Azure repository: Move to named configurations as we do for S3 repository and secure settings #23405
Conversation
dadoonet
added
:Plugin Repository Azure
:Core/Infra/Settings
|
@rjernst Can you please look at it? |
| @@ -60,6 +60,7 @@ public void testGetSelectedClientWithNoSecondary() { | |||
| .build()); | |||
| CloudBlobClient client = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY); | |||
| assertThat(client.getEndpoint(), is(URI.create("https://azure1"))); | |||
| assertWarnings("cloud.azure.storage.azure1.account", "cloud.azure.storage.azure1.key"); | |||
There was a problem hiding this comment.
You can use ESTestCase#assertSettingDeprecations here (and throughout).
| * Azure key | ||
| */ | ||
| public static final AffixSetting<String> KEY_SETTING = Setting.affixKeySetting(PREFIX, "key", | ||
| key -> Setting.simpleString(key, Property.NodeScope)); |
There was a problem hiding this comment.
I don't think we should add new settings like this which are unsecured. This and account above should be secure settings.
There was a problem hiding this comment.
I agree but this is something I'm planning to do as a follow up instead of mixing it within this change.
There was a problem hiding this comment.
That plan concerns me, as it means there is the (however distant) possibility these settings get released before being converted to secure settings.
There was a problem hiding this comment.
Let's do it like this.
Can you review the first phase of this PR and then I can add more commits to implement the security part? So we merge only a good version?
Like if we were having a feature branch.
WDYT?
There was a problem hiding this comment.
Well... Might not be a good idea. Ok. I'm going to add the commits to this PR then you will be able to review the whole change.
dadoonet
changed the title
|
@rjernst I secured our azure key/secret within this PR, changed the documentation accordingly and also the title/description of this PR. |
|
@rjernst Could you please review this one? I'd like to merge it next week ideally. |
|
I'm planning to merge this on friday, March 31st, unless anyone objects. |
I object to this, this is not how we should handle missing code reviews. |
|
@rjernst can you do a second pass on this please |
| if (azureStorageSettings == null) { | ||
| // We did not get an account. That's bad. | ||
| throw new IllegalArgumentException("Can not find azure account [" + account + "]. Check your elasticsearch.yml."); | ||
| throw new IllegalArgumentException("Can not find azure account [" + namedConfiguration + "]. Check your elasticsearch.yml."); |
There was a problem hiding this comment.
I think the message is a little deceptive, because it is not account, but the client name? And in the backcompat case, I think it may be confusing, because the client name is fake (ie primary or secondary, but a client configuration by that name does not actually exist).
| AzureStorageService.Storage.STORAGE_ACCOUNTS, | ||
| // This is strange that deprecated group settings have never been registered before. | ||
| // How this worked? I was expecting something like: | ||
| // AzureStorageSettings.DEPRECATED_ACCOUNT_SETTING, |
There was a problem hiding this comment.
These should definitely be registered. Is there some other registration of a prefix that is masking validation of all of these settings?
dadoonet
force-pushed
the
pr/22763-azure-named-config
branch
from
9c0ca5d
to
64065c6
Compare
|
@dadoonet Is this something you still want to try to get in? Can you try to refactor the change to only us a single map of client name to client settings? |
|
@rjernst I updated the PR. Could you review it? |
|
I need to iterate again a bit more as the first tests I'm doing shows that actually it's a breaking change. With an "old" cloud.azure.storage.my_account.account: ACCOUNT
cloud.azure.storage.my_account.key: KEYWhen creating the repository: curl -XDELETE 127.0.0.1:9200/_snapshot/azure?pretty
curl -XPUT '127.0.0.1:9200/_snapshot/azure?pretty' -H 'Content-Type: application/json' -d'
{
"type": "azure"
}'It is failing with: {
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "Can not find named azure client [default]. Check your elasticsearch.yml."
}
],
"type" : "illegal_argument_exception",
"reason" : "Can not find named azure client [default]. Check your elasticsearch.yml."
},
"status" : 400
}Which means that the default legacy account is not found anymore if the account name is not With: cloud.azure.storage.default.account: ACCOUNT
cloud.azure.storage.default.key: KEYIt works well. I'm going to fix that. |
|
@rjernst I pushed a new commit to fix the problem I mentioned #23405 (comment) Basically, it stores a "legacy" configuration under 2 names:
LMK |
dadoonet
force-pushed
the
pr/22763-azure-named-config
branch
3 times, most recently
from
08d3f95
to
92473e2
Compare
|
@rjernst Do you agree with the changes I proposed? |
| * @param settings settings to parse | ||
| * @return All the named configurations | ||
| */ | ||
| public static Map<String, AzureStorageSettings> load(Settings settings) { |
There was a problem hiding this comment.
Can you please rename this method and/or parse to make it clear this method is for the new style settings and the other one is for the legacy settings?
…tory We should have the same behavior for Azure repositories as we have for S3 (see elastic#22762). Instead of: ```yml cloud: azure: storage: my_account1: account: your_azure_storage_account1 key: your_azure_storage_key1 default: true my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Support something like: ``` azure.client: default: account: your_azure_storage_account1 key: your_azure_storage_key1 my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Then instead of: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "account": "my_account2" } } ``` Use: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "config": "my_account2" } } ``` If someone uses: ``` PUT _snapshot/my_backup3 { "type": "azure" } ``` It will use the `default` azure repository settings. And mark as deprecated old settings. Closes elastic#22763.
dadoonet
force-pushed
the
pr/22763-azure-named-config
branch
from
92473e2
to
80b142d
Compare
…tory We should have the same behavior for Azure repositories as we have for S3 (see #22762). Instead of: ```yml cloud: azure: storage: my_account1: account: your_azure_storage_account1 key: your_azure_storage_key1 default: true my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Support something like: ``` azure.client: default: account: your_azure_storage_account1 key: your_azure_storage_key1 my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Then instead of: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "account": "my_account2" } } ``` Use: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "config": "my_account2" } } ``` If someone uses: ``` PUT _snapshot/my_backup3 { "type": "azure" } ``` It will use the `default` azure repository settings. And mark as deprecated old settings. Backport of #23405 in 6.x branch
|
Thanks @rjernst! I pushed it to master (7.0) and 6.x (6.1). |
Follow up for elastic#23405. We remove azure deprecated settings in 7.0: * The legacy azure settings which where starting with `cloud.azure.storage.` prefix have been removed. This includes `account`, `key`, `default` and `timeout`. You need to use settings which are starting with `azure.client.` prefix instead. * Global timeout setting `cloud.azure.storage.timeout` has been removed. You must set it per azure client instead. Like `azure.client.default.timeout: 10s` for example.
Follow up for #23405. We remove azure deprecated settings in 7.0: * The legacy azure settings which where starting with `cloud.azure.storage.` prefix have been removed. This includes `account`, `key`, `default` and `timeout`. You need to use settings which are starting with `azure.client.` prefix instead. * Global timeout setting `cloud.azure.storage.timeout` has been removed. You must set it per azure client instead. Like `azure.client.default.timeout: 10s` for example.
That was a missing part in elastic#23405.
* Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in #23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite
* Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in #23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite Backport of #26751 in 6.x branch
|
@rjernst @clintongormley I think I should also backport that one to 6.0. People will benefit from secured settings with 6.0 GA instead of having to wait for 6.1. WDYT? |
|
@dadoonet it's too late for 6.0. This can go into 6.1 |
) * Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in elastic#23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite Backport of elastic#26751 in 6.0 branch
clintongormley
added
:Distributed/Snapshot/Restore
We should have the same behavior for Azure repositories as we have for S3 (see #22762).
So we want to use a similar name for keys and define explicitly the configuration name to use with
clientof insteadaccount.Also we secure our key/secret combination.
Instead of:
Support something like:
Then instead of:
Use:
If someone uses:
It will use the
defaultazure repository settings.And mark as deprecated old settings.
The plan is to then remove deprecated settings as a follow up in master branch only.
Closes #22763.