Add tests

plugins/discovery-ec2/build.gradle

@@ -45,10 +45,9 @@ dependencyLicenses {
 test {
   // this is needed for insecure plugins, remove if possible!
   systemProperty 'tests.artifact', project.name
-  // this could be needed by AwsEc2ServiceImplTests#testAWSCredentialsWithSystemProviders()
+  // this is needed by AwsS3ServiceImplTests#testAWSCredentialsWithSystemProviders()
-  // As it's marked as Ignored for now, we can comment those
+  systemProperty 'aws.accessKeyId', 'DUMMY_ACCESS_KEY'
-  // systemProperty 'aws.accessKeyId', 'DUMMY_ACCESS_KEY'
+  systemProperty 'aws.secretKey', 'DUMMY_SECRET_KEY'
-  // systemProperty 'aws.secretKey', 'DUMMY_SECRET_KEY'
 }
 
 thirdPartyAudit.excludes = [

plugins/discovery-ec2/src/test/java/org/elasticsearch/cloud/aws/AwsEc2ServiceImplTests.java

@@ -23,22 +23,40 @@ import com.amazonaws.ClientConfiguration;
 import com.amazonaws.Protocol;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import com.amazonaws.util.StringUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.test.ESTestCase;
 
+import static com.amazonaws.SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.nullValue;
 
 public class AwsEc2ServiceImplTests extends ESTestCase {
 
-    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/19556")
     public void testAWSCredentialsWithSystemProviders() {
+        // Testing this is hard as it depends on the order of Credential Providers we have in the DefaultAWSCredentialsProviderChain class:
+        //     EnvironmentVariableCredentialsProvider:
+        //          Env vars: (AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY) and (AWS_SECRET_KEY or AWS_SECRET_ACCESS_KEY)
+        //     SystemPropertiesCredentialsProvider:
+        //          Sys props: aws.accessKeyId and aws.secretKey
+        //     ProfileCredentialsProvider: Profile file
+        //     InstanceProfileCredentialsProvider: EC2 Metadata
+        // We don't want to test all the behavior but just that when we don't provide any KEY/SECRET they
+        // will be loaded from the default chain using DefaultAWSCredentialsProviderChain
+
+        assumeFalse("Running test from the IDE does not work as system properties are eventually undefined",
+            StringUtils.isNullOrEmpty(System.getProperty(ACCESS_KEY_SYSTEM_PROPERTY)));
+
+        DefaultAWSCredentialsProviderChain providerChain = new DefaultAWSCredentialsProviderChain();
+        AWSCredentials expectedCredentials = providerChain.getCredentials();
+
         AWSCredentialsProvider credentialsProvider = AwsEc2ServiceImpl.buildCredentials(logger, Settings.EMPTY);
 
         AWSCredentials credentials = credentialsProvider.getCredentials();
-        assertThat(credentials.getAWSAccessKeyId(), is("DUMMY_ACCESS_KEY"));
+        assertThat(credentials.getAWSAccessKeyId(), is(expectedCredentials.getAWSAccessKeyId()));
-        assertThat(credentials.getAWSSecretKey(), is("DUMMY_SECRET_KEY"));
+        assertThat(credentials.getAWSSecretKey(), is(expectedCredentials.getAWSSecretKey()));
     }
 
     public void testAWSCredentialsWithElasticsearchAwsSettings() {

plugins/repository-s3/build.gradle

@@ -51,10 +51,9 @@ dependencyLicenses {
 test {
   // this is needed for insecure plugins, remove if possible!
   systemProperty 'tests.artifact', project.name
-  // this could be needed by AwsS3ServiceImplTests#testAWSCredentialsWithSystemProviders()
+  // this is needed by AwsS3ServiceImplTests#testAWSCredentialsWithSystemProviders()
-  // As it's marked as Ignored for now, we can comment those
+  systemProperty 'aws.accessKeyId', 'DUMMY_ACCESS_KEY'
-  // systemProperty 'aws.accessKeyId', 'DUMMY_ACCESS_KEY'
+  systemProperty 'aws.secretKey', 'DUMMY_SECRET_KEY'
-  // systemProperty 'aws.secretKey', 'DUMMY_SECRET_KEY'
 }
 
 thirdPartyAudit.excludes = [

plugins/repository-s3/src/test/java/org/elasticsearch/cloud/aws/AwsS3ServiceImplTests.java

@@ -23,22 +23,49 @@ import com.amazonaws.ClientConfiguration;
 import com.amazonaws.Protocol;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
+import com.amazonaws.auth.InstanceProfileCredentialsProvider;
+import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
+import com.amazonaws.auth.profile.ProfileCredentialsProvider;
+import com.amazonaws.util.StringUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.repositories.s3.S3Repository;
 import org.elasticsearch.test.ESTestCase;
 
+import static com.amazonaws.SDKGlobalConfiguration.ACCESS_KEY_ENV_VAR;
+import static com.amazonaws.SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY;
+import static com.amazonaws.SDKGlobalConfiguration.ALTERNATE_ACCESS_KEY_ENV_VAR;
+import static com.amazonaws.SDKGlobalConfiguration.ALTERNATE_SECRET_KEY_ENV_VAR;
+import static com.amazonaws.SDKGlobalConfiguration.SECRET_KEY_ENV_VAR;
+import static com.amazonaws.SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
 public class AwsS3ServiceImplTests extends ESTestCase {
 
-    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/19556")
     public void testAWSCredentialsWithSystemProviders() {
+        // Testing this is hard as it depends on the order of Credential Providers we have in the DefaultAWSCredentialsProviderChain class:
+        //     EnvironmentVariableCredentialsProvider:
+        //          Env vars: (AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY) and (AWS_SECRET_KEY or AWS_SECRET_ACCESS_KEY)
+        //     SystemPropertiesCredentialsProvider:
+        //          Sys props: aws.accessKeyId and aws.secretKey
+        //     ProfileCredentialsProvider: Profile file
+        //     InstanceProfileCredentialsProvider: EC2 Metadata
+        // We don't want to test all the behavior but just that when we don't provide any KEY/SECRET they
+        // will be loaded from the default chain using DefaultAWSCredentialsProviderChain
+
+        assumeFalse("Running test from the IDE does not work as system properties are eventually undefined",
+            StringUtils.isNullOrEmpty(System.getProperty(ACCESS_KEY_SYSTEM_PROPERTY)));
+
+        DefaultAWSCredentialsProviderChain providerChain = new DefaultAWSCredentialsProviderChain();
+        AWSCredentials expectedCredentials = providerChain.getCredentials();
+
         AWSCredentialsProvider credentialsProvider = InternalAwsS3Service.buildCredentials(logger, "", "");
 
         AWSCredentials credentials = credentialsProvider.getCredentials();
-        assertThat(credentials.getAWSAccessKeyId(), is("DUMMY_ACCESS_KEY"));
+        assertThat(credentials.getAWSAccessKeyId(), is(expectedCredentials.getAWSAccessKeyId()));
-        assertThat(credentials.getAWSSecretKey(), is("DUMMY_SECRET_KEY"));
+        assertThat(credentials.getAWSSecretKey(), is(expectedCredentials.getAWSSecretKey()));
     }
 
     public void testAWSCredentialsWithElasticsearchAwsSettings() {