honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-24 17:09:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

S3 Repository: Remove env var and sysprop credentials support (#22842)

Browse Source 
These are deprecated in 5.x. This commit removes support for them in 6.0.
This commit is contained in:
Ryan Ernst 2017-01-27 13:43:16 -08:00 committed by GitHub
parent e946ec0c33
commit c921bebc4a
5 changed files with 8 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/reference/migration/migrate_6_0/plugins.asciidoc
View File

@ -5,3 +5,9 @@
* The mapper attachments plugin has been deprecated in elasticsearch 5.0 and is now removed.
You can use {plugins}/ingest-attachment.html[ingest attachment plugin] instead.
==== S3 Repository plugin
* Support for specifying s3 credentials through environment variables and
system properties has been removed. Use the `elasticsearch-keystore` tool
to securely store the credentials.

17
plugins/repository-s3/build.gradle
View File

@ -54,23 +54,6 @@ bundlePlugin {
}
}
additionalTest('testEnvCreds'){
include '**/EnvironmentCredentialsTests.class'
environment 'AWS_ACCESS_KEY_ID', 'env_access'
environment 'AWS_SECRET_ACCESS_KEY', 'env_secret'
}
additionalTest('testSyspropCreds'){
include '**/SyspropCredentialsTests.class'
systemProperty 'aws.accessKeyId', 'sysprop_access'
systemProperty 'aws.secretKey', 'sysprop_secret'
}
test {
// these are tested explicitly in separate test tasks
exclude '**/*CredentialsTests.class'
}
thirdPartyAudit.excludes = [
// classes are missing
'javax.servlet.ServletContextEvent',

37
plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java
View File

@ -25,12 +25,9 @@ import java.util.function.Function;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
import com.amazonaws.http.IdleConnectionReaper;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.services.s3.AmazonS3;
@ -151,21 +148,8 @@ public class InternalAwsS3Service extends AbstractLifecycleComponent implements
S3Repository.Repository.SECRET_SETTING, S3Repository.Repositories.SECRET_SETTING)) {
if (key.length() == 0 && secret.length() == 0) {
// create a "manual" chain of providers here, so we can log deprecation of unsupported methods
AWSCredentials envCredentials = getDeprecatedCredentials(logger, deprecationLogger,
new EnvironmentVariableCredentialsProvider(), "environment variables");
if (envCredentials != null) {
credentials = new StaticCredentialsProvider(envCredentials);
} else {
AWSCredentials syspropCredentials = getDeprecatedCredentials(logger, deprecationLogger,
new SystemPropertiesCredentialsProvider(), "system properties");
if (syspropCredentials != null) {
credentials = new StaticCredentialsProvider(syspropCredentials);
} else {
logger.debug("Using instance profile credentials");
credentials = new InstanceProfileCredentialsProvider();
}
}
logger.debug("Using instance profile credentials");
credentials = new InstanceProfileCredentialsProvider();
} else {
logger.debug("Using basic key/secret credentials");
credentials = new StaticCredentialsProvider(new BasicAWSCredentials(key.toString(), secret.toString()));
@ -175,23 +159,6 @@ public class InternalAwsS3Service extends AbstractLifecycleComponent implements
return credentials;
}
/** Return credentials from the given provider, or null if full credentials are not available */
private static AWSCredentials getDeprecatedCredentials(Logger logger, DeprecationLogger deprecationLogger,
AWSCredentialsProvider provider, String description) {
try {
AWSCredentials credentials = provider.getCredentials();
if (credentials.getAWSAccessKeyId() != null && credentials.getAWSSecretKey() != null) {
logger.debug("Using " + description + " credentials");
deprecationLogger.deprecated("Supplying S3 credentials through " + description + " is deprecated. " +
"See the breaking changes lists in the documentation for details.");
return credentials;
}
} catch (Exception e) {
logger.debug("Failed to get aws credentials from " + description, e);
}
return null;
}
// pkg private for tests
/** Returns the endpoint the client should use, based on the available endpoint settings found. */
static String findEndpoint(Logger logger, Settings repositorySettings, Settings settings, String clientName) {

36
plugins/repository-s3/src/test/java/org/elasticsearch/cloud/aws/EnvironmentCredentialsTests.java
View File

@ -1,36 +0,0 @@
/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.elasticsearch.cloud.aws;
import com.amazonaws.auth.AWSCredentialsProvider;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
public class EnvironmentCredentialsTests extends ESTestCase {
public void test() {
AWSCredentialsProvider provider =
InternalAwsS3Service.buildCredentials(logger, deprecationLogger, Settings.EMPTY, Settings.EMPTY, "default");
// NOTE: env vars are setup by the test runner in gradle
assertEquals("env_access", provider.getCredentials().getAWSAccessKeyId());
assertEquals("env_secret", provider.getCredentials().getAWSSecretKey());
assertWarnings("Supplying S3 credentials through environment variables is deprecated");
}
}

35
plugins/repository-s3/src/test/java/org/elasticsearch/cloud/aws/SyspropCredentialsTests.java
View File

@ -1,35 +0,0 @@
/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.elasticsearch.cloud.aws;
import com.amazonaws.auth.AWSCredentialsProvider;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
public class SyspropCredentialsTests extends ESTestCase {
public void test() {
AWSCredentialsProvider provider =
InternalAwsS3Service.buildCredentials(logger, deprecationLogger, Settings.EMPTY, Settings.EMPTY, "default");
// NOTE: sys props are setup by the test runner in gradle
assertEquals("sysprop_access", provider.getCredentials().getAWSAccessKeyId());
assertEquals("sysprop_secret", provider.getCredentials().getAWSSecretKey());
assertWarnings("Supplying S3 credentials through system properties is deprecated");
}
}