Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extract AWS Key from KeyChain instead of using potential null value #19560

Merged
merged 1 commit into from Aug 4, 2016

Conversation

Projects
None yet
3 participants
@dadoonet
Copy link
Member

commented Jul 22, 2016

While I was working on #18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their elasticsearch.yml but rely on SysProps or env. variables...

In InternalAwsS3Service#getClient(...), we have:

        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);

But if people don't provide credentials, account is null.

Even if it actually could work, I think that we should use the AWSCredentialsProvider we create later on and extract from it the AWS key and then use it as the second value of the tuple.

Closes #19557.

@dadoonet

This comment has been minimized.

Copy link
Member Author

commented Jul 22, 2016

@rjernst Could you look at this one please?

Extract AWS Key from KeyChain instead of using potential null value
While I was working on #18703, I discovered a bad behavior when people don't provide AWS key/secret as part as their `elasticsearch.yml` but rely on SysProps or env. variables...

In [`InternalAwsS3Service#getClient(...)`](https://github.com/elastic/elasticsearch/blob/d4366f8493ac8d2f7091404ffd346e4f3c0f9af9/plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java#L76-L141), we have:

```java
        Tuple<String, String> clientDescriptor = new Tuple<>(endpoint, account);
        AmazonS3Client client = clients.get(clientDescriptor);
```

But if people don't provide credentials, `account` is `null`.

Even if it actually could work, I think that we should use the `AWSCredentialsProvider` we create later on and extract from it the `account` (AWS KEY actually) and then use it as the second value of the tuple.

Closes #19557.

@dadoonet dadoonet force-pushed the dadoonet:pr/19557-extract-aws-key branch to f8e0557 Jul 28, 2016

@dadoonet

This comment has been minimized.

Copy link
Member Author

commented Aug 4, 2016

If nobody objects, I'll merge this PR next week.

@ywelsch

This comment has been minimized.

Copy link
Contributor

commented Aug 4, 2016

LGTM

@dadoonet dadoonet merged commit f8e0557 into elastic:master Aug 4, 2016

2 checks passed

CLA Commit author is a member of Elasticsearch
Details
elasticsearch-ci Build finished.
Details

@dadoonet dadoonet deleted the dadoonet:pr/19557-extract-aws-key branch Aug 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.