Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extract AWS Key from KeyChain instead of using potential null value #19557

Closed
dadoonet opened this issue Jul 22, 2016 · 0 comments

Comments

Projects
None yet
2 participants
@dadoonet
Copy link
Member

commented Jul 22, 2016

While I was working on #18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their elasticsearch.yml but rely on SysProps or env. variables...

In InternalAwsS3Service#getClient(...), we have:

        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);

But if people don't provide credentials, account is null.

Even if it actually could work, I think that we should use the AWSCredentialsProvider we create later on and extract from it the account (AWS KEY actually) and then use it as the second value of the tuple.

@dadoonet dadoonet self-assigned this Jul 22, 2016

dadoonet added a commit to dadoonet/elasticsearch that referenced this issue Jul 28, 2016

Extract AWS Key from KeyChain instead of using potential null value
While I was working on elastic#18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their `elasticsearch.yml` but rely on SysProps or env. variables...

In [`InternalAwsS3Service#getClient(...)`](https://github.com/elastic/elasticsearch/blob/d4366f8493ac8d2f7091404ffd346e4f3c0f9af9/plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java#L76-L141), we have:

```java
        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);
```

But if people don't provide credentials, `account` is `null`.

Even if it actually could work, I think that we should use the `AWSCredentialsProvider` we create later on and extract from it the `account` (AWS KEY actually) and then use it as the second value of the tuple.

Closes elastic#19557.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.