Allow "verify": "false" attribute

[ghost]

While setting up a test node to read from an S3 bucket with snapshots on it, I hit a problem in the setup because ES was trying to write to the bucket.

This is a production backup bucket which I wanted to restore into a test node for investigation. I gave the test node restricted read-only access to S3 to avoid any accidental data loss.

Here is a Google Group thread where this was discussed: https://groups.google.com/d/msg/elasticsearch/XNI3z1AEKlQ/9D9vd9H9VxEJ (I'm linking to the specific relevant message in the thread).

The example is:

$ curl -XPUT 'http://localhost:9200/_snapshot/amos0' -d '{
  "type":"s3",
  "settings": {
    "region": "ap-southeast-1",
    "bucket": "prod-es-backup",
    "base_path": "elasticsearch/dev/snapshots0",
    "verify": "false"
  }
}'
{"error":"RepositoryVerificationException[[amos0] path [elasticsearch][dev][snapshots0] is not accessible on master node]; nested: IOException[Unable to upload object elasticsearch/dev/snapshots0/tests-ng9f5N6tTm6HZhrGF9s8aQ-master]; nested: AmazonS3Exception[Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 7F3DE23BB617FFF4)]; ","status":500}

It would be useful to skip the write access verification step. The default "fs" plugin already have a "verify: false" option so it might make sense to use the same flag here.

[dadoonet]

Hi @amos-stan

We double checked and actually there is an issue in the elasticsearch core documentation about this. This verify option is available whatever the storage you are using.

But it's a URL attribute. So you should do something like:

$ curl -XPUT 'http://localhost:9200/_snapshot/amos0?verify=false' -d '{
  "type":"s3",
  "settings": {
    "region": "ap-southeast-1",
    "bucket": "prod-es-backup",
    "base_path": "elasticsearch/dev/snapshots0"
  }
}'

Thanks for reporting this and for the tests BTW.

Closing.