[
https://issues.apache.org/jira/browse/SOLR-16429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608855#comment-17608855
]
Josh Souza commented on SOLR-16429:
-----------------------------------
Yeah, as far as I could tell this isn't referenced anywhere (8 or 9), but as
I'm not super familiar with all the code here it's totally possible I'm missing
a detail.
Our organization will not be able to upgrade to Solr 9 for some time due to the
level of effort required, so I'd very much be in your debt if this was to be
backported. Otherwise we will probably need to work around it until we can
upgrade. Either way, getting this solved for others is the most important part.
> Missing dependency for STS - Cannot leverage Web Identity Tokens
> ----------------------------------------------------------------
>
> Key: SOLR-16429
> URL: https://issues.apache.org/jira/browse/SOLR-16429
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Backup/Restore
> Affects Versions: 8.11.2
> Environment: Solr 8 (and later), when operating in a container within
> AWS, attempting to leverage Web Identity Tokens as part of S3 backups.
> Reporter: Josh Souza
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> As discovered in
> [apache/solr-operator#475|https://github.com/apache/solr-operator/issues/475]
> the {{s3-repository}} contrib module is missing a dependency on the
> {{software.amazon.awssdk:sts}} module in order to enable authentication via
> Web Identity Tokens (STS).
> The documentation for the Solr Operator
> ([https://apache.github.io/solr-operator/docs/solr-backup/#s3-credentials] /
> [https://github.com/apache/solr-operator/blob/61c74353505e0e7171bdb3ff41102af47fb589fc/docs/solr-backup/README.md?plain=1#L342-L343])
> references that this should be possible, and any other implementation of
> Solr on Kubernetes (or any other AWS system using IRSA) won't be able to use
> the default credential process to use Web Identity Tokens without this module
> dependency.
> Discovered by following breadcrumbs from:
> [aws/aws-sdk-java-v2#2123|https://github.com/aws/aws-sdk-java-v2/issues/2123]
> Adding the `sts` jar to the classpath has confirmed to address this issue,
> but this is likely a miss on testing dependencies because it's pretty
> difficult to test. (Solr wouldn't call out to this code, it's the internal
> AWS api that needs this as part of the default chain).
>
> I'll try to get a PR together to add this in.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
