[jira] [Resolved] (SOLR-16429) Missing dependency for STS - Cannot leverage Web Identity Tokens

Mon, 03 Oct 2022 08:41:05 -0700 


     [ 
https://issues.apache.org/jira/browse/SOLR-16429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden resolved SOLR-16429.
---------------------------------
    Resolution: Fixed

> Missing dependency for STS - Cannot leverage Web Identity Tokens
> ----------------------------------------------------------------
>
>                 Key: SOLR-16429
>                 URL: https://issues.apache.org/jira/browse/SOLR-16429
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Backup/Restore
>    Affects Versions: 8.11.2
>         Environment: Solr 8 (and later), when operating in a container within 
> AWS, attempting to leverage Web Identity Tokens as part of S3 backups.
>            Reporter: Josh Souza
>            Assignee: Houston Putman
>            Priority: Major
>             Fix For: 9.1, main (10.0), 8.11.3
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> As discovered in 
> [apache/solr-operator#475|https://github.com/apache/solr-operator/issues/475]
> the {{s3-repository}} contrib module is missing a dependency on the 
> {{software.amazon.awssdk:sts}} module in order to enable authentication via 
> Web Identity Tokens (STS).
> The documentation for the Solr Operator 
> ([https://apache.github.io/solr-operator/docs/solr-backup/#s3-credentials] / 
> [https://github.com/apache/solr-operator/blob/61c74353505e0e7171bdb3ff41102af47fb589fc/docs/solr-backup/README.md?plain=1#L342-L343])
>  references that this should be possible, and any other implementation of 
> Solr on Kubernetes (or any other AWS system using IRSA) won't be able to use 
> the default credential process to use Web Identity Tokens without this module 
> dependency.
> Discovered by following breadcrumbs from: 
> [aws/aws-sdk-java-v2#2123|https://github.com/aws/aws-sdk-java-v2/issues/2123]
> Adding the `sts` jar to the classpath has confirmed to address this issue, 
> but this is likely a miss on testing dependencies because it's pretty 
> difficult to test. (Solr wouldn't call out to this code, it's the internal 
> AWS api that needs this as part of the default chain).
>  
> I'll try to get a PR together to add this in.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to