Skip to content

Settings: Migrate ec2 discovery sensitive settings to elasticsearch keystore#23961

Merged
rjernst merged 1 commit intoelastic:masterfrom
rjernst:keystore8
Apr 7, 2017
Merged

Settings: Migrate ec2 discovery sensitive settings to elasticsearch keystore#23961
rjernst merged 1 commit intoelastic:masterfrom
rjernst:keystore8

Conversation

@rjernst
Copy link
Copy Markdown
Member

@rjernst rjernst commented Apr 7, 2017

This change adds secure settings for access/secret keys and proxy
username/password to ec2 discovery. It adds the new settings with the
prefix discovery.ec2, copies other relevant ec2 client settings to the
same prefix, and deprecates all other settings (cloud.aws.* and
cloud.aws.ec2.*). Note that this is simpler than the client configs
in repository-s3 because discovery is only initialized once for the
entire node, so there is no reason to complicate the configuration with
the ability to have multiple sets of client settings.

relates #22475

@rjernst
Settings: Migrate ec2 discovery sensitive settings to elasticsearch k…
1200b76 
…eystore

This change adds secure settings for access/secret keys and proxy
username/password to ec2 discovery.  It adds the new settings with the
prefix `discovery.ec2`, copies other relevant ec2 client settings to the
same prefix, and deprecates all other settings (`cloud.aws.*` and
`cloud.aws.ec2.*`).  Note that this is simpler than the client configs
in repository-s3 because discovery is only initialized once for the
entire node, so there is no reason to complicate the configuration with
the ability to have multiple sets of client settings.

relates elastic#22475
s1monw
s1monw approved these changes Apr 7, 2017
View reviewed changes
Copy link
Copy Markdown
Contributor

@s1monw s1monw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - I have a question, what happens if somebody uses the deprecated setting but not as a secure setting but instead as an ordinary setting? Can we have a tests for this somehow?

@rjernst
Copy link
Copy Markdown
Member Author

rjernst commented Apr 7, 2017

@s1monw I think that is better tested in the general settings stuff. I opened #23976

@rjernst rjernst merged commit d4c0ef0 into elastic:master Apr 7, 2017
@rjernst rjernst deleted the keystore8 branch April 7, 2017 20:28
rjernst added a commit that referenced this pull request Apr 7, 2017
@rjernst
Settings: Migrate ec2 discovery sensitive settings to elasticsearch k…
725abd0 
…eystore (#23961)

This change adds secure settings for access/secret keys and proxy
username/password to ec2 discovery.  It adds the new settings with the
prefix `discovery.ec2`, copies other relevant ec2 client settings to the
same prefix, and deprecates all other settings (`cloud.aws.*` and
`cloud.aws.ec2.*`).  Note that this is simpler than the client configs
in repository-s3 because discovery is only initialized once for the
entire node, so there is no reason to complicate the configuration with
the ability to have multiple sets of client settings.

relates #22475
rjernst added a commit that referenced this pull request Apr 7, 2017
@rjernst
Add registration of new discovery settings
6e0b445 
This was forgotten as part of #23961
rjernst added a commit that referenced this pull request Apr 7, 2017
@rjernst
Add registration of new discovery settings
436158f 
This was forgotten as part of #23961
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Apr 8, 2017
@jasontedor
Merge branch 'master' into skip-skipping-hidden-files
b197a43 
* master:
  Discovery EC2: Remove region setting (elastic#23991)
  AWS Plugins: Remove signer type setting (elastic#23984)
  Settings: Disallow secure setting to exist in normal settings (elastic#23976)
  Add registration of new discovery settings
  Settings: Migrate ec2 discovery sensitive settings to elasticsearch keystore (elastic#23961)
  Fix throttled reindex_from_remote (elastic#23953)
  Add comment why we check for null fetch results during merge
@clintongormley clintongormley added the :Core/Infra/Settings Settings infrastructure and APIs label Apr 10, 2017
bleskes added a commit that referenced this pull request Aug 24, 2017
@bleskes
Revert "Settings: Migrate ec2 discovery sensitive settings to elastic…
30ddba7 
…search keystore (#23961)"

This reverts commit 725abd0.

# Conflicts:
#	plugins/discovery-ec2/src/main/java/org/elasticsearch/discovery/ec2/AwsEc2Service.java
#	test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java
@clintongormley clintongormley added :Distributed/Discovery-Plugins Anything related to our integration plugins with EC2, GCP and Azure and removed :Plugin Discovery EC2 labels Feb 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@s1monw s1monw s1monw approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

:Core/Infra/Settings Settings infrastructure and APIs :Distributed/Discovery-Plugins Anything related to our integration plugins with EC2, GCP and Azure >enhancement v5.4.0 v6.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rjernst @s1monw @clintongormley