[s3-repository] Don't fail if there no symlink for AWS Web Identity Token #84697
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system.
arteam
added
>bug
:Distributed/Snapshot/Restore
|
Pinging @elastic/es-distributed (Team:Distributed) |
|
Hi @arteam, I've created a changelog YAML for you. |
arteam
changed the title
tlrx
reviewed
Mar 7, 2022
| } | ||
| if (Files.isReadable(webIdentityTokenFileSymlink) == false) { | ||
| throw new IllegalStateException("Unable to read a Web Identity Token symlink in the config directory"); | ||
| LOGGER.warn("Unable to read a Web Identity Token symlink in the config directory"); |
There was a problem hiding this comment.
At this stage the user has configured the env var and created a symlink that should point to it, but we can't read it. To me we should fail here
There was a problem hiding this comment.
There are reports from users who have this environment variable configured, but they do not want to use it (and configure a symlink) and prefer to use static credentials (#52625 (comment)).
tlrx
approved these changes
Mar 8, 2022
modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java
Outdated
Show resolved
Hide resolved
modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java
Outdated
Show resolved
Hide resolved
…ries/s3/S3Service.java Co-authored-by: Tanguy Leroux <[email protected]>
…ries/s3/S3Service.java Co-authored-by: Tanguy Leroux <[email protected]>
arteam
deleted the
do-not-fail-if-there-no-aws-web-identity-token-symlink
branch
|
Thanks Tanguy! |
arteam
added a commit
to arteam/elasticsearch
that referenced
this pull request
Mar 9, 2022
…oken (elastic#84697) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See elastic#52625 (comment) (cherry picked from commit d965595)
arteam
added a commit
to arteam/elasticsearch
that referenced
this pull request
Mar 9, 2022
…oken (elastic#84697) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See elastic#52625 (comment) (cherry picked from commit d965595)
arteam
added a commit
that referenced
this pull request
Mar 9, 2022
…oken (#84697) (#84824) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See #52625 (comment) (cherry picked from commit d965595)
arteam
added a commit
that referenced
this pull request
Mar 9, 2022
…oken (#84697) (#84825) Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system. See #52625 (comment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make sure users can use the static credentials even if there is a service account with IAM roles configured on the system.
See #52625 (comment)