[DOC] Repository GCS ADC not supported #33238
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
albertzaharovits
added
>docs
|
Pinging @elastic/es-distributed |
lcawl
reviewed
Aug 29, 2018
docs/plugins/repository-gcs.asciidoc
Outdated
| creation time, when "Storage" access can be configured to "Read/Write" permission. Check your | ||
| instance details at the section "Cloud API access scopes". | ||
| The plugin needs to authenticate the requests it is making to the Google Cloud | ||
| Storage service. In this respect, it is common for google client libraries |
There was a problem hiding this comment.
I think "google" should probably be capitalized here too.
lcawl
approved these changes
Aug 30, 2018
|
Thank you Lisa, looking neat ❤️ |
albertzaharovits
added a commit
that referenced
this pull request
Aug 30, 2018
Make it clear that automatic default credentials (ADC) is not supported for the repository-gcs plugin. "Service Account" method is the only alternative to authn requests to Google Cloud Storage.
albertzaharovits
added a commit
that referenced
this pull request
Aug 30, 2018
Make it clear that automatic default credentials (ADC) is not supported for the repository-gcs plugin. "Service Account" method is the only alternative to authn requests to Google Cloud Storage.
dnhatn
added a commit
that referenced
this pull request
Sep 1, 2018
* 6.x: Mute test watcher usage stats output [Rollup] Fix FullClusterRestart test TEST: Disable soft-deletes in ParentChildTestCase TEST: Disable randomized soft-deletes settings Integrates soft-deletes into Elasticsearch (#33222) drop `index.shard.check_on_startup: fix` (#32279) Fix AwaitsFix issue number Mute SmokeTestWatcherWithSecurityIT testsi [DOCS] Moves ml folder from x-pack/docs to docs (#33248) TEST: mute more SmokeTestWatcherWithSecurityIT tests [DOCS] Move rollup APIs to docs (#31450) [DOCS] Rename X-Pack Commands section (#33005) Fixes SecurityIntegTestCase so it always adds at least one alias (#33296) TESTS: Fix Random Fail in MockTcpTransportTests (#33061) (#33307) MINOR: Remove Dead Code from PathTrie (#33280) (#33306) Fix pom for build-tools (#33300) Lazy evaluate java9home (#33301) SQL: test coverage for JdbcResultSet (#32813) Work around to be able to generate eclipse projects (#33295) Different handling for security specific errors in the CLI. Fix for #33230 (#33255) [ML] Refactor delimited file structure detection (#33233) SQL: Support multi-index format as table identifier (#33278) Enable forbiddenapis server java9 (#33245) [MUTE] SmokeTestWatcherWithSecurityIT flaky tests Add region ISO code to GeoIP Ingest plugin (#31669) (#33276) Don't be strict for 6.x Update serialization versions for custom IndexMetaData backport Replace IndexMetaData.Custom with Map-based custom metadata (#32749) Painless: Fix Bindings Bug (#33274) SQL: prevent duplicate generation for repeated aggs (#33252) TEST: Mute testMonitorClusterHealth Fix serialization of empty field capabilities response (#33263) Fix nested _source retrieval with includes/excludes (#33180) [DOCS] TLS file resources are reloadable (#33258) Watcher: Ensure TriggerEngine start replaces existing watches (#33157) Ignore module-info in jar hell checks (#33011) Fix docs build after #33241 [DOC] Repository GCS ADC not supported (#33238) Upgrade to latest Gradle 4.10 (#32801) Fix/30904 cluster formation part2 (#32877) Move file-based discovery to core (#33241) HLRC: add client side RefreshPolicy (#33209) [Kerberos] Add unsupported languages for tests (#33253) Watcher: Reload properly on remote shard change (#33167) Fix classpath security checks for external tests. (#33066) [Rollup] Only allow aggregating on multiples of configured interval (#32052) Added deprecation warning for rescore in scroll queries (#33070) Apply settings filter to get cluster settings API (#33247) [Rollup] Re-factor Rollup Indexer into a generic indexer for re-usability (#32743) HLRC: create base timed request class (#33216) HLRC: Use Optional in validation logic (#33104) Painless: Add Bindings (#33042)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ADC - Application Default Credentials
For the repository gcs plugin we use Google Cloud Client Library for Java for the communication with the storage service.
For authenticating the calls, common to most other google client libraries, this library uses another library https://github.com/google/google-auth-library-java that is designed to do it's job seamlessly when the client is run in a google environment, such as Compute Engine, Kubernetes Engine or App Engine. Specifically, it checks environment variables and searches predefined file paths for plain text credential files; details are here.
This "automatic" discovery is not compatible with the Java security manager. It does not work (generates a warning) and it had not worked for some time now, although the docs said otherwise. This PR rectifies the docs.
Closes #23992