Skip to content

Commit

Permalink
Upgrade AWS SDK v1 to v2 (opensearch-project#7372)
Browse files Browse the repository at this point in the history
* AWS SDK v2.
* Migrating com.amazonaws.sdk.ec2MetadataServiceEndpointOverride to aws.ec2MetadataServiceEndpoint per https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/migration-client-changes.html.
* Fetch host address for EC2 metadata service from SdkSettings.
* Deprecations of running with partial keys were removed in AWS SDK v2.
* Underscore is not a valid host name, thus URI.create doesn't treat it as a host.
* Added missing JARs, all tests pass.
* Setup a default AWS profile under config, don't read ~/.aws.
* Re-enable availability zone node attribute implementation.
* Cleaning up privileged calls using SocketAccess
* Consistently setup and teardown AWS settings in repository-s3.
* Using SdkException instead of RuntimeException in S3BlobContainer
* Removing AwsSessionCredentials object from S3BasicSesstionCredentials
* Removing S3BasicCredentials and S3BasicSessionCredentials

Signed-off-by: dblock <[email protected]>
Co-authored-by: Raghuvansh Raj <[email protected]>
  • Loading branch information
dblock and raghuvanshraj authored Jun 2, 2023
1 parent 5d5e8ad commit b15ffc9
Show file tree
Hide file tree
Showing 187 changed files with 10,379 additions and 2,373 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Bump `com.netflix.nebula:nebula-publishing-plugin` from 19.2.0 to 20.3.0
- Bump `com.diffplug.spotless` from 6.17.0 to 6.18.0
- Bump `io.opencensus:opencensus-api` from 0.18.0 to 0.31.1 ([#7291](https://github.com/opensearch-project/OpenSearch/pull/7291))
- Add `org.reactivestreams` 1.0.4 ([7372](https://github.com/opensearch-project/OpenSearch/pull/7372/))
- Add `com.github.luben:zstd-jni` version 1.5.5-3 ([#2996](https://github.com/opensearch-project/OpenSearch/pull/2996))
- OpenJDK Update (April 2023 Patch releases) ([#7344](https://github.com/opensearch-project/OpenSearch/pull/7344)
- Bump `com.amazonaws` 1.12.270 to `software.amazon.awssdk` 2.20.55 ([7372](https://github.com/opensearch-project/OpenSearch/pull/7372/))

### Changed
- [CCR] Add getHistoryOperationsFromTranslog method to fetch the history snapshot from translogs ([#3948](https://github.com/opensearch-project/OpenSearch/pull/3948))
Expand All @@ -53,6 +55,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Improve summary error message for invalid setting updates ([#4792](https://github.com/opensearch-project/OpenSearch/pull/4792))
- Reduce memory copy in zstd compression ([#7681](https://github.com/opensearch-project/OpenSearch/pull/7681))
- Add ZSTD compression for snapshotting ([#2996](https://github.com/opensearch-project/OpenSearch/pull/2996))
- Change `com.amazonaws.sdk.ec2MetadataServiceEndpointOverride` to `aws.ec2MetadataServiceEndpoint` ([7372](https://github.com/opensearch-project/OpenSearch/pull/7372/))
- Change `com.amazonaws.sdk.stsEndpointOverride` to `aws.stsEndpointOverride` ([7372](https://github.com/opensearch-project/OpenSearch/pull/7372/))

### Deprecated

Expand Down
3 changes: 2 additions & 1 deletion buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ commonslogging = 1.2
commonscodec = 1.15

# plugin dependencies
aws = 1.12.270
aws = 2.20.55
reactivestreams = 1.0.4

# when updating this version, you need to ensure compatibility with:
# - plugins/ingest-attachment (transitive dependency, check the upstream POM)
Expand Down
68 changes: 37 additions & 31 deletions plugins/discovery-ec2/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,32 @@ opensearchplugin {
}

dependencies {
api "com.amazonaws:aws-java-sdk-ec2:${versions.aws}"
api "com.amazonaws:aws-java-sdk-core:${versions.aws}"
api "software.amazon.awssdk:sdk-core:${versions.aws}"
api "software.amazon.awssdk:aws-core:${versions.aws}"
api "software.amazon.awssdk:utils:${versions.aws}"
api "software.amazon.awssdk:auth:${versions.aws}"
api "software.amazon.awssdk:ec2:${versions.aws}"
api "software.amazon.awssdk:http-client-spi:${versions.aws}"
api "software.amazon.awssdk:apache-client:${versions.aws}"
api "software.amazon.awssdk:regions:${versions.aws}"
api "software.amazon.awssdk:profiles:${versions.aws}"
api "software.amazon.awssdk:endpoints-spi:${versions.aws}"
api "software.amazon.awssdk:annotations:${versions.aws}"
api "software.amazon.awssdk:metrics-spi:${versions.aws}"
api "software.amazon.awssdk:json-utils:${versions.aws}"
api "software.amazon.awssdk:protocol-core:${versions.aws}"
api "software.amazon.awssdk:aws-query-protocol:${versions.aws}"
api "software.amazon.awssdk:aws-json-protocol:${versions.aws}"
api "software.amazon.awssdk:third-party-jackson-core:${versions.aws}"
api "org.apache.httpcomponents:httpclient:${versions.httpclient}"
api "org.apache.httpcomponents:httpcore:${versions.httpcore}"
api "commons-logging:commons-logging:${versions.commonslogging}"
api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
api "org.slf4j:slf4j-api:${versions.slf4j}"
api "commons-codec:commons-codec:${versions.commonscodec}"
api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
api "org.reactivestreams:reactive-streams:${versions.reactivestreams}"
}

restResources {
Expand All @@ -57,7 +74,7 @@ restResources {
}

tasks.named("dependencyLicenses").configure {
mapping from: /aws-java-sdk-.*/, to: 'aws-java-sdk'
mapping from: /software.amazon.awssdk-.*/, to: 'software.amazon.awssdk'
mapping from: /jackson-.*/, to: 'jackson'
}

Expand Down Expand Up @@ -90,15 +107,17 @@ tasks.register("writeTestJavaPolicy") {
" permission org.bouncycastle.crypto.CryptoServicesPermission \"exportSecretKey\";",
" permission org.bouncycastle.crypto.CryptoServicesPermission \"exportPrivateKey\";",
" permission java.io.FilePermission \"\${javax.net.ssl.trustStore}\", \"read\";",
" permission java.util.PropertyPermission \"com.amazonaws.sdk.ec2MetadataServiceEndpointOverride\", \"write\";",
" permission java.util.PropertyPermission \"aws.ec2MetadataServiceEndpoint\", \"write\";",
" permission java.io.FilePermission \"config\", \"read\";",
"};"
].join("\n")
)
} else {
javaPolicy.write(
[
"grant {",
" permission java.util.PropertyPermission \"com.amazonaws.sdk.ec2MetadataServiceEndpointOverride\", \"write\";",
" permission java.util.PropertyPermission \"aws.ec2MetadataServiceEndpoint\", \"write\";",
" permission java.io.FilePermission \"config\", \"read\";",
"};"
].join("\n"))
}
Expand All @@ -110,7 +129,7 @@ tasks.named("test").configure {
// this is needed for insecure plugins, remove if possible!
systemProperty 'tests.artifact', project.name

// Setting a custom policy to manipulate com.amazonaws.sdk.ec2MetadataServiceEndpointOverride system property
// Setting a custom policy to manipulate aws.ec2MetadataServiceEndpoint system property
// it is better rather disable security manager at all with `systemProperty 'tests.security.manager', 'false'`
if (BuildParams.inFipsJvm){
// Using the key==value format to override default JVM security settings and policy
Expand All @@ -128,30 +147,17 @@ tasks.named("check").configure {

tasks.named("thirdPartyAudit").configure {
ignoreMissingClasses(
// classes are missing
'javax.jms.Message',
'com.amazonaws.jmespath.JmesPathExpression',
'com.amazonaws.jmespath.ObjectMapperSingleton',
'software.amazon.ion.IonReader',
'software.amazon.ion.IonSystem',
'software.amazon.ion.IonType',
'software.amazon.ion.IonWriter',
'software.amazon.ion.Timestamp',
'software.amazon.ion.system.IonBinaryWriterBuilder',
'software.amazon.ion.system.IonSystemBuilder',
'software.amazon.ion.system.IonTextWriterBuilder',
'software.amazon.ion.system.IonWriterBuilder',
'javax.servlet.ServletContextEvent',
'javax.servlet.ServletContextListener',
'org.apache.avalon.framework.logger.Logger',
'org.apache.log.Hierarchy',
'org.apache.log.Logger'
'javax.jms.Message',
'javax.servlet.ServletContextEvent',
'javax.servlet.ServletContextListener',
'org.apache.avalon.framework.logger.Logger',
'org.apache.log.Hierarchy',
'org.apache.log.Logger',
'org.slf4j.impl.StaticLoggerBinder',
'org.slf4j.impl.StaticMDCBinder',
'org.slf4j.impl.StaticMarkerBinder',
'software.amazon.eventstream.HeaderValue',
'software.amazon.eventstream.Message',
'software.amazon.eventstream.MessageDecoder'
)

if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
ignoreMissingClasses(
'javax.xml.bind.DatatypeConverter',
'javax.xml.bind.JAXBContext'
)
}
}
10 changes: 5 additions & 5 deletions plugins/discovery-ec2/config/discovery-ec2/log4j2.properties
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@
# GitHub history for details.
#

logger.com_amazonaws.name = com.amazonaws
logger.com_amazonaws.name = software.amazon.awssdk
logger.com_amazonaws.level = warn

logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.name = com.amazonaws.jmx.SdkMBeanRegistrySupport
logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.name = software.amazon.awssdk.jmx.SdkMBeanRegistrySupport
logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.level = error

logger.com_amazonaws_metrics_AwsSdkMetrics.name = com.amazonaws.metrics.AwsSdkMetrics
logger.com_amazonaws_metrics_AwsSdkMetrics.name = software.amazon.awssdk.metrics.AwsSdkMetrics
logger.com_amazonaws_metrics_AwsSdkMetrics.level = error

logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.name = com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader
logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.name = software.amazon.awssdk.auth.profile.internal.BasicProfileConfigFileLoader
logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.level = error

logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.name = com.amazonaws.services.s3.internal.UseArnRegionResolver
logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.name = software.amazon.awssdk.services.s3.internal.UseArnRegionResolver
logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.level = error
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
330e9d0e5f2401fffba5afe30f3740f400e8308d
Loading

0 comments on commit b15ffc9

Please sign in to comment.