Skip to content

Commit 8e9d2b1

Browse files
albertzaharovitsalbertzaharovits
authored
S3 repo plugin populate SettingsFilter (#30652)
The accessKey and secretKey repo settings (in the cluster state) of the s3 client are registered and will populate the SettingsFilter.
1 parent b4ae29a commit 8e9d2b1

File tree

2 files changed

+48
-2
lines changed

2 files changed

+48
-2
lines changed

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java

+3-1
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,8 @@ public List<Setting<?>> getSettings() {
9090
S3ClientSettings.PROXY_PASSWORD_SETTING,
9191
S3ClientSettings.READ_TIMEOUT_SETTING,
9292
S3ClientSettings.MAX_RETRIES_SETTING,
93-
S3ClientSettings.USE_THROTTLE_RETRIES_SETTING);
93+
S3ClientSettings.USE_THROTTLE_RETRIES_SETTING,
94+
S3Repository.ACCESS_KEY_SETTING,
95+
S3Repository.SECRET_KEY_SETTING);
9496
}
9597
}

plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/S3BlobStoreRepositoryTests.java

+45-1
Original file line numberDiff line numberDiff line change
@@ -21,14 +21,23 @@
2121
import com.amazonaws.services.s3.AmazonS3;
2222
import com.amazonaws.services.s3.model.CannedAccessControlList;
2323
import com.amazonaws.services.s3.model.StorageClass;
24+
25+
import org.elasticsearch.client.node.NodeClient;
2426
import org.elasticsearch.common.settings.Settings;
27+
import org.elasticsearch.common.settings.SettingsFilter;
2528
import org.elasticsearch.common.unit.ByteSizeUnit;
2629
import org.elasticsearch.common.unit.ByteSizeValue;
2730
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
2831
import org.elasticsearch.env.Environment;
2932
import org.elasticsearch.plugins.Plugin;
3033
import org.elasticsearch.repositories.Repository;
3134
import org.elasticsearch.repositories.blobstore.ESBlobStoreRepositoryIntegTestCase;
35+
import org.elasticsearch.rest.AbstractRestChannel;
36+
import org.elasticsearch.rest.RestController;
37+
import org.elasticsearch.rest.RestRequest;
38+
import org.elasticsearch.rest.RestResponse;
39+
import org.elasticsearch.rest.action.admin.cluster.RestGetRepositoriesAction;
40+
import org.elasticsearch.test.rest.FakeRestRequest;
3241
import org.junit.AfterClass;
3342
import org.junit.BeforeClass;
3443

@@ -38,9 +47,14 @@
3847
import java.util.Map;
3948
import java.util.concurrent.ConcurrentHashMap;
4049
import java.util.concurrent.ConcurrentMap;
50+
import java.util.concurrent.CountDownLatch;
51+
import java.util.concurrent.atomic.AtomicReference;
4152

4253
import static java.util.Collections.emptyMap;
4354
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
55+
import static org.hamcrest.Matchers.containsString;
56+
import static org.hamcrest.Matchers.not;
57+
import static org.mockito.Mockito.mock;
4458

4559
public class S3BlobStoreRepositoryTests extends ESBlobStoreRepositoryIntegTestCase {
4660

@@ -81,7 +95,9 @@ protected void createTestRepository(final String name) {
8195
.put(S3Repository.BUFFER_SIZE_SETTING.getKey(), bufferSize)
8296
.put(S3Repository.SERVER_SIDE_ENCRYPTION_SETTING.getKey(), serverSideEncryption)
8397
.put(S3Repository.CANNED_ACL_SETTING.getKey(), cannedACL)
84-
.put(S3Repository.STORAGE_CLASS_SETTING.getKey(), storageClass)));
98+
.put(S3Repository.STORAGE_CLASS_SETTING.getKey(), storageClass)
99+
.put(S3Repository.ACCESS_KEY_SETTING.getKey(), "not_used_but_this_is_a_secret")
100+
.put(S3Repository.SECRET_KEY_SETTING.getKey(), "not_used_but_this_is_a_secret")));
85101
}
86102

87103
@Override
@@ -106,4 +122,32 @@ public synchronized AmazonS3 client(final Settings repositorySettings) {
106122
}));
107123
}
108124
}
125+
126+
public void testInsecureRepositoryCredentials() throws Exception {
127+
final String repositoryName = "testInsecureRepositoryCredentials";
128+
createTestRepository(repositoryName);
129+
final NodeClient nodeClient = internalCluster().getInstance(NodeClient.class);
130+
final RestGetRepositoriesAction getRepoAction = new RestGetRepositoriesAction(Settings.EMPTY, mock(RestController.class),
131+
internalCluster().getInstance(SettingsFilter.class));
132+
final RestRequest getRepoRequest = new FakeRestRequest();
133+
getRepoRequest.params().put("repository", repositoryName);
134+
final CountDownLatch getRepoLatch = new CountDownLatch(1);
135+
final AtomicReference<AssertionError> getRepoError = new AtomicReference<>();
136+
getRepoAction.handleRequest(getRepoRequest, new AbstractRestChannel(getRepoRequest, true) {
137+
@Override
138+
public void sendResponse(RestResponse response) {
139+
try {
140+
assertThat(response.content().utf8ToString(), not(containsString("not_used_but_this_is_a_secret")));
141+
} catch (final AssertionError ex) {
142+
getRepoError.set(ex);
143+
}
144+
getRepoLatch.countDown();
145+
}
146+
}, nodeClient);
147+
getRepoLatch.await();
148+
if (getRepoError.get() != null) {
149+
throw getRepoError.get();
150+
}
151+
}
152+
109153
}

0 commit comments

Comments
 (0)