Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
8.11.2
-
None
-
Solr 8 (and later), when operating in a container within AWS, attempting to leverage Web Identity Tokens as part of S3 backups.
Description
As discovered in apache/solr-operator#475
the s3-repository contrib module is missing a dependency on the software.amazon.awssdk:sts module in order to enable authentication via Web Identity Tokens (STS).
The documentation for the Solr Operator (https://apache.github.io/solr-operator/docs/solr-backup/#s3-credentials / https://github.com/apache/solr-operator/blob/61c74353505e0e7171bdb3ff41102af47fb589fc/docs/solr-backup/README.md?plain=1#L342-L343) references that this should be possible, and any other implementation of Solr on Kubernetes (or any other AWS system using IRSA) won't be able to use the default credential process to use Web Identity Tokens without this module dependency.
Discovered by following breadcrumbs from: aws/aws-sdk-java-v2#2123
Adding the `sts` jar to the classpath has confirmed to address this issue, but this is likely a miss on testing dependencies because it's pretty difficult to test. (Solr wouldn't call out to this code, it's the internal AWS api that needs this as part of the default chain).
I'll try to get a PR together to add this in.
Attachments
Issue Links
- links to