-
Notifications
You must be signed in to change notification settings - Fork 24.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure repository: Move to named configurations as we do for S3 repository and secure settings #23405
Conversation
@rjernst Can you please look at it? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a comment. I didn't do a full review, just one thing I noticed.
@@ -60,6 +60,7 @@ public void testGetSelectedClientWithNoSecondary() { | |||
.build()); | |||
CloudBlobClient client = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY); | |||
assertThat(client.getEndpoint(), is(URI.create("https://azure1"))); | |||
assertWarnings("cloud.azure.storage.azure1.account", "cloud.azure.storage.azure1.key"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use ESTestCase#assertSettingDeprecations
here (and throughout).
* Azure key | ||
*/ | ||
public static final AffixSetting<String> KEY_SETTING = Setting.affixKeySetting(PREFIX, "key", | ||
key -> Setting.simpleString(key, Property.NodeScope)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should add new settings like this which are unsecured. This and account
above should be secure settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree but this is something I'm planning to do as a follow up instead of mixing it within this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That plan concerns me, as it means there is the (however distant) possibility these settings get released before being converted to secure settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do it like this.
Can you review the first phase of this PR and then I can add more commits to implement the security part? So we merge only a good version?
Like if we were having a feature branch.
WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well... Might not be a good idea. Ok. I'm going to add the commits to this PR then you will be able to review the whole change.
@rjernst I secured our azure key/secret within this PR, changed the documentation accordingly and also the title/description of this PR. |
@rjernst Could you please review this one? I'd like to merge it next week ideally. |
I'm planning to merge this on friday, March 31st, unless anyone objects. |
I object to this, this is not how we should handle missing code reviews. |
@rjernst can you do a second pass on this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks ok, but I'm still unsure about merging client settings and legacy settings into one map of client name to settings.
if (azureStorageSettings == null) { | ||
// We did not get an account. That's bad. | ||
throw new IllegalArgumentException("Can not find azure account [" + account + "]. Check your elasticsearch.yml."); | ||
throw new IllegalArgumentException("Can not find azure account [" + namedConfiguration + "]. Check your elasticsearch.yml."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the message is a little deceptive, because it is not account, but the client name? And in the backcompat case, I think it may be confusing, because the client name is fake (ie primary or secondary, but a client configuration by that name does not actually exist).
AzureStorageService.Storage.STORAGE_ACCOUNTS, | ||
// This is strange that deprecated group settings have never been registered before. | ||
// How this worked? I was expecting something like: | ||
// AzureStorageSettings.DEPRECATED_ACCOUNT_SETTING, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should definitely be registered. Is there some other registration of a prefix that is masking validation of all of these settings?
9c0ca5d
to
64065c6
Compare
@dadoonet Is this something you still want to try to get in? Can you try to refactor the change to only us a single map of client name to client settings? |
@rjernst I updated the PR. Could you review it? |
I need to iterate again a bit more as the first tests I'm doing shows that actually it's a breaking change. With an "old" cloud.azure.storage.my_account.account: ACCOUNT
cloud.azure.storage.my_account.key: KEY When creating the repository: curl -XDELETE 127.0.0.1:9200/_snapshot/azure?pretty
curl -XPUT '127.0.0.1:9200/_snapshot/azure?pretty' -H 'Content-Type: application/json' -d'
{
"type": "azure"
}' It is failing with: {
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "Can not find named azure client [default]. Check your elasticsearch.yml."
}
],
"type" : "illegal_argument_exception",
"reason" : "Can not find named azure client [default]. Check your elasticsearch.yml."
},
"status" : 400
} Which means that the default legacy account is not found anymore if the account name is not With: cloud.azure.storage.default.account: ACCOUNT
cloud.azure.storage.default.key: KEY It works well. I'm going to fix that. |
@rjernst I pushed a new commit to fix the problem I mentioned #23405 (comment) Basically, it stores a "legacy" configuration under 2 names:
LMK |
08d3f95
to
92473e2
Compare
@rjernst Do you agree with the changes I proposed? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, one small request for clarity.
* @param settings settings to parse | ||
* @return All the named configurations | ||
*/ | ||
public static Map<String, AzureStorageSettings> load(Settings settings) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please rename this method and/or parse
to make it clear this method is for the new style settings and the other one is for the legacy settings?
…tory We should have the same behavior for Azure repositories as we have for S3 (see elastic#22762). Instead of: ```yml cloud: azure: storage: my_account1: account: your_azure_storage_account1 key: your_azure_storage_key1 default: true my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Support something like: ``` azure.client: default: account: your_azure_storage_account1 key: your_azure_storage_key1 my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Then instead of: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "account": "my_account2" } } ``` Use: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "config": "my_account2" } } ``` If someone uses: ``` PUT _snapshot/my_backup3 { "type": "azure" } ``` It will use the `default` azure repository settings. And mark as deprecated old settings. Closes elastic#22763.
92473e2
to
80b142d
Compare
…tory We should have the same behavior for Azure repositories as we have for S3 (see #22762). Instead of: ```yml cloud: azure: storage: my_account1: account: your_azure_storage_account1 key: your_azure_storage_key1 default: true my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Support something like: ``` azure.client: default: account: your_azure_storage_account1 key: your_azure_storage_key1 my_account2: account: your_azure_storage_account2 key: your_azure_storage_key2 ``` Then instead of: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "account": "my_account2" } } ``` Use: ``` PUT _snapshot/my_backup3 { "type": "azure", "settings": { "config": "my_account2" } } ``` If someone uses: ``` PUT _snapshot/my_backup3 { "type": "azure" } ``` It will use the `default` azure repository settings. And mark as deprecated old settings. Backport of #23405 in 6.x branch
Thanks @rjernst! I pushed it to master (7.0) and 6.x (6.1). |
Follow up for elastic#23405. We remove azure deprecated settings in 7.0: * The legacy azure settings which where starting with `cloud.azure.storage.` prefix have been removed. This includes `account`, `key`, `default` and `timeout`. You need to use settings which are starting with `azure.client.` prefix instead. * Global timeout setting `cloud.azure.storage.timeout` has been removed. You must set it per azure client instead. Like `azure.client.default.timeout: 10s` for example.
Follow up for #23405. We remove azure deprecated settings in 7.0: * The legacy azure settings which where starting with `cloud.azure.storage.` prefix have been removed. This includes `account`, `key`, `default` and `timeout`. You need to use settings which are starting with `azure.client.` prefix instead. * Global timeout setting `cloud.azure.storage.timeout` has been removed. You must set it per azure client instead. Like `azure.client.default.timeout: 10s` for example.
That was a missing part in elastic#23405.
* Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in #23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite
* Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in #23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite Backport of #26751 in 6.x branch
@rjernst @clintongormley I think I should also backport that one to 6.0. People will benefit from secured settings with 6.0 GA instead of having to wait for 6.1. WDYT? |
@dadoonet it's too late for 6.0. This can go into 6.1 |
) * Use Azure upload method instead of our own implementation We are not following the Azure documentation about uploading blobs to Azure storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-java-how-to-use-blob-storage#upload-a-blob-into-a-container Instead we are using our own implementation which might cause some troubles and rarely some blobs can be not immediately commited just after we close the stream. Using the standard implementation provided by Azure team should allow us to benefit from all the magic Azure SDK team already wrote. And well... Let's just read the doc! * Adapt integration tests to secure settings That was a missing part in elastic#23405. * Simplify all the integration tests and *extends ESBlobStoreRepositoryIntegTestCase tests * removes IT `testForbiddenContainerName()` as it is useless. The plugin does not create anymore the container but expects that the user has created it before registering the repository * merges 2 IT classes so all IT tests are ran from one single class * We don't remove/create anymore the container between each single test but only for the test suite Backport of elastic#26751 in 6.0 branch
We should have the same behavior for Azure repositories as we have for S3 (see #22762).
So we want to use a similar name for keys and define explicitly the configuration name to use with
client
of insteadaccount
.Also we secure our key/secret combination.
Instead of:
Support something like:
Then instead of:
Use:
If someone uses:
It will use the
default
azure repository settings.And mark as deprecated old settings.
The plan is to then remove deprecated settings as a follow up in master branch only.
Closes #22763.