Dianna's buildClient work, and misc

Author: DiannaHohensee

gradle/verification-metadata.xml

@@ -4810,6 +4810,11 @@
             <sha256 value="556463b8c353408d93feab74719d141fcfda7fd3d7b7d1ad3a8a548b7cc2982d" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="software.amazon.awssdk" name="sts" version="2.30.38">
+         <artifact name="sts-2.30.38.jar">
+            <sha256 value="29a4eb10332893b17a59f81c9d5b3fbf5caa8a386479f9edf5e81b9b8961af63" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="software.amazon.awssdk" name="third-party-jackson-core" version="2.30.38">
          <artifact name="third-party-jackson-core-2.30.38.jar">
             <sha256 value="979215cd78fe0b4abfa7465e6400b29ed90ced24d76323e87b6717195f0214af" origin="Generated by Gradle"/>

modules/repository-s3/build.gradle

@@ -20,16 +20,19 @@ esplugin {
 
 dependencies {
   // TODO NOMERGE sort alphabetically
-  implementation "software.amazon.awssdk:s3:${versions.awsv2sdk}"
-  implementation "software.amazon.awssdk:utils:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:apache-client:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:auth:${versions.awsv2sdk}"
   implementation "software.amazon.awssdk:aws-core:${versions.awsv2sdk}"
-  implementation "software.amazon.awssdk:sdk-core:${versions.awsv2sdk}"
-  implementation "software.amazon.awssdk:regions:${versions.awsv2sdk}"
-  implementation "software.amazon.awssdk:metrics-spi:${versions.awsv2sdk}"
   implementation "software.amazon.awssdk:aws-xml-protocol:${versions.awsv2sdk}"
   implementation "software.amazon.awssdk:http-client-spi:${versions.awsv2sdk}"
-  implementation "software.amazon.awssdk:auth:${versions.awsv2sdk}"
   implementation "software.amazon.awssdk:identity-spi:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:metrics-spi:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:regions:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:s3:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:sdk-core:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:services:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:sts:${versions.awsv2sdk}"
+  implementation "software.amazon.awssdk:utils:${versions.awsv2sdk}"
 
   implementation "org.apache.httpcomponents:httpclient:${versions.httpclient}"
 
@@ -71,7 +74,20 @@ restResources {
 }
 
 tasks.named("dependencyLicenses").configure {
-  mapping from: 's3', to: 'aws-sdk-2'
+  mapping from: 'apache-client',            to: 'aws-sdk-2'
+  mapping from: 'auth',                     to: 'aws-sdk-2'
+  mapping from: 'aws-xml-protocol',         to: 'aws-sdk-2'
+  mapping from: 'aws-core',                 to: 'aws-sdk-2'
+  mapping from: 'http-client-spi',          to: 'aws-sdk-2'
+  mapping from: 'identity-spi',             to: 'aws-sdk-2'
+  mapping from: 'identity-spi',             to: 'aws-sdk-2'
+  mapping from: 'metrics-spi',              to: 'aws-sdk-2'
+  mapping from: 'regions',                  to: 'aws-sdk-2'
+  mapping from: 's3',                       to: 'aws-sdk-2'
+  mapping from: 'sdk-core',                 to: 'aws-sdk-2'
+  mapping from: 'services',                 to: 'aws-sdk-2'
+  mapping from: 'sts',                      to: 'aws-sdk-2'
+  mapping from: 'utils',                    to: 'aws-sdk-2'
 }
 
 esplugin.bundleSpec.from('config/repository-s3') {

modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3ClientSettings.java

@@ -143,7 +143,7 @@ final class S3ClientSettings {
     static final Setting.AffixSetting<Boolean> USE_THROTTLE_RETRIES_SETTING = Setting.affixKeySetting(
         PREFIX,
         "use_throttle_retries",
-        key -> Setting.boolSetting(key, Defaults.THROTTLE_RETRIES, Property.NodeScope)
+        key -> Setting.boolSetting(key, Defaults.THROTTLE_RETRIES, Property.NodeScope, Property.Deprecated)
     );
 
     /** Whether the s3 client should use path style access. */
@@ -157,7 +157,7 @@ final class S3ClientSettings {
     static final Setting.AffixSetting<Boolean> DISABLE_CHUNKED_ENCODING = Setting.affixKeySetting(
         PREFIX,
         "disable_chunked_encoding",
-        key -> Setting.boolSetting(key, false, Property.NodeScope)
+        key -> Setting.boolSetting(key, false, Property.NodeScope, Property.Deprecated)
     );
 
     /** An override for the s3 region to use for signing requests. */
@@ -167,11 +167,26 @@ final class S3ClientSettings {
         key -> Setting.simpleString(key, Property.NodeScope)
     );
 
+    public enum AwsSignerOverrideType {
+        // AWS SDK V1 Signer types.
+        // Supported for upgrade compatibility, ultimately converted to a V2 equivalent.
+        // Note: AWS4UnsignedPayloadSignerType is no longer supported, there is no equivalent in V2 short of a custom signer.
+        // Note: QueryStringSigner is deprecated in V2, thus not given support.
+        AWS4SignerType, // -> Aws4Signer
+        AWS3SignerType, // -> AwsS3V4Signer
+        NoOpSignerType, // -> NoOpSigner
+
+        // AWS SDK V2 Signer types
+        Aws4Signer,
+        AwsS3V4Signer,
+        NoOpSigner;
+    };
+
     /** An override for the signer to use. */
-    static final Setting.AffixSetting<String> SIGNER_OVERRIDE = Setting.affixKeySetting(
+    static final Setting.AffixSetting<AwsSignerOverrideType> SIGNER_OVERRIDE = Setting.affixKeySetting(
         PREFIX,
         "signer_override",
-        key -> Setting.simpleString(key, Property.NodeScope)
+        key -> Setting.enumSetting(AwsSignerOverrideType.class, key, AwsSignerOverrideType.Aws4Signer, Property.NodeScope)
     );
 
     /** Credentials to authenticate with s3. */
@@ -207,19 +222,19 @@ final class S3ClientSettings {
     final int maxRetries;
 
     /** Whether the s3 client should use an exponential backoff retry policy. */
-    final boolean throttleRetries;
+    final boolean throttleRetries; // TODO: remove, no longer supported in v2
 
     /** Whether the s3 client should use path style access. */
     final boolean pathStyleAccess;
 
     /** Whether chunked encoding should be disabled or not. */
-    final boolean disableChunkedEncoding;
+    final boolean disableChunkedEncoding; // TODO: deprecated in V2, remove. Encoding can be disabled by setting an HTTP endpoint, I think?
 
     /** Region to use for signing requests or empty string to use default. */
     final String region;
 
     /** Signer override to use or empty string to use default. */
-    final String signerOverride;
+    final AwsSignerOverrideType signerOverride; // TODO: document somewhat breaking change
 
     private S3ClientSettings(
         AwsCredentials credentials,
@@ -236,7 +251,7 @@ private S3ClientSettings(
         boolean pathStyleAccess,
         boolean disableChunkedEncoding,
         String region,
-        String signerOverride
+        AwsSignerOverrideType signerOverride
     ) {
         this.credentials = credentials;
         this.endpoint = endpoint;
@@ -291,7 +306,7 @@ S3ClientSettings refine(Settings repositorySettings) {
             newCredentials = credentials;
         }
         final String newRegion = getRepoSettingOrDefault(REGION, normalizedSettings, region);
-        final String newSignerOverride = getRepoSettingOrDefault(SIGNER_OVERRIDE, normalizedSettings, signerOverride);
+        final AwsSignerOverrideType newSignerOverride = getRepoSettingOrDefault(SIGNER_OVERRIDE, normalizedSettings, signerOverride);
         if (Objects.equals(endpoint, newEndpoint)
             && Objects.equals(proxyHost, newProxyHost)
             && proxyPort == newProxyPort