This commit remove the block for user to set invalid Signer Type.

Instead of throw an exception, this change log a warning message
and accept any signer type.

docs/plugins/discovery-ec2.asciidoc

@@ -110,11 +110,11 @@ The available values are:
 * `cn-north` (`cn-north-1`)
 
 [[discovery-ec2-usage-signer]]
-===== EC2/S3 Signer API
+===== EC2 Signer API
 
-If you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests.
-You can set your compatible signer API using `cloud.aws.signer` (or `cloud.aws.ec2.signer` and `cloud.aws.s3.signer`)
-with the right signer to use. Defaults to `AWS4SignerType`.
+If you are using a compatible EC2 service, they might be using an older API to sign the requests.
+You can set your compatible signer API using `cloud.aws.signer` (or `cloud.aws.ec2.signer`)
+with the right signer to use.
 
 [[discovery-ec2-discovery]]
 ==== EC2 Discovery

docs/plugins/repository-s3.asciidoc

@@ -113,11 +113,14 @@ The available values are:
 * `cn-north` (`cn-north-1`)
 
 [[repository-s3-usage-signer]]
-===== EC2/S3 Signer API
+===== S3 Signer API
 
-If you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests.
-You can set your compatible signer API using `cloud.aws.signer` (or `cloud.aws.ec2.signer` and `cloud.aws.s3.signer`)
-with the right signer to use. Defaults to `AWS4SignerType`.
+If you are using a S3 compatible service, they might be using an older API to sign the requests.
+You can set your compatible signer API using `cloud.aws.signer` (or `cloud.aws.s3.signer`) with the right
+signer to use.
+
+If you are using a compatible S3 service which do not support Version 4 signing process, you may need to
+use `S3SignerType`, which is Signature Version 2.
 
 [[repository-s3-repository]]
 ==== S3 Repository

plugins/discovery-ec2/src/main/java/org/elasticsearch/cloud/aws/AwsEc2Service.java

@@ -99,11 +99,7 @@ public class AwsEc2Service extends AbstractLifecycleComponent<AwsEc2Service> {
         String awsSigner = settings.get("cloud.aws.ec2.signer", settings.get("cloud.aws.signer"));
         if (awsSigner != null) {
             logger.debug("using AWS API signer [{}]", awsSigner);
-            try {
-                AwsSigner.configureSigner(awsSigner, clientConfiguration);
-            } catch (IllegalArgumentException e) {
-                logger.warn("wrong signer set for [cloud.aws.ec2.signer] or [cloud.aws.signer]: [{}]", awsSigner);
-            }
+            AwsSigner.configureSigner(awsSigner, clientConfiguration);
         }
 
         AWSCredentialsProvider credentials;

plugins/discovery-ec2/src/main/java/org/elasticsearch/cloud/aws/AwsSigner.java

@@ -21,22 +21,18 @@ package org.elasticsearch.cloud.aws;
 
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.auth.SignerFactory;
+import org.elasticsearch.common.logging.ESLogger;
+import org.elasticsearch.common.logging.Loggers;
 
 public class AwsSigner {
 
+    private static final ESLogger logger = Loggers.getLogger(AwsSigner.class);
+
     private AwsSigner() {
 
     }
 
-    /**
-     * Add a AWS API Signer.
-     * @param signer Signer to use
-     * @param configuration AWS Client configuration
-     * @throws IllegalArgumentException if signer does not exist
-     */
-    public static void configureSigner(String signer, ClientConfiguration configuration)
-        throws IllegalArgumentException {
-
+    protected static void validateSignerType(String signer) throws IllegalArgumentException {
         if (signer == null) {
             throw new IllegalArgumentException("[null] signer set");
         }
@@ -45,9 +41,23 @@ public class AwsSigner {
             // We check this signer actually exists in AWS SDK
             // It throws a IllegalArgumentException if not found
             SignerFactory.getSignerByTypeAndService(signer, null);
-            configuration.setSignerOverride(signer);
         } catch (IllegalArgumentException e) {
             throw new IllegalArgumentException("wrong signer set [" + signer + "]");
         }
     }
+
+    /**
+     * Add a AWS API Signer.
+     * @param signer Signer to use
+     * @param configuration AWS Client configuration
+     */
+    public static void configureSigner(String signer, ClientConfiguration configuration) {
+        try {
+            validateSignerType(signer);
+        } catch (IllegalArgumentException e) {
+            logger.warn(e.getMessage());
+        }
+
+        configuration.setSignerOverride(signer);
+    }
 }

plugins/discovery-ec2/src/test/java/org/elasticsearch/cloud/aws/AWSSignersTests.java

@@ -35,6 +35,15 @@ public class AWSSignersTests extends ESTestCase {
         assertThat(signerTester("AWS4SignerType"), is(true));
         assertThat(signerTester("NoOpSignerType"), is(true));
         assertThat(signerTester("UndefinedSigner"), is(false));
+
+        assertThat(signerTester("S3SignerType"), is(false));
+        assertThat(signerTester("AWSS3V4SignerType"), is(false));
+
+        ClientConfiguration configuration = new ClientConfiguration();
+        AwsSigner.configureSigner("AWS4SignerType", configuration);
+        assertEquals(configuration.getSignerOverride(), "AWS4SignerType");
+        AwsSigner.configureSigner("AWS3SignerType", configuration);
+        assertEquals(configuration.getSignerOverride(), "AWS3SignerType");
     }
 
     /**
@@ -44,7 +53,7 @@ public class AWSSignersTests extends ESTestCase {
      */
     private boolean signerTester(String signer) {
         try {
-            AwsSigner.configureSigner(signer, new ClientConfiguration());
+            AwsSigner.validateSignerType(signer);
             return true;
         } catch (IllegalArgumentException e) {
             return false;

plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/AwsSigner.java

@@ -21,33 +21,53 @@ package org.elasticsearch.cloud.aws;
 
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.auth.SignerFactory;
+import org.elasticsearch.common.logging.ESLogger;
+import org.elasticsearch.common.logging.Loggers;
 
 public class AwsSigner {
 
+    private static final ESLogger logger = Loggers.getLogger(AwsSigner.class);
+
     private AwsSigner() {
 
     }
 
+    protected static void validateSignerType(String signer, String endpoint) {
+        if (signer == null) {
+            throw new IllegalArgumentException("[null] signer set");
+        }
+
+        // do not block user to any signerType
+        switch (signer) {
+            case "S3SignerType":
+                if (endpoint.equals("s3.cn-north-1.amazonaws.com.cn") || endpoint.equals("s3.eu-central-1.amazonaws.com")) {
+                    throw new IllegalArgumentException("[S3SignerType] may not be supported in aws Beijing and Frankfurt region");
+                }
+                break;
+            case "AWSS3V4SignerType":
+                break;
+            default:
+                try {
+                    SignerFactory.getSignerByTypeAndService(signer, null);
+                } catch (IllegalArgumentException e) {
+                    throw new IllegalArgumentException("[" + signer + "] may not be supported");
+                }
+        }
+    }
+
     /**
      * Add a AWS API Signer.
      * @param signer Signer to use
      * @param configuration AWS Client configuration
-     * @throws IllegalArgumentException if signer does not exist
      */
-    public static void configureSigner(String signer, ClientConfiguration configuration)
-        throws IllegalArgumentException {
-
-        if (signer == null) {
-            throw new IllegalArgumentException("[null] signer set");
-        }
-
+    public static void configureSigner(String signer, ClientConfiguration configuration, String endpoint) {
         try {
-            // We check this signer actually exists in AWS SDK
-            // It throws a IllegalArgumentException if not found
-            SignerFactory.getSignerByTypeAndService(signer, null);
-            configuration.setSignerOverride(signer);
+            validateSignerType(signer, endpoint);
         } catch (IllegalArgumentException e) {
-            throw new IllegalArgumentException("wrong signer set [" + signer + "]");
+            logger.warn(e.getMessage());
         }
+
+        configuration.setSignerOverride(signer);
     }
+
 }

plugins/repository-s3/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java

@@ -134,11 +134,7 @@ public class InternalAwsS3Service extends AbstractLifecycleComponent<AwsS3Servic
         String awsSigner = settings.get("cloud.aws.s3.signer", settings.get("cloud.aws.signer"));
         if (awsSigner != null) {
             logger.debug("using AWS API signer [{}]", awsSigner);
-            try {
-                AwsSigner.configureSigner(awsSigner, clientConfiguration);
-            } catch (IllegalArgumentException e) {
-                logger.warn("wrong signer set for [cloud.aws.s3.signer] or [cloud.aws.signer]: [{}]", awsSigner);
-            }
+            AwsSigner.configureSigner(awsSigner, clientConfiguration, endpoint);
         }
 
         AWSCredentialsProvider credentials;

plugins/repository-s3/src/test/java/org/elasticsearch/cloud/aws/AWSSignersTests.java

@@ -35,8 +35,33 @@ public class AWSSignersTests extends ESTestCase {
         assertThat(signerTester("AWS4SignerType"), is(true));
         assertThat(signerTester("NoOpSignerType"), is(true));
         assertThat(signerTester("UndefinedSigner"), is(false));
+        assertThat(signerTester("S3SignerType"), is(true));
+        assertThat(signerTester("AWSS3V4SignerType"), is(true));
+
+        ClientConfiguration configuration = new ClientConfiguration();
+        AwsSigner.configureSigner("AWS4SignerType", configuration, "any");
+        assertEquals(configuration.getSignerOverride(), "AWS4SignerType");
+        AwsSigner.configureSigner("S3SignerType", configuration, "any");
+        assertEquals(configuration.getSignerOverride(), "S3SignerType");
     }
 
+    public void testV2InInvalidRegion() {
+        try {
+            AwsSigner.validateSignerType("S3SignerType", "s3.cn-north-1.amazonaws.com.cn");
+            fail("S3SignerType should not be available for China region");
+        } catch (IllegalArgumentException e) {
+            assertEquals("[S3SignerType] may not be supported in aws Beijing and Frankfurt region", e.getMessage());
+        }
+
+        try {
+            AwsSigner.validateSignerType("S3SignerType", "s3.eu-central-1.amazonaws.com");
+            fail("S3SignerType should not be available for Frankfurt region");
+        } catch (IllegalArgumentException e) {
+            assertEquals("[S3SignerType] may not be supported in aws Beijing and Frankfurt region", e.getMessage());
+        }
+    }
+
+
     /**
      * Test a signer configuration
      * @param signer signer name
@@ -44,7 +69,7 @@ public class AWSSignersTests extends ESTestCase {
      */
     private boolean signerTester(String signer) {
         try {
-            AwsSigner.configureSigner(signer, new ClientConfiguration());
+            AwsSigner.validateSignerType(signer, "s3.amazonaws.com");
             return true;
         } catch (IllegalArgumentException e) {
             return false;