-
Notifications
You must be signed in to change notification settings - Fork 83
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add additional logic for es restriction from airflow (#2159)
* add additional logic for es restriction from airflow * move common templates * Update charts/external-es-proxy/templates/_helpers.tpl Co-authored-by: Daniel Hoherd <daniel.hoherd@gmail.com> * rename helperts * update templates * add base test cases * add tests * fix line endings * fix failures * update conf * fix namespace in test conf * rework test cases --------- Co-authored-by: Daniel Hoherd <daniel.hoherd@gmail.com>
- Loading branch information
1 parent
0151414
commit 7753d46
Showing
6 changed files
with
224 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
76 changes: 76 additions & 0 deletions
76
tests/chart_tests/test_data/default-external-es-nginx.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
worker_processes 1; | ||
pid /tmp/nginx.pid; | ||
events { worker_connections 1024; } | ||
error_log /dev/stdout info; | ||
env ES_SECRET; | ||
env ES_SECRET_NAME; | ||
|
||
http { | ||
access_log /dev/stdout; | ||
client_max_body_size 1024M; | ||
|
||
server { | ||
listen 9200; | ||
auth_request /auth; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "Keep-Alive"; | ||
proxy_set_header Proxy-Connection "Keep-Alive"; | ||
|
||
# The following "location" rules limit airflow interactions to only their indices. Any further | ||
# additions should follow this pattern. | ||
location ~* /_count$ { | ||
rewrite /_count(.*) /fluentd.$remote_user.*/_count$1 break; | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
|
||
location ~* /_bulk$ { | ||
rewrite /_bulk(.*) /fluentd.$remote_user.*/_bulk$1 break; | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
|
||
location = /_search { | ||
# This combined with disabling explicit index searching downstream | ||
# prevents any deployment from being able to query any other indexes. | ||
rewrite ^/(.*) /fluentd.$remote_user.*/$1 break; | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
|
||
location = /auth { | ||
internal; | ||
proxy_pass http://release-name-houston.default:8871/v1/elasticsearch; | ||
proxy_set_header Content-Length ""; | ||
proxy_set_header X-Original-URI $request_uri; | ||
} | ||
|
||
location = /_cluster/state/version { | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
|
||
location = /_cluster/health { | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
|
||
} | ||
server { | ||
listen 9201; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "Keep-Alive"; | ||
proxy_set_header Proxy-Connection "Keep-Alive"; | ||
|
||
location ~ ^/ { | ||
access_by_lua_file /usr/local/openresty/nginx/conf/setenv.lua; | ||
proxy_pass https://esdemo.example.com:; | ||
proxy_ssl_verify off; | ||
} | ||
} | ||
} |
64 changes: 64 additions & 0 deletions
64
tests/chart_tests/test_data/external-es-nginx-with-aws-secrets.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
worker_processes 1; | ||
pid /tmp/nginx.pid; | ||
events { worker_connections 1024; } | ||
error_log /dev/stdout info; | ||
env ES_SECRET; | ||
env ES_SECRET_NAME; | ||
|
||
http { | ||
access_log /dev/stdout; | ||
client_max_body_size 1024M; | ||
|
||
server { | ||
listen 9200; | ||
auth_request /auth; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "Keep-Alive"; | ||
proxy_set_header Proxy-Connection "Keep-Alive"; | ||
|
||
# The following "location" rules limit airflow interactions to only their indices. Any further | ||
# additions should follow this pattern. | ||
location ~* /_count$ { | ||
rewrite /_count(.*) /fluentd.$remote_user.*/_count$1 break; | ||
proxy_pass http://localhost:9203; | ||
} | ||
|
||
location ~* /_bulk$ { | ||
rewrite /_bulk(.*) /fluentd.$remote_user.*/_bulk$1 break; | ||
proxy_pass http://localhost:9203; | ||
} | ||
|
||
location = /_search { | ||
# This combined with disabling explicit index searching downstream | ||
# prevents any deployment from being able to query any other indexes. | ||
rewrite ^/(.*) /fluentd.$remote_user.*/$1 break; | ||
proxy_pass http://localhost:9203; | ||
} | ||
|
||
location = /auth { | ||
internal; | ||
proxy_pass http://release-name-houston.default:8871/v1/elasticsearch; | ||
proxy_set_header Content-Length ""; | ||
proxy_set_header X-Original-URI $request_uri; | ||
} | ||
|
||
location = /_cluster/state/version { | ||
proxy_pass http://localhost:9203; | ||
} | ||
|
||
location = /_cluster/health { | ||
proxy_pass http://localhost:9203; | ||
} | ||
|
||
} | ||
server { | ||
listen 9201; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "Keep-Alive"; | ||
proxy_set_header Proxy-Connection "Keep-Alive"; | ||
|
||
location ~ ^/ { | ||
proxy_pass http://localhost:9203; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters