Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.11] Set region for the STS client via privileged calls in AWS SDK (#102230) #102285

Merged
merged 1 commit into from Nov 16, 2023
Merged

[8.11] Set region for the STS client via privileged calls in AWS SDK (#102230) #102285

merged 1 commit into from Nov 16, 2023

Conversation

arteam
Copy link
Contributor

@arteam arteam commented Nov 16, 2023

Backports #102230 to 8.11

  • Set region for the STS client via privileged calls in AWS SDK

@arteam
Set region for the STS client via privileged calls in AWS SDK (elasti…
0a8665c 
…c#102230)

Unfortunately, `AWSSecurityTokenServiceClientBuilder#setRegion` is not just a setter on the builder. It looks up the region by its name which lazily initializes some regional configuration. As a result, the call with an access denied error, because the caller doesn't have permission to call `accessDeclaredMembers` in some Jackson internals.

This bug wasn't caught by the `CustomWebIdentityTokenCredentialsProviderTests#testSupportRegionalizedEndpoints` test because it's under with the test framework that does allow naked reflection calls.

We fix that in two ways:

*  Make sure withRegion call is privileged
*  Eagerly lookup region metadata in `S3Repository` 

Fixes elastic#102173
@arteam arteam added backport v8.11.2 >bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs auto-merge Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) labels Nov 16, 2023
@elasticsearchmachine elasticsearchmachine merged commit 8d559e5 into elastic:8.11 Nov 16, 2023
13 checks passed
@arteam arteam deleted the backport-102230-priviliged-calls-regions branch November 16, 2023 10:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs v8.11.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@arteam @elasticsearchmachine