New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow refreshing Geo-Location Processor files from an S3 bucket #13204
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really awesome @kingzacko1 ! I was able to test successfully with the environment variables option.
I noticed one thing I left a comment about. I think your last push might have actually fixed it, but I'll leave it there for your consideration. I'll keep testing this as well this week.
graylog2-server/src/main/java/org/graylog/plugins/map/config/S3GeoIpFileService.java
Outdated
Show resolved
Hide resolved
graylog2-server/src/main/java/org/graylog/plugins/map/config/S3GeoIpFileService.java
Outdated
Show resolved
Hide resolved
graylog2-web-interface/src/components/maps/configurations/GeoIpResolverConfig.tsx
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome @kingzacko1, and it delivers a lot of value by allowing those GeoLocation files to be refreshed dynamically. I also like how it fits in nicely within the existing Geo service framework and config.
I also think it would be beneficial to add some tests around the new S3 parts, since there is some specific business logic additions.
graylog2-server/src/main/java/org/graylog/plugins/map/config/GeoIpProcessorConfig.java
Outdated
Show resolved
Hide resolved
graylog2-server/src/main/java/org/graylog/plugins/map/config/S3GeoIpFileService.java
Outdated
Show resolved
Hide resolved
graylog2-server/src/main/java/org/graylog/plugins/map/config/S3GeoIpFileService.java
Outdated
Show resolved
Hide resolved
...log2-server/src/main/java/org/graylog/plugins/map/geoip/GeoIpDbFileChangeMonitorService.java
Show resolved
Hide resolved
Thanks for all the work and updates on this @kingzacko1! Feel free to dismiss my review if y'all get to the point of merging before I am back next Tuesday. |
3d0fbbc
to
6d01560
Compare
While functionally this PR is at a good place to test, I have converted it to a draft while the pom inclusions are worked out so the build size doesn't increase so drastically. Just want to be sure it isn't merged before that is resolved. |
@kingzacko1 |
I definitely think it would be worthwhile to consolidate that duplicated code, but for this particular task we decided on only using the If we wanted to expand on this feature in the future and allow for more customized authentication, we could definitely reuse that |
Thanks for all of the updates @kingzacko1! The code LGTM. I did not have a chance to test this out today unfortunately. But, I will do that first thing on Monday when I am back in the office. Github does not let me dismiss my own review, but feel free to dismiss my review if you get to the point of merging this before then. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Re-ran through some testing just to be safe, and all is as it should be.
0d45e80
to
d755fd9
Compare
Since @ryan-carroll-graylog and I have had our eyes all over this one for awhile now, I am going to wait until you get back in and can give this a final run through @danotorrey. |
Thanks @kingzacko1! Doing the final run-through now... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM and tests successfully. Well done @kingzacko1!
Description
Geo-Location processor city and ASN database files can now be stored in an S3 bucket and pulled onto the Graylog server's filesystem automatically. These changes rely on the AWS SDK DefaultCredentialsProvider and not any settings that may be configured in the Graylog AWS plugin configuration. Using the S3 bucket option is disabled by default and not required. Users who would like to continue to manage their on disk files on their own may continue to do so without making any changes to their processor configuration settings.
Motivation and Context
Currently users must update the database files on each of their Graylog server's filesystems which can be a cumbersome and error prone process. This change allows users to put their files in one place and have their Graylog nodes pull in those files automatically.
How Has This Been Tested?
Tested locally in a development environment using the
default credential profiles file
option for the DefaultCredentialsProvider (see AWS documentation). Will continue testing with the other options to confirm they work as well.Screenshots (if appropriate):
Types of changes
Checklist: