S3 Repository: Cleanup deprecated settings (#24097)

This commit removes all deprecated settings which start with
`cloud.aws`, `repositories.s3` and repository level client settings.

docs/reference/migration/migrate_6_0/plugins.asciidoc

@@ -23,6 +23,10 @@ the region of the configured bucket.
 
 * Specifying s3 signer type has been removed, including `cloud.aws.signer` and `cloud.aws.s3.signer`.
 
+* All `cloud.aws` and `repositories.s3` settings have been removed. Use `s3.client.*` settings instead.
+
+* All repository level client settings have been removed. Use `s3.client.*` settings instead.
+
 ==== Azure Repository plugin
 
 * The container an azure repository is configured with will no longer be created automatically.

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/AwsS3Service.java

@@ -19,134 +19,12 @@
 
 package org.elasticsearch.repositories.s3;
 
-import java.util.Locale;
-import java.util.function.Function;
-
-import com.amazonaws.ClientConfiguration;
-import com.amazonaws.Protocol;
 import com.amazonaws.services.s3.AmazonS3;
-import org.elasticsearch.cluster.metadata.RepositoryMetaData;
 import org.elasticsearch.common.component.LifecycleComponent;
-import org.elasticsearch.common.settings.SecureString;
-import org.elasticsearch.common.settings.Setting;
-import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.unit.TimeValue;
 
 interface AwsS3Service extends LifecycleComponent {
 
-    // Legacy global AWS settings (shared between discovery-ec2 and repository-s3)
-    // Each setting starting with `cloud.aws` also exists in discovery-ec2 project. Don't forget to update
-    // the code there if you change anything here.
-    /**
-     * cloud.aws.access_key: AWS Access key. Shared with discovery-ec2 plugin
-     */
-    Setting<SecureString> KEY_SETTING = new Setting<>("cloud.aws.access_key", "", SecureString::new,
-        Property.NodeScope, Property.Filtered, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.secret_key: AWS Secret key. Shared with discovery-ec2 plugin
-     */
-    Setting<SecureString> SECRET_SETTING = new Setting<>("cloud.aws.secret_key", "", SecureString::new,
-        Property.NodeScope, Property.Filtered, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.protocol: Protocol for AWS API: http or https. Defaults to https. Shared with discovery-ec2 plugin
-     */
-    Setting<Protocol> PROTOCOL_SETTING = new Setting<>("cloud.aws.protocol", "https",
-        s -> Protocol.valueOf(s.toUpperCase(Locale.ROOT)), Property.NodeScope, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.proxy.host: In case of proxy, define its hostname/IP. Shared with discovery-ec2 plugin
-     */
-    Setting<String> PROXY_HOST_SETTING = Setting.simpleString("cloud.aws.proxy.host",
-        Property.NodeScope, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.proxy.port: In case of proxy, define its port. Defaults to 80. Shared with discovery-ec2 plugin
-     */
-    Setting<Integer> PROXY_PORT_SETTING = Setting.intSetting("cloud.aws.proxy.port", 80, 0, 1<<16,
-        Property.NodeScope, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.proxy.username: In case of proxy with auth, define the username. Shared with discovery-ec2 plugin
-     */
-    Setting<SecureString> PROXY_USERNAME_SETTING = new Setting<>("cloud.aws.proxy.username", "", SecureString::new,
-        Property.NodeScope, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.proxy.password: In case of proxy with auth, define the password. Shared with discovery-ec2 plugin
-     */
-    Setting<SecureString> PROXY_PASSWORD_SETTING = new Setting<>("cloud.aws.proxy.password", "", SecureString::new,
-        Property.NodeScope, Property.Filtered, Property.Deprecated, Property.Shared);
-    /**
-     * cloud.aws.read_timeout: Socket read timeout. Shared with discovery-ec2 plugin
-     */
-    Setting<TimeValue> READ_TIMEOUT = Setting.timeSetting("cloud.aws.read_timeout",
-        TimeValue.timeValueMillis(ClientConfiguration.DEFAULT_SOCKET_TIMEOUT), Property.NodeScope, Property.Deprecated, Property.Shared);
-
-    /**
-     * Defines specific s3 settings starting with cloud.aws.s3.
-     * NOTE: These are legacy settings. Use the named client configs in {@link org.elasticsearch.repositories.s3.S3Repository}.
-     */
-    interface CLOUD_S3 {
-        /**
-         * cloud.aws.s3.access_key: AWS Access key specific for S3 API calls. Defaults to cloud.aws.access_key.
-         * @see AwsS3Service#KEY_SETTING
-         */
-        Setting<SecureString> KEY_SETTING =
-            new Setting<>("cloud.aws.s3.access_key", AwsS3Service.KEY_SETTING, SecureString::new,
-                Property.NodeScope, Property.Filtered, Property.Deprecated);
-        /**
-         * cloud.aws.s3.secret_key: AWS Secret key specific for S3 API calls. Defaults to cloud.aws.secret_key.
-         * @see AwsS3Service#SECRET_SETTING
-         */
-        Setting<SecureString> SECRET_SETTING =
-            new Setting<>("cloud.aws.s3.secret_key", AwsS3Service.SECRET_SETTING, SecureString::new,
-                Property.NodeScope, Property.Filtered, Property.Deprecated);
-        /**
-         * cloud.aws.s3.protocol: Protocol for AWS API specific for S3 API calls: http or https. Defaults to cloud.aws.protocol.
-         * @see AwsS3Service#PROTOCOL_SETTING
-         */
-        Setting<Protocol> PROTOCOL_SETTING =
-            new Setting<>("cloud.aws.s3.protocol", AwsS3Service.PROTOCOL_SETTING, s -> Protocol.valueOf(s.toUpperCase(Locale.ROOT)),
-                Property.NodeScope, Property.Deprecated);
-        /**
-         * cloud.aws.s3.proxy.host: In case of proxy, define its hostname/IP specific for S3 API calls. Defaults to cloud.aws.proxy.host.
-         * @see AwsS3Service#PROXY_HOST_SETTING
-         */
-        Setting<String> PROXY_HOST_SETTING =
-            new Setting<>("cloud.aws.s3.proxy.host", AwsS3Service.PROXY_HOST_SETTING, Function.identity(),
-                Property.NodeScope, Property.Deprecated);
-        /**
-         * cloud.aws.s3.proxy.port: In case of proxy, define its port specific for S3 API calls.  Defaults to cloud.aws.proxy.port.
-         * @see AwsS3Service#PROXY_PORT_SETTING
-         */
-        Setting<Integer> PROXY_PORT_SETTING =
-            new Setting<>("cloud.aws.s3.proxy.port", AwsS3Service.PROXY_PORT_SETTING,
-                s -> Setting.parseInt(s, 0, 1<<16, "cloud.aws.s3.proxy.port"), Property.NodeScope, Property.Deprecated);
-        /**
-         * cloud.aws.s3.proxy.username: In case of proxy with auth, define the username specific for S3 API calls.
-         * Defaults to cloud.aws.proxy.username.
-         * @see AwsS3Service#PROXY_USERNAME_SETTING
-         */
-        Setting<SecureString> PROXY_USERNAME_SETTING =
-            new Setting<>("cloud.aws.s3.proxy.username", AwsS3Service.PROXY_USERNAME_SETTING, SecureString::new,
-                Property.NodeScope, Property.Deprecated);
-        /**
-         * cloud.aws.s3.proxy.password: In case of proxy with auth, define the password specific for S3 API calls.
-         * Defaults to cloud.aws.proxy.password.
-         * @see AwsS3Service#PROXY_PASSWORD_SETTING
-         */
-        Setting<SecureString> PROXY_PASSWORD_SETTING =
-            new Setting<>("cloud.aws.s3.proxy.password", AwsS3Service.PROXY_PASSWORD_SETTING, SecureString::new,
-                Property.NodeScope, Property.Filtered, Property.Deprecated);
-        /**
-         * cloud.aws.s3.endpoint: Endpoint.
-         */
-        Setting<String> ENDPOINT_SETTING = Setting.simpleString("cloud.aws.s3.endpoint", Property.NodeScope);
-        /**
-         * cloud.aws.s3.read_timeout: Socket read timeout. Defaults to cloud.aws.read_timeout
-         * @see AwsS3Service#READ_TIMEOUT
-         */
-        Setting<TimeValue> READ_TIMEOUT =
-            Setting.timeSetting("cloud.aws.s3.read_timeout", AwsS3Service.READ_TIMEOUT, Property.NodeScope, Property.Deprecated);
-    }
-
     /**
      * Creates an {@code AmazonS3} client from the given repository metadata and node settings.
      */

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/InternalAwsS3Service.java

@@ -75,7 +75,6 @@ class InternalAwsS3Service extends AbstractLifecycleComponent implements AwsS3Se
                 Strings.collectionToDelimitedString(clientsSettings.keySet(), ","));
         }
 
-        String endpoint = findEndpoint(logger, clientSettings, repositorySettings);
         Integer maxRetries = getValue(repositorySettings, settings,
             S3Repository.Repository.MAX_RETRIES_SETTING,
             S3Repository.Repositories.MAX_RETRIES_SETTING);
@@ -94,10 +93,10 @@ class InternalAwsS3Service extends AbstractLifecycleComponent implements AwsS3Se
 
         logger.debug("creating S3 client with client_name [{}], endpoint [{}], max_retries [{}], " +
                 "use_throttle_retries [{}], path_style_access [{}]",
-            clientName, endpoint, maxRetries, useThrottleRetries, pathStyleAccess);
+            clientName, clientSettings.endpoint, maxRetries, useThrottleRetries, pathStyleAccess);
 
-        AWSCredentialsProvider credentials = buildCredentials(logger, deprecationLogger, clientSettings, repositorySettings);
-        ClientConfiguration configuration = buildConfiguration(logger, clientSettings, repositorySettings, maxRetries, endpoint, useThrottleRetries);
+        AWSCredentialsProvider credentials = buildCredentials(logger, clientSettings);
+        ClientConfiguration configuration = buildConfiguration(clientSettings, maxRetries, useThrottleRetries);
 
         client = new AmazonS3Client(credentials, configuration);
 
@@ -105,8 +104,8 @@ class InternalAwsS3Service extends AbstractLifecycleComponent implements AwsS3Se
             client.setS3ClientOptions(new S3ClientOptions().withPathStyleAccess(pathStyleAccess));
         }
 
-        if (Strings.hasText(endpoint)) {
-            client.setEndpoint(endpoint);
+        if (Strings.hasText(clientSettings.endpoint)) {
+            client.setEndpoint(clientSettings.endpoint);
         }
 
         clientsCache.put(clientName, client);
@@ -114,14 +113,12 @@ class InternalAwsS3Service extends AbstractLifecycleComponent implements AwsS3Se
     }
 
     // pkg private for tests
-    static ClientConfiguration buildConfiguration(Logger logger, S3ClientSettings clientSettings, Settings repositorySettings,
-                                                  Integer maxRetries, String endpoint, boolean useThrottleRetries) {
+    static ClientConfiguration buildConfiguration(S3ClientSettings clientSettings, Integer maxRetries, boolean useThrottleRetries) {
         ClientConfiguration clientConfiguration = new ClientConfiguration();
         // the response metadata cache is only there for diagnostics purposes,
         // but can force objects from every response to the old generation.
         clientConfiguration.setResponseMetadataCacheSize(0);
-        Protocol protocol = getRepoValue(repositorySettings, S3Repository.Repository.PROTOCOL_SETTING, clientSettings.protocol);
-        clientConfiguration.setProtocol(protocol);
+        clientConfiguration.setProtocol(clientSettings.protocol);
 
         if (Strings.hasText(clientSettings.proxyHost)) {
             // TODO: remove this leniency, these settings should exist together and be validated
@@ -142,50 +139,14 @@ class InternalAwsS3Service extends AbstractLifecycleComponent implements AwsS3Se
     }
 
     // pkg private for tests
-    static AWSCredentialsProvider buildCredentials(Logger logger, DeprecationLogger deprecationLogger,
-                                                   S3ClientSettings clientSettings, Settings repositorySettings) {
-        BasicAWSCredentials credentials = clientSettings.credentials;
-        if (S3Repository.Repository.KEY_SETTING.exists(repositorySettings)) {
-            if (S3Repository.Repository.SECRET_SETTING.exists(repositorySettings) == false) {
-                throw new IllegalArgumentException("Repository setting [" + S3Repository.Repository.KEY_SETTING +
-                    " must be accompanied by setting [" + S3Repository.Repository.SECRET_SETTING + "]");
-            }
-            // backcompat for reading keys out of repository settings
-            deprecationLogger.deprecated("Using s3 access/secret key from repository settings. Instead " +
-                "store these in named clients and the elasticsearch keystore for secure settings.");
-            try (SecureString key = S3Repository.Repository.KEY_SETTING.get(repositorySettings);
-                 SecureString secret = S3Repository.Repository.SECRET_SETTING.get(repositorySettings)) {
-                credentials = new BasicAWSCredentials(key.toString(), secret.toString());
-            }
-        } else if (S3Repository.Repository.SECRET_SETTING.exists(repositorySettings)) {
-            throw new IllegalArgumentException("Repository setting [" + S3Repository.Repository.SECRET_SETTING +
-                " must be accompanied by setting [" + S3Repository.Repository.KEY_SETTING + "]");
-        }
-        if (credentials == null) {
+    static AWSCredentialsProvider buildCredentials(Logger logger, S3ClientSettings clientSettings) {
+        if (clientSettings.credentials == null) {
             logger.debug("Using instance profile credentials");
             return new PrivilegedInstanceProfileCredentialsProvider();
         } else {
             logger.debug("Using basic key/secret credentials");
-            return new StaticCredentialsProvider(credentials);
-        }
-    }
-
-    // pkg private for tests
-    /** Returns the endpoint the client should use, based on the available endpoint settings found. */
-    static String findEndpoint(Logger logger, S3ClientSettings clientSettings, Settings repositorySettings) {
-        String endpoint = getRepoValue(repositorySettings, S3Repository.Repository.ENDPOINT_SETTING, clientSettings.endpoint);
-        if (Strings.hasText(endpoint)) {
-            logger.debug("using repository level endpoint [{}]", endpoint);
-        }
-        return endpoint;
-    }
-
-    /** Returns the value for a given setting from the repository, or returns the fallback value. */
-    private static <T> T getRepoValue(Settings repositorySettings, Setting<T> repositorySetting, T fallback) {
-        if (repositorySetting.exists(repositorySettings)) {
-            return repositorySetting.get(repositorySettings);
+            return new StaticCredentialsProvider(clientSettings.credentials);
         }
-        return fallback;
     }
 
     @Override

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3ClientSettings.java

@@ -33,7 +33,6 @@ import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.repositories.s3.AwsS3Service.CLOUD_S3;
 
 /**
  * A container for settings used to create an S3 client.
@@ -45,15 +44,15 @@ class S3ClientSettings {
 
     /** The access key (ie login id) for connecting to s3. */
     static final Setting.AffixSetting<SecureString> ACCESS_KEY_SETTING = Setting.affixKeySetting(PREFIX, "access_key",
-        key -> SecureSetting.secureString(key, S3Repository.Repositories.KEY_SETTING));
+        key -> SecureSetting.secureString(key, null));
 
     /** The secret key (ie password) for connecting to s3. */
     static final Setting.AffixSetting<SecureString> SECRET_KEY_SETTING = Setting.affixKeySetting(PREFIX, "secret_key",
-        key -> SecureSetting.secureString(key, S3Repository.Repositories.SECRET_SETTING));
+        key -> SecureSetting.secureString(key, null));
 
     /** An override for the s3 endpoint to connect to. */
     static final Setting.AffixSetting<String> ENDPOINT_SETTING = Setting.affixKeySetting(PREFIX, "endpoint",
-        key -> new Setting<>(key, S3Repository.Repositories.ENDPOINT_SETTING, s -> s.toLowerCase(Locale.ROOT),
+        key -> new Setting<>(key, "", s -> s.toLowerCase(Locale.ROOT),
             Setting.Property.NodeScope));
 
     /** The protocol to use to connect to s3. */
@@ -70,11 +69,11 @@ class S3ClientSettings {
 
     /** The username of a proxy to connect to s3 through. */
     static final Setting.AffixSetting<SecureString> PROXY_USERNAME_SETTING = Setting.affixKeySetting(PREFIX, "proxy.username",
-        key -> SecureSetting.secureString(key, AwsS3Service.PROXY_USERNAME_SETTING));
+        key -> SecureSetting.secureString(key, null));
 
     /** The password of a proxy to connect to s3 through. */
     static final Setting.AffixSetting<SecureString> PROXY_PASSWORD_SETTING = Setting.affixKeySetting(PREFIX, "proxy.password",
-        key -> SecureSetting.secureString(key, AwsS3Service.PROXY_PASSWORD_SETTING));
+        key -> SecureSetting.secureString(key, null));
 
     /** The socket timeout for connecting to s3. */
     static final Setting.AffixSetting<TimeValue> READ_TIMEOUT_SETTING = Setting.affixKeySetting(PREFIX, "read_timeout",
@@ -142,10 +141,10 @@ class S3ClientSettings {
     // pkg private for tests
     /** Parse settings for a single client. */
     static S3ClientSettings getClientSettings(Settings settings, String clientName) {
-        try (SecureString accessKey = getConfigValue(settings, clientName, ACCESS_KEY_SETTING, S3Repository.Repositories.KEY_SETTING);
-             SecureString secretKey = getConfigValue(settings, clientName, SECRET_KEY_SETTING, S3Repository.Repositories.SECRET_SETTING);
-             SecureString proxyUsername = getConfigValue(settings, clientName, PROXY_USERNAME_SETTING, CLOUD_S3.PROXY_USERNAME_SETTING);
-             SecureString proxyPassword = getConfigValue(settings, clientName, PROXY_PASSWORD_SETTING, CLOUD_S3.PROXY_PASSWORD_SETTING)) {
+        try (SecureString accessKey = getConfigValue(settings, clientName, ACCESS_KEY_SETTING);
+             SecureString secretKey = getConfigValue(settings, clientName, SECRET_KEY_SETTING);
+             SecureString proxyUsername = getConfigValue(settings, clientName, PROXY_USERNAME_SETTING);
+             SecureString proxyPassword = getConfigValue(settings, clientName, PROXY_PASSWORD_SETTING)) {
             BasicAWSCredentials credentials = null;
             if (accessKey.length() != 0) {
                 if (secretKey.length() != 0) {
@@ -158,26 +157,21 @@ class S3ClientSettings {
             }
             return new S3ClientSettings(
                 credentials,
-                getConfigValue(settings, clientName, ENDPOINT_SETTING, S3Repository.Repositories.ENDPOINT_SETTING),
-                getConfigValue(settings, clientName, PROTOCOL_SETTING, S3Repository.Repositories.PROTOCOL_SETTING),
-                getConfigValue(settings, clientName, PROXY_HOST_SETTING, AwsS3Service.CLOUD_S3.PROXY_HOST_SETTING),
-                getConfigValue(settings, clientName, PROXY_PORT_SETTING, AwsS3Service.CLOUD_S3.PROXY_PORT_SETTING),
+                getConfigValue(settings, clientName, ENDPOINT_SETTING),
+                getConfigValue(settings, clientName, PROTOCOL_SETTING),
+                getConfigValue(settings, clientName, PROXY_HOST_SETTING),
+                getConfigValue(settings, clientName, PROXY_PORT_SETTING),
                 proxyUsername.toString(),
                 proxyPassword.toString(),
-                (int)getConfigValue(settings, clientName, READ_TIMEOUT_SETTING, AwsS3Service.CLOUD_S3.READ_TIMEOUT).millis()
+                (int)getConfigValue(settings, clientName, READ_TIMEOUT_SETTING).millis()
             );
         }
     }
 
     private static <T> T getConfigValue(Settings settings, String clientName,
-                                        Setting.AffixSetting<T> clientSetting,
-                                        Setting<T> globalSetting) {
+                                        Setting.AffixSetting<T> clientSetting) {
         Setting<T> concreteSetting = clientSetting.getConcreteSettingForNamespace(clientName);
-        if (concreteSetting.exists(settings)) {
-            return concreteSetting.get(settings);
-        } else {
-            return globalSetting.get(settings);
-        }
+        return concreteSetting.get(settings);
     }
 
 }

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Repository.java

@@ -19,31 +19,24 @@
 
 package org.elasticsearch.repositories.s3;
 
+import java.io.IOException;
+
 import com.amazonaws.ClientConfiguration;
-import com.amazonaws.Protocol;
 import com.amazonaws.services.s3.AmazonS3;
-import org.elasticsearch.repositories.s3.AwsS3Service.CLOUD_S3;
 import org.elasticsearch.cluster.metadata.RepositoryMetaData;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.blobstore.BlobPath;
 import org.elasticsearch.common.blobstore.BlobStore;
-import org.elasticsearch.common.settings.SecureSetting;
-import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.common.settings.Setting;
-import org.elasticsearch.common.settings.Setting.AffixSetting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.ByteSizeUnit;
 import org.elasticsearch.common.unit.ByteSizeValue;
-import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.common.xcontent.NamedXContentRegistry;
 import org.elasticsearch.monitor.jvm.JvmInfo;
 import org.elasticsearch.repositories.RepositoryException;
 import org.elasticsearch.repositories.blobstore.BlobStoreRepository;
 
-import java.io.IOException;
-import java.util.Locale;
-
 /**
  * Shared file system implementation of the BlobStoreRepository
  * <p>
@@ -65,32 +58,6 @@ class S3Repository extends BlobStoreRepository {
      * NOTE: These are legacy settings. Use the named client config settings above.
      */
     public interface Repositories {
-        /**
-         * repositories.s3.access_key: AWS Access key specific for all S3 Repositories API calls. Defaults to cloud.aws.s3.access_key.
-         * @see CLOUD_S3#KEY_SETTING
-         */
-        Setting<SecureString> KEY_SETTING = new Setting<>("repositories.s3.access_key", CLOUD_S3.KEY_SETTING, SecureString::new,
-            Property.NodeScope, Property.Filtered, Property.Deprecated);
-
-        /**
-         * repositories.s3.secret_key: AWS Secret key specific for all S3 Repositories API calls. Defaults to cloud.aws.s3.secret_key.
-         * @see CLOUD_S3#SECRET_SETTING
-         */
-        Setting<SecureString> SECRET_SETTING = new Setting<>("repositories.s3.secret_key", CLOUD_S3.SECRET_SETTING, SecureString::new,
-            Property.NodeScope, Property.Filtered, Property.Deprecated);
-
-        /**
-         * repositories.s3.endpoint: Endpoint specific for all S3 Repositories API calls. Defaults to cloud.aws.s3.endpoint.
-         * @see CLOUD_S3#ENDPOINT_SETTING
-         */
-        Setting<String> ENDPOINT_SETTING = new Setting<>("repositories.s3.endpoint", CLOUD_S3.ENDPOINT_SETTING,
-            s -> s.toLowerCase(Locale.ROOT), Property.NodeScope, Property.Deprecated);
-        /**
-         * repositories.s3.protocol: Protocol specific for all S3 Repositories API calls. Defaults to cloud.aws.s3.protocol.
-         * @see CLOUD_S3#PROTOCOL_SETTING
-         */
-        Setting<Protocol> PROTOCOL_SETTING = new Setting<>("repositories.s3.protocol", CLOUD_S3.PROTOCOL_SETTING,
-            s -> Protocol.valueOf(s.toUpperCase(Locale.ROOT)), Property.NodeScope, Property.Deprecated);
         /**
          * repositories.s3.bucket: The name of the bucket to be used for snapshots.
          */
@@ -173,25 +140,9 @@ class S3Repository extends BlobStoreRepository {
      * If undefined, they use the repositories.s3.xxx equivalent setting.
      */
     public interface Repository {
-        Setting<SecureString> KEY_SETTING = new Setting<>("access_key", "", SecureString::new,
-            Property.Filtered, Property.Deprecated);
-
-
-        Setting<SecureString> SECRET_SETTING = new Setting<>("secret_key", "", SecureString::new,
-            Property.Filtered, Property.Deprecated);
 
         Setting<String> BUCKET_SETTING = Setting.simpleString("bucket");
-        /**
-         * endpoint
-         * @see  Repositories#ENDPOINT_SETTING
-         */
-        Setting<String> ENDPOINT_SETTING = Setting.simpleString("endpoint", Property.Deprecated);
-        /**
-         * protocol
-         * @see  Repositories#PROTOCOL_SETTING
-         */
-        Setting<Protocol> PROTOCOL_SETTING = new Setting<>("protocol", "https", s -> Protocol.valueOf(s.toUpperCase(Locale.ROOT)),
-            Property.Deprecated);
+
         /**
          * server_side_encryption
          * @see  Repositories#SERVER_SIDE_ENCRYPTION_SETTING

plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java

@@ -76,13 +76,6 @@ public class S3RepositoryPlugin extends Plugin implements RepositoryPlugin {
             (metadata) -> new S3Repository(metadata, env.settings(), namedXContentRegistry, createStorageService(env.settings())));
     }
 
-    @Override
-    public List<String> getSettingsFilter() {
-        return Arrays.asList(
-            S3Repository.Repository.KEY_SETTING.getKey(),
-            S3Repository.Repository.SECRET_SETTING.getKey());
-    }
-
     @Override
     public List<Setting<?>> getSettings() {
         return Arrays.asList(
@@ -98,33 +91,8 @@ public class S3RepositoryPlugin extends Plugin implements RepositoryPlugin {
             S3ClientSettings.PROXY_PASSWORD_SETTING,
             S3ClientSettings.READ_TIMEOUT_SETTING,
 
-            // Register global cloud aws settings: cloud.aws (might have been registered in ec2 plugin)
-            AwsS3Service.KEY_SETTING,
-            AwsS3Service.SECRET_SETTING,
-            AwsS3Service.PROTOCOL_SETTING,
-            AwsS3Service.PROXY_HOST_SETTING,
-            AwsS3Service.PROXY_PORT_SETTING,
-            AwsS3Service.PROXY_USERNAME_SETTING,
-            AwsS3Service.PROXY_PASSWORD_SETTING,
-            AwsS3Service.READ_TIMEOUT,
-
-            // Register S3 specific settings: cloud.aws.s3
-            AwsS3Service.CLOUD_S3.KEY_SETTING,
-            AwsS3Service.CLOUD_S3.SECRET_SETTING,
-            AwsS3Service.CLOUD_S3.PROTOCOL_SETTING,
-            AwsS3Service.CLOUD_S3.PROXY_HOST_SETTING,
-            AwsS3Service.CLOUD_S3.PROXY_PORT_SETTING,
-            AwsS3Service.CLOUD_S3.PROXY_USERNAME_SETTING,
-            AwsS3Service.CLOUD_S3.PROXY_PASSWORD_SETTING,
-            AwsS3Service.CLOUD_S3.ENDPOINT_SETTING,
-            AwsS3Service.CLOUD_S3.READ_TIMEOUT,
-
             // Register S3 repositories settings: repositories.s3
-            S3Repository.Repositories.KEY_SETTING,
-            S3Repository.Repositories.SECRET_SETTING,
             S3Repository.Repositories.BUCKET_SETTING,
-            S3Repository.Repositories.ENDPOINT_SETTING,
-            S3Repository.Repositories.PROTOCOL_SETTING,
             S3Repository.Repositories.SERVER_SIDE_ENCRYPTION_SETTING,
             S3Repository.Repositories.BUFFER_SIZE_SETTING,
             S3Repository.Repositories.MAX_RETRIES_SETTING,

plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/AbstractS3SnapshotRestoreTest.java

@@ -283,8 +283,6 @@ public abstract class AbstractS3SnapshotRestoreTest extends AbstractAwsTestCase
         PutRepositoryResponse putRepositoryResponse = client.admin().cluster().preparePutRepository("test-repo")
                 .setType("s3").setSettings(Settings.builder()
                     .put(S3Repository.Repository.BASE_PATH_SETTING.getKey(), basePath)
-                    .put(S3Repository.Repository.KEY_SETTING.getKey(), bucketSettings.get("access_key"))
-                    .put(S3Repository.Repository.SECRET_SETTING.getKey(), bucketSettings.get("secret_key"))
                     .put(S3Repository.Repository.BUCKET_SETTING.getKey(), bucketSettings.get("bucket"))
                     ).get();
         assertThat(putRepositoryResponse.isAcknowledged(), equalTo(true));
@@ -300,9 +298,6 @@ public abstract class AbstractS3SnapshotRestoreTest extends AbstractAwsTestCase
         PutRepositoryResponse putRepositoryResponse = client.admin().cluster().preparePutRepository("test-repo")
                 .setType("s3").setSettings(Settings.builder()
                     .put(S3Repository.Repository.BUCKET_SETTING.getKey(), bucketSettings.get("bucket"))
-                    .put(S3Repository.Repository.ENDPOINT_SETTING.getKey(), bucketSettings.get("endpoint"))
-                    .put(S3Repository.Repository.KEY_SETTING.getKey(), bucketSettings.get("access_key"))
-                    .put(S3Repository.Repository.SECRET_SETTING.getKey(), bucketSettings.get("secret_key"))
                     .put(S3Repository.Repository.BASE_PATH_SETTING.getKey(), basePath)
                     ).get();
         assertThat(putRepositoryResponse.isAcknowledged(), equalTo(true));

plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/AwsS3ServiceImplTests.java

@@ -24,7 +24,6 @@ import com.amazonaws.Protocol;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
 import org.elasticsearch.common.settings.MockSecureSettings;
-import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.test.ESTestCase;
 
@@ -35,7 +34,7 @@ public class AwsS3ServiceImplTests extends ESTestCase {
 
     public void testAWSCredentialsWithSystemProviders() {
         S3ClientSettings clientSettings = S3ClientSettings.getClientSettings(Settings.EMPTY, "default");
-        AWSCredentialsProvider credentialsProvider = InternalAwsS3Service.buildCredentials(logger, deprecationLogger, clientSettings, Settings.EMPTY);
+        AWSCredentialsProvider credentialsProvider = InternalAwsS3Service.buildCredentials(logger, clientSettings);
         assertThat(credentialsProvider, instanceOf(InternalAwsS3Service.PrivilegedInstanceProfileCredentialsProvider.class));
     }
 
@@ -58,147 +57,11 @@ public class AwsS3ServiceImplTests extends ESTestCase {
         launchAWSCredentialsWithElasticsearchSettingsTest(repositorySettings, settings, "aws_key", "aws_secret");
     }
 
-    public void testAWSCredentialsWithElasticsearchAwsSettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "aws_key", "aws_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{AwsS3Service.KEY_SETTING, AwsS3Service.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchS3SettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.CLOUD_S3.KEY_SETTING.getKey(), "s3_key")
-            .put(AwsS3Service.CLOUD_S3.SECRET_SETTING.getKey(), "s3_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "s3_key", "s3_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{AwsS3Service.CLOUD_S3.KEY_SETTING, AwsS3Service.CLOUD_S3.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchAwsAndS3SettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .put(AwsS3Service.CLOUD_S3.KEY_SETTING.getKey(), "s3_key")
-            .put(AwsS3Service.CLOUD_S3.SECRET_SETTING.getKey(), "s3_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "s3_key", "s3_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-                AwsS3Service.KEY_SETTING,
-                AwsS3Service.SECRET_SETTING,
-                AwsS3Service.CLOUD_S3.KEY_SETTING,
-                AwsS3Service.CLOUD_S3.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchRepositoriesSettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "repositories_key", "repositories_secret");
-        assertSettingDeprecationsAndWarnings(
-                new Setting<?>[]{S3Repository.Repositories.KEY_SETTING, S3Repository.Repositories.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchAwsAndRepositoriesSettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "repositories_key", "repositories_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-                AwsS3Service.KEY_SETTING,
-                AwsS3Service.SECRET_SETTING,
-                S3Repository.Repositories.KEY_SETTING,
-                S3Repository.Repositories.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchAwsAndS3AndRepositoriesSettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .put(AwsS3Service.CLOUD_S3.KEY_SETTING.getKey(), "s3_key")
-            .put(AwsS3Service.CLOUD_S3.SECRET_SETTING.getKey(), "s3_secret")
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(Settings.EMPTY, settings, "repositories_key", "repositories_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-                AwsS3Service.KEY_SETTING,
-                AwsS3Service.SECRET_SETTING,
-                AwsS3Service.CLOUD_S3.KEY_SETTING,
-                AwsS3Service.CLOUD_S3.SECRET_SETTING,
-                S3Repository.Repositories.KEY_SETTING,
-                S3Repository.Repositories.SECRET_SETTING});
-    }
-
-    public void testAWSCredentialsWithElasticsearchRepositoriesSettingsAndRepositorySettingsBackcompat() {
-        Settings repositorySettings = generateRepositorySettings("repository_key", "repository_secret", null, null);
-        Settings settings = Settings.builder()
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(repositorySettings, settings, "repository_key", "repository_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-            S3Repository.Repositories.KEY_SETTING,
-            S3Repository.Repositories.SECRET_SETTING,
-            S3Repository.Repository.KEY_SETTING,
-            S3Repository.Repository.SECRET_SETTING},
-            "Using s3 access/secret key from repository settings. Instead store these in named clients and the elasticsearch keystore for secure settings.");
-    }
-
-    public void testAWSCredentialsWithElasticsearchAwsAndRepositoriesSettingsAndRepositorySettingsBackcompat() {
-        Settings repositorySettings = generateRepositorySettings("repository_key", "repository_secret", null, null);
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(repositorySettings, settings, "repository_key", "repository_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-            AwsS3Service.KEY_SETTING,
-            AwsS3Service.SECRET_SETTING,
-            S3Repository.Repositories.KEY_SETTING,
-            S3Repository.Repositories.SECRET_SETTING,
-            S3Repository.Repository.KEY_SETTING,
-            S3Repository.Repository.SECRET_SETTING},
-            "Using s3 access/secret key from repository settings. Instead store these in named clients and the elasticsearch keystore for secure settings.");
-    }
-
-    public void testAWSCredentialsWithElasticsearchAwsAndS3AndRepositoriesSettingsAndRepositorySettingsBackcompat() {
-        Settings repositorySettings = generateRepositorySettings("repository_key", "repository_secret", null, null);
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.KEY_SETTING.getKey(), "aws_key")
-            .put(AwsS3Service.SECRET_SETTING.getKey(), "aws_secret")
-            .put(AwsS3Service.CLOUD_S3.KEY_SETTING.getKey(), "s3_key")
-            .put(AwsS3Service.CLOUD_S3.SECRET_SETTING.getKey(), "s3_secret")
-            .put(S3Repository.Repositories.KEY_SETTING.getKey(), "repositories_key")
-            .put(S3Repository.Repositories.SECRET_SETTING.getKey(), "repositories_secret")
-            .build();
-        launchAWSCredentialsWithElasticsearchSettingsTest(repositorySettings, settings, "repository_key", "repository_secret");
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-            AwsS3Service.KEY_SETTING,
-            AwsS3Service.SECRET_SETTING,
-            AwsS3Service.CLOUD_S3.KEY_SETTING,
-            AwsS3Service.CLOUD_S3.SECRET_SETTING,
-            S3Repository.Repositories.KEY_SETTING,
-            S3Repository.Repositories.SECRET_SETTING,
-            S3Repository.Repository.KEY_SETTING,
-            S3Repository.Repository.SECRET_SETTING},
-            "Using s3 access/secret key from repository settings. Instead store these in named clients and the elasticsearch keystore for secure settings.");
-    }
-
-    protected void launchAWSCredentialsWithElasticsearchSettingsTest(Settings singleRepositorySettings, Settings settings,
+    private void launchAWSCredentialsWithElasticsearchSettingsTest(Settings singleRepositorySettings, Settings settings,
                                                                      String expectedKey, String expectedSecret) {
         String configName = InternalAwsS3Service.CLIENT_NAME.get(singleRepositorySettings);
         S3ClientSettings clientSettings = S3ClientSettings.getClientSettings(settings, configName);
-        AWSCredentials credentials = InternalAwsS3Service
-            .buildCredentials(logger, deprecationLogger, clientSettings, singleRepositorySettings)
-            .getCredentials();
+        AWSCredentials credentials = InternalAwsS3Service.buildCredentials(logger, clientSettings).getCredentials();
         assertThat(credentials.getAWSAccessKeyId(), is(expectedKey));
         assertThat(credentials.getAWSSecretKey(), is(expectedSecret));
     }
@@ -223,58 +86,6 @@ public class AwsS3ServiceImplTests extends ESTestCase {
             "aws_proxy_password", 3, false, 10000);
     }
 
-    public void testAWSConfigurationWithAwsSettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.PROTOCOL_SETTING.getKey(), "http")
-            .put(AwsS3Service.PROXY_HOST_SETTING.getKey(), "aws_proxy_host")
-            .put(AwsS3Service.PROXY_PORT_SETTING.getKey(), 8080)
-            .put(AwsS3Service.PROXY_USERNAME_SETTING.getKey(), "aws_proxy_username")
-            .put(AwsS3Service.PROXY_PASSWORD_SETTING.getKey(), "aws_proxy_password")
-            .put(AwsS3Service.READ_TIMEOUT.getKey(), "10s")
-            .build();
-        launchAWSConfigurationTest(settings, Settings.EMPTY, Protocol.HTTP, "aws_proxy_host", 8080, "aws_proxy_username",
-            "aws_proxy_password", 3, false, 10000);
-         assertSettingDeprecationsAndWarnings(new Setting<?>[]{
-                AwsS3Service.PROXY_USERNAME_SETTING,
-                AwsS3Service.PROXY_PASSWORD_SETTING,
-                AwsS3Service.PROTOCOL_SETTING,
-                AwsS3Service.PROXY_HOST_SETTING,
-                AwsS3Service.PROXY_PORT_SETTING,
-                AwsS3Service.READ_TIMEOUT});
-    }
-
-    public void testAWSConfigurationWithAwsAndS3SettingsBackcompat() {
-        Settings settings = Settings.builder()
-            .put(AwsS3Service.PROTOCOL_SETTING.getKey(), "http")
-            .put(AwsS3Service.PROXY_HOST_SETTING.getKey(), "aws_proxy_host")
-            .put(AwsS3Service.PROXY_PORT_SETTING.getKey(), 8080)
-            .put(AwsS3Service.PROXY_USERNAME_SETTING.getKey(), "aws_proxy_username")
-            .put(AwsS3Service.PROXY_PASSWORD_SETTING.getKey(), "aws_proxy_password")
-            .put(AwsS3Service.READ_TIMEOUT.getKey(), "5s")
-            .put(AwsS3Service.CLOUD_S3.PROTOCOL_SETTING.getKey(), "https")
-            .put(AwsS3Service.CLOUD_S3.PROXY_HOST_SETTING.getKey(), "s3_proxy_host")
-            .put(AwsS3Service.CLOUD_S3.PROXY_PORT_SETTING.getKey(), 8081)
-            .put(AwsS3Service.CLOUD_S3.PROXY_USERNAME_SETTING.getKey(), "s3_proxy_username")
-            .put(AwsS3Service.CLOUD_S3.PROXY_PASSWORD_SETTING.getKey(), "s3_proxy_password")
-            .put(AwsS3Service.CLOUD_S3.READ_TIMEOUT.getKey(), "10s")
-            .build();
-        launchAWSConfigurationTest(settings, Settings.EMPTY, Protocol.HTTPS, "s3_proxy_host", 8081, "s3_proxy_username",
-            "s3_proxy_password", 3, false, 10000);
-         assertSettingDeprecationsAndWarnings(new Setting<?>[] {
-                AwsS3Service.PROXY_USERNAME_SETTING,
-                AwsS3Service.PROXY_PASSWORD_SETTING,
-                AwsS3Service.PROTOCOL_SETTING,
-                AwsS3Service.PROXY_HOST_SETTING,
-                AwsS3Service.PROXY_PORT_SETTING,
-                AwsS3Service.READ_TIMEOUT,
-                AwsS3Service.CLOUD_S3.PROXY_USERNAME_SETTING,
-                AwsS3Service.CLOUD_S3.PROXY_PASSWORD_SETTING,
-                AwsS3Service.CLOUD_S3.PROTOCOL_SETTING,
-                AwsS3Service.CLOUD_S3.PROXY_HOST_SETTING,
-                AwsS3Service.CLOUD_S3.PROXY_PORT_SETTING,
-                AwsS3Service.CLOUD_S3.READ_TIMEOUT});
-    }
-
     public void testGlobalMaxRetries() {
         Settings settings = Settings.builder()
             .put(S3Repository.Repositories.MAX_RETRIES_SETTING.getKey(), 10)
@@ -284,7 +95,7 @@ public class AwsS3ServiceImplTests extends ESTestCase {
     }
 
     public void testRepositoryMaxRetries() {
-        Settings repositorySettings = generateRepositorySettings(null, null, null, 20);
+        Settings repositorySettings = generateRepositorySettings(20);
         Settings settings = Settings.builder()
             .put(S3Repository.Repositories.MAX_RETRIES_SETTING.getKey(), 10)
             .build();
@@ -292,7 +103,7 @@ public class AwsS3ServiceImplTests extends ESTestCase {
             null, 20, false, 50000);
     }
 
-    protected void launchAWSConfigurationTest(Settings settings,
+    private void launchAWSConfigurationTest(Settings settings,
                                               Settings singleRepositorySettings,
                                               Protocol expectedProtocol,
                                               String expectedProxyHost,
@@ -308,8 +119,7 @@ public class AwsS3ServiceImplTests extends ESTestCase {
             S3Repository.Repository.USE_THROTTLE_RETRIES_SETTING, S3Repository.Repositories.USE_THROTTLE_RETRIES_SETTING);
 
         S3ClientSettings clientSettings = S3ClientSettings.getClientSettings(settings, "default");
-        ClientConfiguration configuration = InternalAwsS3Service.buildConfiguration(logger, clientSettings,
-            singleRepositorySettings, maxRetries, null, useThrottleRetries);
+        ClientConfiguration configuration = InternalAwsS3Service.buildConfiguration(clientSettings, maxRetries, useThrottleRetries);
 
         assertThat(configuration.getResponseMetadataCacheSize(), is(0));
         assertThat(configuration.getProtocol(), is(expectedProtocol));
@@ -322,52 +132,25 @@ public class AwsS3ServiceImplTests extends ESTestCase {
         assertThat(configuration.getSocketTimeout(), is(expectedReadTimeout));
     }
 
-    private static Settings generateRepositorySettings(String key, String secret, String endpoint, Integer maxRetries) {
+    private static Settings generateRepositorySettings(Integer maxRetries) {
         Settings.Builder builder = Settings.builder();
-        if (endpoint != null) {
-            builder.put(S3Repository.Repository.ENDPOINT_SETTING.getKey(), endpoint);
-        }
-        if (key != null) {
-            builder.put(S3Repository.Repository.KEY_SETTING.getKey(), key);
-        }
-        if (secret != null) {
-            builder.put(S3Repository.Repository.SECRET_SETTING.getKey(), secret);
-        }
         if (maxRetries != null) {
             builder.put(S3Repository.Repository.MAX_RETRIES_SETTING.getKey(), maxRetries);
         }
         return builder.build();
     }
 
-    public void testDefaultEndpoint() {
-        assertEndpoint(generateRepositorySettings("repository_key", "repository_secret", null, null), Settings.EMPTY, "");
-    }
-
     public void testEndpointSetting() {
         Settings settings = Settings.builder()
             .put("s3.client.default.endpoint", "s3.endpoint")
             .build();
-        assertEndpoint(generateRepositorySettings("repository_key", "repository_secret", null, null), settings, "s3.endpoint");
-    }
-
-    public void testEndpointSettingBackcompat() {
-        assertEndpoint(generateRepositorySettings("repository_key", "repository_secret", "repository.endpoint", null),
-            Settings.EMPTY, "repository.endpoint");
-         assertSettingDeprecationsAndWarnings(new Setting<?>[]{S3Repository.Repository.ENDPOINT_SETTING});
-        Settings settings = Settings.builder()
-            .put(S3Repository.Repositories.ENDPOINT_SETTING.getKey(), "repositories.endpoint")
-            .build();
-        assertEndpoint(generateRepositorySettings("repository_key", "repository_secret", null, null), settings,
-            "repositories.endpoint");
-         assertSettingDeprecationsAndWarnings(new Setting<?>[]{S3Repository.Repositories.ENDPOINT_SETTING});
+        assertEndpoint(Settings.EMPTY, settings, "s3.endpoint");
     }
 
-    private void assertEndpoint(Settings repositorySettings, Settings settings,
-                                  String expectedEndpoint) {
+    private void assertEndpoint(Settings repositorySettings, Settings settings, String expectedEndpoint) {
         String configName = InternalAwsS3Service.CLIENT_NAME.get(repositorySettings);
         S3ClientSettings clientSettings = S3ClientSettings.getClientSettings(settings, configName);
-        String foundEndpoint = InternalAwsS3Service.findEndpoint(logger, clientSettings, repositorySettings);
-        assertThat(foundEndpoint, is(expectedEndpoint));
+        assertThat(clientSettings.endpoint, is(expectedEndpoint));
     }
 
 }

plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/S3RepositoryTests.java

@@ -65,21 +65,6 @@ public class S3RepositoryTests extends ESTestCase {
         }
     }
 
-    public void testSettingsResolution() throws Exception {
-        Settings localSettings = Settings.builder().put(Repository.KEY_SETTING.getKey(), "key1").build();
-        Settings globalSettings = Settings.builder().put(Repositories.KEY_SETTING.getKey(), "key2").build();
-
-        assertEquals(new SecureString("key1".toCharArray()),
-                     getValue(localSettings, globalSettings, Repository.KEY_SETTING, Repositories.KEY_SETTING));
-        assertEquals(new SecureString("key1".toCharArray()),
-                     getValue(localSettings, Settings.EMPTY, Repository.KEY_SETTING, Repositories.KEY_SETTING));
-        assertEquals(new SecureString("key2".toCharArray()),
-                     getValue(Settings.EMPTY, globalSettings, Repository.KEY_SETTING, Repositories.KEY_SETTING));
-        assertEquals(new SecureString("".toCharArray()),
-                     getValue(Settings.EMPTY, Settings.EMPTY, Repository.KEY_SETTING, Repositories.KEY_SETTING));
-        assertSettingDeprecationsAndWarnings(new Setting<?>[]{Repository.KEY_SETTING, Repositories.KEY_SETTING});
-    }
-
     public void testInvalidChunkBufferSizeSettings() throws IOException {
         // chunk < buffer should fail
         assertInvalidBuffer(10, 5, RepositoryException.class, "chunk_size (5mb) can't be lower than buffer_size (10mb).");