-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[s3-repository] Don't fail if there no symlink for AWS Web Identity Token #84697
[s3-repository] Don't fail if there no symlink for AWS Web Identity Token #84697
Conversation
Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system.
Pinging @elastic/es-distributed (Team:Distributed) |
Hi @arteam, I've created a changelog YAML for you. |
} | ||
if (Files.isReadable(webIdentityTokenFileSymlink) == false) { | ||
throw new IllegalStateException("Unable to read a Web Identity Token symlink in the config directory"); | ||
LOGGER.warn("Unable to read a Web Identity Token symlink in the config directory"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this stage the user has configured the env var and created a symlink that should point to it, but we can't read it. To me we should fail here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are reports from users who have this environment variable configured, but they do not want to use it (and configure a symlink) and prefer to use static credentials (#52625 (comment)).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but I left comments to address
modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java
Outdated
Show resolved
Hide resolved
modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java
Outdated
Show resolved
Hide resolved
…ries/s3/S3Service.java Co-authored-by: Tanguy Leroux <[email protected]>
…ries/s3/S3Service.java Co-authored-by: Tanguy Leroux <[email protected]>
Thanks Tanguy! |
…oken (elastic#84697) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See elastic#52625 (comment) (cherry picked from commit d965595)
…oken (elastic#84697) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See elastic#52625 (comment) (cherry picked from commit d965595)
…oken (#84697) (#84824) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See #52625 (comment) (cherry picked from commit d965595)
…oken (#84697) (#84825) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See #52625 (comment)
Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system.
See #52625 (comment)