Hide c.a.s.s.i.UseArnRegionResolver noise

[DaveCTurner]

A recent AWS SDK upgrade has introduced a new source of spurious WARN
logs when the security manager prevents access to the user's home
directory and therefore to $HOME/.aws/config. This is the behaviour we
want, and it's harmless and handled by the SDK as if the config doesn't
exist, so this log message is unnecessary noise. This commit suppresses
this noisy logging by default.

Relates #20313, #56346, #53962
Closes #62493

[elasticmachine]

Pinging @elastic/es-distributed (:Distributed/Snapshot/Restore)

[original-brownbear]

LGTM thanks David!

[sparrowt]

Sadly this is back, it would be great if #88133 could get in

[maggieghamry]

Just observed these errors in 8.12 logs as well

[stephane-klein]

@DaveCTurner same warning with 8.15.0 :

elasticsearch-1  | {"@timestamp":"2024-08-17T17:12:12.493Z", "log.level": "WARN", "message":"Unable to load config file null", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader","elasticsearch.node.name":"node-1","elasticsearch.cluster.name":"docker-cluster","error.type":"java.security.AccessControlException","error.message":"access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/.aws/config\" \"read\")","error.stack_trace":"java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/.aws/config\" \"read\")\n\tat java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:488)\n\tat java.base/java.security.AccessController.checkPermission(AccessController.java:1085)\n\tat java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)\n\tat java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:742)\n\tat java.base/java.io.File.exists(File.java:831)\n\tat com.amazonaws.profile.path.config.SharedConfigDefaultLocationProvider.getLocation(SharedConfigDefaultLocationProvider.java:36)\n\tat com.amazonaws.profile.path.AwsProfileFileLocationProviderChain.getLocation(AwsProfileFileLocationProviderChain.java:41)\n\tat com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader.getProfilesConfigFile(BasicProfileConfigFileLoader.java:69)\n\tat com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader.getProfile(BasicProfileConfigFileLoader.java:55)\n\tat com.amazonaws.retry.internal.RetryModeResolver.profile(RetryModeResolver.java:103)\n\tat com.amazonaws.retry.internal.RetryModeResolver.resolveRetryMode(RetryModeResolver.java:89)\n\tat com.amazonaws.retry.internal.RetryModeResolver.<init>(RetryModeResolver.java:55)\n\tat com.amazonaws.retry.internal.RetryModeResolver.<init>(RetryModeResolver.java:48)\n\tat com.amazonaws.retry.RetryPolicy.<clinit>(RetryPolicy.java:35)\n\tat com.amazonaws.retry.PredefinedRetryPolicies.<clinit>(PredefinedRetryPolicies.java:32)\n\tat com.amazonaws.ClientConfiguration.<clinit>(ClientConfiguration.java:89)\n\tat java.base/java.lang.Class.forName0(Native Method)\n\tat java.base/java.lang.Class.forName(Class.java:413)\n\tat java.base/java.lang.Class.forName(Class.java:404)\n\tat org.elasticsearch.repositories.s3.S3RepositoryPlugin.lambda$static$0(S3RepositoryPlugin.java:53)\n\tat java.base/java.security.AccessController.doPrivileged(AccessController.java:319)\n\tat org.elasticsearch.repositories.s3.S3RepositoryPlugin.<clinit>(S3RepositoryPlugin.java:47)\n\tat java.base/jdk.internal.misc.Unsafe.ensureClassInitialized0(Native Method)\n\tat java.base/jdk.internal.misc.Unsafe.ensureClassInitialized(Unsafe.java:1160)\n\tat java.base/jdk.internal.reflect.MethodHandleAccessorFactory.ensureClassInitialized(MethodHandleAccessorFactory.java:340)\n\tat java.base/jdk.internal.reflect.MethodHandleAccessorFactory.newConstructorAccessor(MethodHandleAccessorFactory.java:103)\n\tat java.base/jdk.internal.reflect.ReflectionFactory.newConstructorAccessor(ReflectionFactory.java:173)\n\tat java.base/java.lang.reflect.Constructor.acquireConstructorAccessor(Constructor.java:549)\n\tat java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)\n\tat java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486)\n\tat [email protected]/org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:681)\n\tat [email protected]/org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:531)\n\tat [email protected]/org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:295)\n\tat [email protected]/org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:165)\n\tat [email protected]/org.elasticsearch.node.NodeServiceProvider.newPluginService(NodeServiceProvider.java:55)\n\tat [email protected]/org.elasticsearch.node.NodeConstruction.createEnvironment(NodeConstruction.java:455)\n\tat [email protected]/org.elasticsearch.node.NodeConstruction.prepareConstruction(NodeConstruction.java:256)\n\tat [email protected]/org.elasticsearch.node.Node.<init>(Node.java:192)\n\tat [email protected]/org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:242)\n\tat [email protected]/org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:242)\n\tat [email protected]/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:76)\n"}

[DaveCTurner]

This log noise has been suppressed by the default logging config since 7.10.0, but if you are using a different logging config (including possibly a logging config from an older version) then you may see them still. The solution is to use the logging config that comes with the version you're running.

See these docs for detailed information about configuring logging in Elasticsearch. If you need further assistance, please ask on the forums.