunately, the errors can be a bit vague for S3 HeadObject (used by getFileStatus). There was a similar issue when the credentials had expired in HADOOP-18353.

...
Authorization: AWS4-HMAC-SHA256 Credential=<redacted>/20220823/us-east-1/s3/aws4_request
...

The signature is signed for us-east-1, but the landsat-pds bucket is in us-west-2. Do you have fs.s3a.endpoint.region set? If so, try adding the following to your auth-keys.xml:

<property>
  <name>fs.s3a.bucket.landsat-pds.endpoint.region</name>
  <value>us-west-2</value>
</property>

If this is the root cause, we may need to consider resetting this configuration for all public data set tests if the bucket was not reconfigured.

jmahonin · 2022-08-23T17:40:13Z

Thanks @dannycjones, that did it!

All integration tests have now passed in this PR.

I was indeed using us-east-1 in fs.s3a.endpoint.region, which would explain the issue. Might make sense to add some additional instructions in hadoop-aws/testing.md under Testing against different regions. I can include that as part of this PR, or file a separate one.

steveloughran · 2022-08-24T09:54:12Z

need to fix hadoop-tools/hadoop-aws/src/test/resources/core-site.xml ; it is set there

…ther regions are set

jmahonin · 2022-08-24T16:00:20Z

Specifying us-west-2 for both landsat-pds and usgs-landsat allowed my tests to pass with my the various region settings in auth-keys.xml set to us-east-1.

There is an issue with ITestS3ABucketExistence#testAccessPointProbingV2,testAccessPointRequired when using another region.

[ERROR] testAccessPointProbingV2(org.apache.hadoop.fs.s3a.ITestS3ABucketExistence)  Time elapsed: 10.476 s  <<< ERROR!
java.lang.IllegalArgumentException: The region field of the ARN being passed as a bucket parameter to an S3 operation does not match the region the client was configured with. Provided region: 'eu-west-1'; client region: 'us-east-1'.
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.lambda$testAccessPointProbingV2$12(ITestS3ABucketExistence.java:172)
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.expectUnknownStore(ITestS3ABucketExistence.java:103)
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.testAccessPointProbingV2(ITestS3ABucketExistence.java:171)

[ERROR] testAccessPointRequired(org.apache.hadoop.fs.s3a.ITestS3ABucketExistence)  Time elapsed: 0.889 s  <<< ERROR!
java.lang.IllegalArgumentException: The region field of the ARN being passed as a bucket parameter to an S3 operation does not match the region the client was configured with. Provided region: 'eu-west-1'; client region: 'us-east-1'.
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.lambda$testAccessPointRequired$14(ITestS3ABucketExistence.java:189)
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.expectUnknownStore(ITestS3ABucketExistence.java:103)
	at org.apache.hadoop.fs.s3a.ITestS3ABucketExistence.testAccessPointRequired(ITestS3ABucketExistence.java:188)

Commenting out my region settings allows these tests to pass, however.

hadoop-yetus · 2022-08-24T16:45:32Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 2s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+0 🆗	markdownlint	0m 1s		markdownlint was not available.
+0 🆗	xmllint	0m 1s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	39m 30s		trunk passed
+1 💚	compile	0m 53s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 48s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 46s		trunk passed
+1 💚	mvnsite	0m 52s		trunk passed
+1 💚	javadoc	0m 36s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 38s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 21s		trunk passed
-1 ❌	shadedclient	2m 32s		branch has errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 39s		the patch passed
+1 💚	compile	0m 38s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 38s		the patch passed
+1 💚	compile	0m 31s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 31s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 22s		the patch passed
+1 💚	mvnsite	0m 37s		the patch passed
+1 💚	javadoc	0m 20s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 31s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 14s		the patch passed
-1 ❌	shadedclient	2m 5s		patch has errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	3m 1s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 40s		The patch does not generate ASF License warnings.
		60m 44s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/3/artifact/out/Dockerfile
GITHUB PR	#4753
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint xmllint
uname	Linux cea56b748b9e 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `a00586c`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/3/testReport/
Max. process+thread count	272 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/3/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

hadoop-yetus · 2022-08-24T17:00:36Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 8s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 1s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	markdownlint	0m 0s		markdownlint was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	40m 43s		trunk passed
+1 💚	compile	0m 54s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 46s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 47s		trunk passed
+1 💚	mvnsite	0m 56s		trunk passed
+1 💚	javadoc	0m 47s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 39s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 34s		trunk passed
-1 ❌	shadedclient	2m 48s		branch has errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 39s		the patch passed
+1 💚	compile	0m 44s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 44s		the patch passed
+1 💚	compile	0m 35s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 35s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 25s		the patch passed
+1 💚	mvnsite	0m 41s		the patch passed
+1 💚	javadoc	0m 23s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 30s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 11s		the patch passed
-1 ❌	shadedclient	2m 3s		patch has errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	2m 52s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 38s		The patch does not generate ASF License warnings.
		63m 4s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/4/artifact/out/Dockerfile
GITHUB PR	#4753
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint xmllint
uname	Linux 44800ade0261 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `176a7f1`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/4/testReport/
Max. process+thread count	264 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/4/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

steveloughran

thanks for the region option, we need to change the endpoint to match, don't we? at the very least, it saves a http request

steveloughran · 2022-08-25T10:02:00Z

hadoop-tools/hadoop-aws/src/test/resources/core-site.xml

@@ -38,6 +38,11 @@
    <description>The endpoint for s3a://landsat-pds URLs</description>
  </property>

+  <property>


can you change the endpoint property above to match?

hadoop-yetus · 2022-08-25T17:54:12Z

🎊 +1 overall

BDF1

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 58s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	markdownlint	0m 0s		markdownlint was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+1 💚	mvninstall	37m 56s		trunk passed
+1 💚	compile	0m 54s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	compile	0m 54s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	checkstyle	0m 45s		trunk passed
+1 💚	mvnsite	0m 56s		trunk passed
+1 💚	javadoc	0m 39s		trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 42s		trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 29s		trunk passed
+1 💚	shadedclient	21m 3s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 40s		the patch passed
+1 💚	compile	0m 43s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javac	0m 43s		the patch passed
+1 💚	compile	0m 37s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	0m 37s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 23s		the patch passed
+1 💚	mvnsite	0m 38s		the patch passed
+1 💚	javadoc	0m 19s		the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1
+1 💚	javadoc	0m 28s		the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	spotbugs	1m 14s		the patch passed
+1 💚	shadedclient	20m 34s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	3m 0s		hadoop-aws in the patch passed.
+1 💚	asflicense	0m 43s		The patch does not generate ASF License warnings.
		96m 50s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/5/artifact/out/Dockerfile
GITHUB PR	#4753
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets markdownlint xmllint
uname	Linux 2ce4a0aaf86b 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `ddd85fb`
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/5/testReport/
Max. process+thread count	662 (vs. ulimit of 5500)
modules	C: hadoop-tools/hadoop-aws U: hadoop-tools/hadoop-aws
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4753/5/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

jmahonin · 2022-09-12T13:10:05Z

Is there anything left to do on this PR @steveloughran ?

HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add

5afe1ed

steveloughran requested changes Aug 18, 2022

View reviewed changes

Fix test and adjust troubleshooting docs

7e12347

jmahonin added 2 commits August 24, 2022 11:42

Set the landsat-pds region to be us-west-2 to assist in tests where o…

a00586c

…ther regions are set

Also specify the region for usgs-landsat

176a7f1

steveloughran requested changes Aug 25, 2022

View reviewed changes

Adjust endpoints for usgs-landsat and landsat-pds

ddd85fb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add #4753

HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add #4753

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add #4753

Are you sure you want to change the base?

HADOOP-16806: AWS AssumedRoleCredentialProvider needs ExternalId add #4753

Conversation

Description of PR

How was this patch tested?

For code changes:

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!