ECS Task IAM profile credentials ignored in repository-s3 plugin #31864
Conversation
vladimirdolzhenko
added
the
:Distributed Coordination/Snapshot/Restore
|
Pinging @elastic/es-distributed |
|
We discussed this and, as per #26913 (comment), think that the However I think we shouldn't proceed here without a bit more testing: specifically, that we do correctly get the credentials from the metadata services. I think we can extend |
vladimirdolzhenko
force-pushed
the
26913
branch
2 times, most recently
from
615da59
to
225aaf7
Compare
vladimirdolzhenko
requested review from
alpar-t and
DaveCTurner
and removed request for
tlrx
|
@DaveCTurner @atorok this PR extends #31918 - environment variable has to be specified to redirect ECS to custom endpoint |
plugins/repository-s3/build.gradle
Outdated
| @@ -302,8 +320,13 @@ task s3Fixture(type: AntFixture) { | |||
| env 'S3FIXTURE_TEMPORARY_KEY', "${s3TemporaryAccessKey}" | |||
| env 'S3FIXTURE_TEMPORARY_SESSION_TOKEN', "${s3TemporarySessionToken}" | |||
| env 'S3FIXTURE_EC2_BUCKET_NAME', "${s3EC2Bucket}" | |||
| env 'S3FIXTURE_EC2_CREDENTIALS', "${s3EC2Credentials}" | |||
There was a problem hiding this comment.
There's no need for a Gstring here, could have used the s3EC2Credentials variable directly.
There was a problem hiding this comment.
good spot - thanks @atorok 👍
vladimirdolzhenko
force-pushed
the
26913
branch
3 times, most recently
from
7b74e13
to
e065261
Compare
|
@DaveCTurner could you pls have a look - it is ready for review as #31918 is merged to master |
DaveCTurner
dismissed
alpar-t’s stale review
Substantial changes, and a rebase, since this review was given. Please could you look again?
|
@DaveCTurner sorry for the rebase - it was really huge number of changes that this PR is based on |
|
LGTM I don't think we can do better for now. |
|
thanks @DaveCTurner and @atorok for the review |
* master: Painless: Simplify Naming in Lookup Package (#32177) Handle missing values in painless (#32207) add support for write index resolution when creating/updating documents (#31520) ECS Task IAM profile credentials ignored in repository-s3 plugin (#31864) Remove indication of future multi-homing support (#32187) Rest test - allow for snapshots to take 0 milliseconds Make x-pack-core generate a pom file Rest HL client: Add put watch action (#32026) Build: Remove pom generation for plugin zip files (#32180) Fix comments causing errors with Java 11 Fix rollup on date fields that don't support epoch_millis (#31890) Detect and prevent configuration that triggers a Gradle bug (#31912) [test] port linux package packaging tests (#31943) Revert "Introduce a Hashing Processor (#31087)" (#32178) Remove empty @return from JavaDoc Adjust SSLDriver behavior for JDK11 changes (#32145) [test] use randomized runner in packaging tests (#32109) Add support for field aliases. (#32172) Painless: Fix caching bug and clean up addPainlessClass. (#32142) Call setReferences() on custom referring tokenfilters in _analyze (#32157) Fix BwC Tests looking for UUID Pre 6.4 (#32158) Improve docs for search preferences (#32159) use before instead of onOrBefore Add more contexts to painless execute api (#30511) Add EC2 credential test for repository-s3 (#31918) A replica can be promoted and started in one cluster state update (#32042) Fix Java 11 javadoc compile problem Fix CP for namingConventions when gradle home has spaces (#31914) Fix `range` queries on `_type` field for singe type indices (#31756) [DOCS] Update TLS on Docker for 6.3 (#32114) ESIndexLevelReplicationTestCase doesn't support replicated failures but it's good to know what they are Remove versionType from translog (#31945) Switch distribution to new style Requests (#30595) Build: Skip jar tests if jar disabled Painless: Add PainlessClassBuilder (#32141) Build: Make additional test deps of check (#32015) Disable C2 from using AVX-512 on JDK 10 (#32138) Build: Move shadow customizations into common code (#32014) Painless: Fix Bug with Duplicate PainlessClasses (#32110) Remove empty @param from Javadoc Re-disable packaging tests on suse boxes Docs: Fix missing example script quote (#32010) [ML] Wait for aliases in multi-node tests (#32086) [ML] Move analyzer dependencies out of categorization config (#32123) Ensure to release translog snapshot in primary-replica resync (#32045) Handle TokenizerFactory TODOs (#32063) Relax TermVectors API to work with textual fields other than TextFieldType (#31915) Updates the build to gradle 4.9 (#32087) Mute :qa:mixed-cluster indices.stats/10_index/Index - all’ Check that client methods match API defined in the REST spec (#31825) Enable testing in FIPS140 JVM (#31666) Fix put mappings java API documentation (#31955) Add exclusion option to `keep_types` token filter (#32012) [Test] Modify assert statement for ssl handshake (#32072)
ECS Task IAM profile credentials ignored in repository-s3 plugin
Closes #26913
Based on PR #31918
EC2ContainerCredentialsProviderWrapper- utilises IAM role for a task - both relative tohttp://169.254.170.2and absolute + fail over toInstanceProfileCredentialsProviderthat is currently in use.provider relies on environment variables common to containers