Skip to content

[DOC] Repository GCS ADC not supported#33238

Merged
albertzaharovits merged 3 commits intoelastic:masterfrom
albertzaharovits:doc-gcs-plugin-credentials-unsupported
Aug 30, 2018
Merged

[DOC] Repository GCS ADC not supported#33238
albertzaharovits merged 3 commits intoelastic:masterfrom
albertzaharovits:doc-gcs-plugin-credentials-unsupported

Conversation

@albertzaharovits
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits commented Aug 29, 2018

ADC - Application Default Credentials

For the repository gcs plugin we use Google Cloud Client Library for Java for the communication with the storage service.
For authenticating the calls, common to most other google client libraries, this library uses another library https://github.com/google/google-auth-library-java that is designed to do it's job seamlessly when the client is run in a google environment, such as Compute Engine, Kubernetes Engine or App Engine. Specifically, it checks environment variables and searches predefined file paths for plain text credential files; details are here.
This "automatic" discovery is not compatible with the Java security manager. It does not work (generates a warning) and it had not worked for some time now, although the docs said otherwise. This PR rectifies the docs.

Closes #23992

@albertzaharovits albertzaharovits added >docs General docs changes :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs v7.0.0 v6.5.0 v6.4.1 labels Aug 29, 2018
@albertzaharovits albertzaharovits self-assigned this Aug 29, 2018
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Aug 29, 2018

Pinging @elastic/es-distributed

rjernst
rjernst approved these changes Aug 29, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@rjernst rjernst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lcawl
lcawl reviewed Aug 29, 2018
View reviewed changes
docs/plugins/repository-gcs.asciidoc Outdated
creation time, when "Storage" access can be configured to "Read/Write" permission. Check your
instance details at the section "Cloud API access scopes".
The plugin needs to authenticate the requests it is making to the Google Cloud
Storage service. In this respect, it is common for google client libraries
Copy link
Copy Markdown
Contributor

@lcawl lcawl Aug 29, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "google" should probably be capitalized here too.

lcawl
lcawl approved these changes Aug 30, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@lcawl lcawl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made some stylistic edits, now LGTM

@albertzaharovits
Copy link
Copy Markdown
Contributor Author

albertzaharovits commented Aug 30, 2018

Thank you Lisa, looking neat ❤️

@albertzaharovits albertzaharovits merged commit c31c51d into elastic:master Aug 30, 2018
@albertzaharovits albertzaharovits deleted the doc-gcs-plugin-credentials-unsupported branch August 30, 2018 07:32
albertzaharovits added a commit that referenced this pull request Aug 30, 2018
@albertzaharovits
[DOC] Repository GCS ADC not supported (#33238)
7020c40 
Make it clear that automatic default credentials (ADC)
is not supported for the repository-gcs plugin.
"Service Account" method is the only alternative
to authn requests to Google Cloud Storage.
albertzaharovits added a commit that referenced this pull request Aug 30, 2018
@albertzaharovits
[DOC] Repository GCS ADC not supported (#33238)
138466e 
Make it clear that automatic default credentials (ADC)
is not supported for the repository-gcs plugin.
"Service Account" method is the only alternative
to authn requests to Google Cloud Storage.
dnhatn added a commit that referenced this pull request Sep 1, 2018
@dnhatn
Merge branch '6.x' into ccr-6.x
a6312a5 
* 6.x:
  Mute test watcher usage stats output
  [Rollup] Fix FullClusterRestart test
  TEST: Disable soft-deletes in ParentChildTestCase
  TEST: Disable randomized soft-deletes settings
  Integrates soft-deletes into Elasticsearch (#33222)
  drop `index.shard.check_on_startup: fix` (#32279)
  Fix AwaitsFix issue number
  Mute SmokeTestWatcherWithSecurityIT testsi
  [DOCS] Moves ml folder from x-pack/docs to docs (#33248)
  TEST: mute more SmokeTestWatcherWithSecurityIT tests
  [DOCS] Move rollup APIs to docs (#31450)
  [DOCS] Rename X-Pack Commands section (#33005)
  Fixes SecurityIntegTestCase so it always adds at least one alias (#33296)
  TESTS: Fix Random Fail in MockTcpTransportTests (#33061) (#33307)
  MINOR: Remove Dead Code from PathTrie (#33280) (#33306)
  Fix pom for build-tools (#33300)
  Lazy evaluate java9home (#33301)
  SQL: test coverage for JdbcResultSet (#32813)
  Work around to be able to generate eclipse projects (#33295)
  Different handling for security specific errors in the CLI. Fix for #33230 (#33255)
  [ML] Refactor delimited file structure detection (#33233)
  SQL: Support multi-index format as table identifier (#33278)
  Enable forbiddenapis server java9 (#33245)
  [MUTE] SmokeTestWatcherWithSecurityIT flaky tests
  Add region ISO code to GeoIP Ingest plugin (#31669) (#33276)
  Don't be strict for 6.x
  Update serialization versions for custom IndexMetaData backport
  Replace IndexMetaData.Custom with Map-based custom metadata (#32749)
  Painless: Fix Bindings Bug (#33274)
  SQL: prevent duplicate generation for repeated aggs (#33252)
  TEST: Mute testMonitorClusterHealth
  Fix serialization of empty field capabilities response (#33263)
  Fix nested _source retrieval with includes/excludes (#33180)
  [DOCS] TLS file resources are reloadable (#33258)
  Watcher: Ensure TriggerEngine start replaces existing watches (#33157)
  Ignore module-info in jar hell checks (#33011)
  Fix docs build after #33241
  [DOC] Repository GCS ADC not supported (#33238)
  Upgrade to latest Gradle 4.10  (#32801)
  Fix/30904 cluster formation part2 (#32877)
  Move file-based discovery to core (#33241)
  HLRC: add client side RefreshPolicy (#33209)
  [Kerberos] Add unsupported languages for tests (#33253)
  Watcher: Reload properly on remote shard change (#33167)
  Fix classpath security checks for external tests. (#33066)
  [Rollup] Only allow aggregating on multiples of configured interval (#32052)
  Added deprecation warning for rescore in scroll queries (#33070)
  Apply settings filter to get cluster settings API (#33247)
  [Rollup] Re-factor Rollup Indexer into a generic indexer for re-usability   (#32743)
  HLRC: create base timed request class (#33216)
  HLRC: Use Optional in validation logic (#33104)
  Painless: Add Bindings (#33042)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rjernst rjernst rjernst approved these changes

@lcawl lcawl lcawl approved these changes

@tlrx tlrx Awaiting requested review from tlrx

Assignees

@albertzaharovits albertzaharovits

Labels

:Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs >docs General docs changes v6.4.1 v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@albertzaharovits @elasticmachine @rjernst @lcawl @colings86