Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
0.17.1, 2.0.2-alpha
-
None
-
Reviewed
-
Allows userinfo component of URI authority to contain a slash (escaped as %2F). Especially useful for accessing AWS S3 with distcp or hadoop fs.
Description
When using URLs of the form s3://ID:SECRET@BUCKET/ at the command line, distcp fails if the SECRET contains a slash, even when the slash is URL-encoded as %2F.
Say your AWS Access Key ID is RYWX12N9WCY42XVOL8WH
And your AWS Secret Key is Xqj1/NMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv
And your bucket is called "mybucket"
You can URL-encode the Secret KKey as Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv
But this doesn't work:
$ bin/hadoop distcp file:///source s3://RYWX12N9WCY42XVOL8WH:Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv@mybucket/dest 08/07/09 15:05:22 INFO util.CopyFiles: srcPaths=[file:///source] 08/07/09 15:05:22 INFO util.CopyFiles: destPath=s3://RYWX12N9WCY42XVOL8WH:Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv@mybucket/dest 08/07/09 15:05:23 WARN httpclient.RestS3Service: Unable to access bucket: mybucket org.jets3t.service.S3ServiceException: S3 HEAD request failed. ResponseCode=403, ResponseMessage=Forbidden at org.jets3t.service.impl.rest.httpclient.RestS3Service.performRequest(RestS3Service.java:339) ... With failures, global counters are inaccurate; consider running with -i Copy failed: org.apache.hadoop.fs.s3.S3Exception: org.jets3t.service.S3ServiceException: S3 PUT failed. XML Error Message: <?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> at org.apache.hadoop.fs.s3.Jets3tFileSystemStore.createBucket(Jets3tFileSystemStore.java:141) ...
Attachments
Attachments
Issue Links
- breaks
-
HADOOP-14439 regression: secret stripping from S3x URIs breaks some downstream code
- Resolved
-
HADOOP-13287 TestS3ACredentials#testInstantiateFromURL fails if AWS secret key contains '+'.
- Resolved
-
HADOOP-14114 S3A can no longer handle unencoded + in URIs
- Resolved
-
SPARK-20799 Unable to infer schema for ORC/Parquet on S3N when secrets are in the URL
- Closed
- is depended upon by
-
HADOOP-11694 Über-jira: S3a phase II: robustness, scale and performance
- Resolved
- is duplicated by
-
HADOOP-10511 s3n:// incorrectly handles URLs with secret keys that contain a slash
- Resolved
-
HADOOP-14022 S3 connections fails if in-URI AWS secret key contains '+' and '/' both
- Resolved
- is related to
-
HADOOP-14833 Remove s3a user:secret authentication
- Resolved
-
HDFS-13 filenames with ':' colon throws java.lang.IllegalArgumentException
- Resolved