Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract AWS Key from KeyChain instead of using potential null value #19560

Merged
merged 1 commit into from
Aug 4, 2016
Merged

Extract AWS Key from KeyChain instead of using potential null value #19560

merged 1 commit into from
Aug 4, 2016

Conversation

dadoonet
Copy link
Member

@dadoonet dadoonet commented Jul 22, 2016
edited
Loading

While I was working on #18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their elasticsearch.yml but rely on SysProps or env. variables...

In InternalAwsS3Service#getClient(...), we have:

        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);

But if people don't provide credentials, account is null.

Even if it actually could work, I think that we should use the AWSCredentialsProvider we create later on and extract from it the AWS key and then use it as the second value of the tuple.

Closes #19557.

@dadoonet dadoonet self-assigned this Jul 22, 2016
@dadoonet
Copy link
Member Author

@rjernst Could you look at this one please?

@dadoonet
Extract AWS Key from KeyChain instead of using potential null value
f8e0557 
While I was working on elastic#18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their `elasticsearch.yml` but rely on SysProps or env. variables...

In [`InternalAwsS3Service#getClient(...)`](https://github.com/elastic/elasticsearch/blob/d4366f8493ac8d2f7091404ffd346e4f3c0f9af9/plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java#L76-L141), we have:

```java
        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);
```

But if people don't provide credentials, `account` is `null`.

Even if it actually could work, I think that we should use the `AWSCredentialsProvider` we create later on and extract from it the `account` (AWS KEY actually) and then use it as the second value of the tuple.

Closes elastic#19557.
@dadoonet
Copy link
Member Author

dadoonet commented Aug 4, 2016

If nobody objects, I'll merge this PR next week.

@ywelsch
Copy link
Contributor

ywelsch commented Aug 4, 2016

LGTM

@dadoonet dadoonet merged commit f8e0557 into elastic:master Aug 4, 2016
@dadoonet dadoonet deleted the pr/19557-extract-aws-key branch August 4, 2016 16:09
@clintongormley clintongormley added :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs and removed :Plugin Repository S3 labels Feb 14, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dadoonet dadoonet

Labels
:Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs >enhancement v5.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dadoonet @ywelsch @clintongormley