storage/cloud: Make it possible to disable external http storage #44900
Conversation
|
This change is |
miretskiy
force-pushed
the
disable_external
branch
from
cd784f4
to
5a5f195
Compare
pkg/cli/flags.go
Outdated
| @@ -360,6 +403,14 @@ func init() { | |||
| // We share the default with the ClientInsecure flag. | |||
| BoolFlag(f, &startCtx.serverInsecure, cliflags.ServerInsecure, startCtx.serverInsecure) | |||
|
|
|||
| // Enable/disable various external storage endpoints. | |||
| // TODO(yevgeniy): currently we enable all schemas by default, but we should probably | |||
There was a problem hiding this comment.
I'm not sure about this point about defaults -- I think we want s3/gcs/etc to "just work" out of the box, and I think the default is probably to have most of them on. Indeed, I'm sort of inclined to invert the struct fields to be DisableFoo form so the zero-value is everything on, since flipping one off, like HTTP, is expected to be the exception, not the rule?
I donno, maybe @mwang1026 has thoughts
There was a problem hiding this comment.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @mwang1026)
pkg/cli/flags.go, line 407 at r1 (raw file):
Previously, dt (David Taylor) wrote…
I'm not sure about this point about defaults -- I think we want s3/gcs/etc to "just work" out of the box, and I think the default is probably to have most of them on. Indeed, I'm sort of inclined to invert the struct fields to be
DisableFooform so the zero-value is everything on, since flipping one off, like HTTP, is expected to be the exception, not the rule?I donno, maybe @mwang1026 has thoughts
I started off with just that... Disable http.
However, I kinda feel like if you want to be paranoid, you might want to disable most of them.
Or at least want to be able to disable any of them...
miretskiy
force-pushed
the
disable_external
branch
from
5a5f195
to
2301067
Compare
If the action is to disable that makes sense to me for it to be |
miretskiy
changed the title
pkg/storage/cloud/s3_storage.go
Outdated
| ) (ExternalStorage, error) { | ||
| if conf == nil { | ||
| return nil, errors.Errorf("s3 upload requested but info missing") | ||
| } | ||
| region := conf.Region | ||
| config := conf.Keys() | ||
| if conf.Endpoint != "" { | ||
| if ioConf.DisableHTTP { | ||
| return nil, errors.New("Custom endpoints disallowed for s3") |
There was a problem hiding this comment.
nit: imo this error would be a bit more helpful if it explained why -- that the http disallow flag was the reason.
There was a problem hiding this comment.
additionally, error messages do not start with a capital - they are not sentences and can be embedded in larger sentences
|
The commit message is a bit messed up:
Check this: https://wiki.crdb.io/wiki/spaces/CRDB/pages/73072807/Git+Commit+Messages |
to external http servers as well as custom http endpoints overrides for cloud storage implementations. Informs cockroachdb#44320 Release note (security update): Make it possible for operators to disable external http access when performing certain operations (BACKUP, IMPORT, etc). The external http access, as well as custom http endpoints, are disabled by providing an --external-io-disable-http flag. This flag provides a light weight option to disable http external access in the environments where running a full fledged proxy server may not be feasible. If running a proxy service is acceptible, operators may choose to start cockroach binary specifying HTTP(s)_PROXY environment setting.
miretskiy
force-pushed
the
disable_external
branch
from
2301067
to
6bb33e6
Compare
|
bors r+ |
Build succeeded |
44900: storage/cloud: Make it possible to disable external http storage r=miretskiy a=miretskiy Informs cockroachdb#44320 Make it possible to disable external http storage. This change enables the operators to disable access to external http servers as well as custom http endpoints overrides for cloud storage implementations. Release note (security update): Make it possible for operators to disable external http access when performing certain operations (BACKUP, IMPORT, etc). The external http access, as well as custom http endpoints, are disabled by providing an --external-io-disable-http flag. This flag provides a light weight option to disable http external access in the environments where running a full fledged proxy server may not be feasible. If running a proxy service is acceptible, operators may choose to start cockroach binary specifying HTTP(s)_PROXY environment setting. Co-authored-by: Yevgeniy Miretskiy <yevgeniy@cockroachlabs.com>
Informs #44320
Make it possible to disable external http storage.
This change enables the operators to disable access
to external http servers as well as custom http endpoints
overrides for cloud storage implementations.
Release note (security update): Make it possible for operators
to disable external http access when performing certain
operations (BACKUP, IMPORT, etc).
The external http access, as well as custom http endpoints, are
disabled by providing an --external-io-disable-http flag.
This flag provides a light weight option to disable http external
access in the environments where running a full fledged proxy
server may not be feasible. If running a proxy service is
acceptible, operators may choose to start cockroach binary
specifying HTTP(s)_PROXY environment setting.