-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
storage/cloud: Make it possible to disable external http storage #44900
Conversation
cd784f4
to
5a5f195
Compare
pkg/cli/flags.go
Outdated
@@ -360,6 +403,14 @@ func init() { | |||
// We share the default with the ClientInsecure flag. | |||
BoolFlag(f, &startCtx.serverInsecure, cliflags.ServerInsecure, startCtx.serverInsecure) | |||
|
|||
// Enable/disable various external storage endpoints. | |||
// TODO(yevgeniy): currently we enable all schemas by default, but we should probably |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about this point about defaults -- I think we want s3/gcs/etc to "just work" out of the box, and I think the default is probably to have most of them on. Indeed, I'm sort of inclined to invert the struct fields to be DisableFoo
form so the zero-value is everything on, since flipping one off, like HTTP, is expected to be the exception, not the rule?
I donno, maybe @mwang1026 has thoughts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @mwang1026)
pkg/cli/flags.go, line 407 at r1 (raw file):
Previously, dt (David Taylor) wrote…
I'm not sure about this point about defaults -- I think we want s3/gcs/etc to "just work" out of the box, and I think the default is probably to have most of them on. Indeed, I'm sort of inclined to invert the struct fields to be
DisableFoo
form so the zero-value is everything on, since flipping one off, like HTTP, is expected to be the exception, not the rule?I donno, maybe @mwang1026 has thoughts
I started off with just that... Disable http.
However, I kinda feel like if you want to be paranoid, you might want to disable most of them.
Or at least want to be able to disable any of them...
5a5f195
to
2301067
Compare
If the action is to disable that makes sense to me for it to be |
pkg/storage/cloud/s3_storage.go
Outdated
) (ExternalStorage, error) { | ||
if conf == nil { | ||
return nil, errors.Errorf("s3 upload requested but info missing") | ||
} | ||
region := conf.Region | ||
config := conf.Keys() | ||
if conf.Endpoint != "" { | ||
if ioConf.DisableHTTP { | ||
return nil, errors.New("Custom endpoints disallowed for s3") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: imo this error would be a bit more helpful if it explained why -- that the http disallow flag was the reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
additionally, error messages do not start with a capital - they are not sentences and can be embedded in larger sentences
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
The commit message is a bit messed up:
Check this: https://wiki.crdb.io/wiki/spaces/CRDB/pages/73072807/Git+Commit+Messages |
to external http servers as well as custom http endpoints overrides for cloud storage implementations. Informs cockroachdb#44320 Release note (security update): Make it possible for operators to disable external http access when performing certain operations (BACKUP, IMPORT, etc). The external http access, as well as custom http endpoints, are disabled by providing an --external-io-disable-http flag. This flag provides a light weight option to disable http external access in the environments where running a full fledged proxy server may not be feasible. If running a proxy service is acceptible, operators may choose to start cockroach binary specifying HTTP(s)_PROXY environment setting.
2301067
to
6bb33e6
Compare
bors r+ |
Build succeeded |
44900: storage/cloud: Make it possible to disable external http storage r=miretskiy a=miretskiy Informs cockroachdb#44320 Make it possible to disable external http storage. This change enables the operators to disable access to external http servers as well as custom http endpoints overrides for cloud storage implementations. Release note (security update): Make it possible for operators to disable external http access when performing certain operations (BACKUP, IMPORT, etc). The external http access, as well as custom http endpoints, are disabled by providing an --external-io-disable-http flag. This flag provides a light weight option to disable http external access in the environments where running a full fledged proxy server may not be feasible. If running a proxy service is acceptible, operators may choose to start cockroach binary specifying HTTP(s)_PROXY environment setting. Co-authored-by: Yevgeniy Miretskiy <yevgeniy@cockroachlabs.com>
Informs #44320
Make it possible to disable external http storage.
This change enables the operators to disable access
to external http servers as well as custom http endpoints
overrides for cloud storage implementations.
Release note (security update): Make it possible for operators
to disable external http access when performing certain
operations (BACKUP, IMPORT, etc).
The external http access, as well as custom http endpoints, are
disabled by providing an --external-io-disable-http flag.
This flag provides a light weight option to disable http external
access in the environments where running a full fledged proxy
server may not be feasible. If running a proxy service is
acceptible, operators may choose to start cockroach binary
specifying HTTP(s)_PROXY environment setting.