Config S3 snapshot repository using API

[sherry-ger]

The S3 snapshot repository uses IAM role credential that can be specified in the elasticsearch.yml file, system properties, or environment variables. However, there are occasions when none of these is available to a user. For example, when using DC/OS elastic package. It would be great to be able to set them via the APIs. Further, to be able to specify all repository settings dynamically would be very desirable as we can bypass a cluster restart for the settings to take effect.

[jasonrjy]

#26248
As you can see from the link above, it seems not to be right now.

Also, I think that if you can handle all the repositories dynamically, you can prevent the cluster from restarting every time you specify a repository.

String source = "{\n" +
" "transient" : {\n" +
" "path.repo" : [" C:\temp " ]\n" +
" }\n" +
"}";
It is likely to be implemented through this code. However, this seems to have been blocked by ES due to security issues.

[tlrx]

In the recent versions of Elasticsearch, we don't allow any secret to be specified using the REST API, Java API or directly in the elasticsearch configuration file. Instead, any secret must be defined in the Elasticsearch Keystore (see documentation) as a secured setting.

For now these settings are not reloadable but there is an ongoing effort (#29135) to make them reloadable. This way, the Azure/S3/GCS settings will be updatable in the keystore specified at the elasticsearch startup.

So I'm going to close this issue as we won't allow to specify credentials using the Rest API in the future. Please feel free to add a comment.