-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Satellite UI needs to use different edge service endpoints by project default placement for access key generation #6188
Comments
If we add a new endpoint that gets "ProjectConfig" then that could also be used in #6189 ? |
Assuming we are able to use placements (see #6190 (comment)) I think this is still relevant but we need a way to fetch the placement (which I assume we already have?) |
see these changes to understand more about how placement rules work: |
SummarySomething called "placements" are used for geofencing and Storj Select. Placements can be applied at the account, project or bucket level and can have additional metadata (annotations). We plan to use this metadata to inform the Satellite UI of the correct edge related URLs to use for auth service and linksharing (both the internal use URL and the public URL). Acceptance Criteria (WIP)
AssumptionsAll new placements can contain the following (optional) placements:
Open Questions
|
Some context
bucket level placements -- drive new objects created within a bucket (applied at the segment level) "annotations" are abitrary key:value pairs that can be part of a placement script... thus we COULD add annotations for the URLs needed. config.yaml in infra repo for US1 satellite -- add annotations to the 11th placement |
Just for fun I want to point out one small mistake in the example placement. It doesn't matter for this ticket but there is a trap in the system that you should be ware of.
The last and condition is wrong. The example placement is US only + the annotation OR DE nodes regardless of the additional annotation. So be careful with the actual syntax. To avoid this trap we also have a copy of the production placement rules inside a unit test. With that unit test we can double check if our final placement rule would be (US OR DE) AND annotation vs US AND annotation OR DE. The unit test will give us the proof. So please keep the unit tests updated to make sure we never trigger this little hidden bomb in production. |
Change satellite/console: update CSP to include storjapi.io mentions this issue. |
Change satellite/console: return edge URL overrides in project info responses mentions this issue. |
Change web/satellite: use edge service URL overrides mentions this issue. |
This change updates our content security policy to include the domain storjapi.io and all of its subdomains. References #6188 Change-Id: I6f3073bc32aa99626c54caf00bf07d2253ccbb8f
API responses containing project information now contain the edge service URL overrides configured for that project. The overrides are based on the project's default placement. References #6188 Change-Id: Ifc3dc74e75c0f5daf0419ac3be184415c65b202e
Background
Users, projects, buckets, and segments can all have a "default placement" set in the database. The placement is an integer, but maps to a configured set of rules on the satellite.
Example for this ticket (newlines inserted for readability):
The snippet above is not a real configuration on a satellite. However, if a satellite had the above placement configuration, the following would be true:
10
on a project means that all segments/pieces should be geofenced to the US0
means that segments/pieces should be geofenced outside the US11
means what is in placement10
(geofence to US), as well as containing additional arbitrary metadatatestAnnotation=testValue
12
means what is in placement11
, plus geofencing in Germany. In other words, pieces/segments with a placement of12
can be in either the US or Germany (DE
), and there will also be the metadatatestAnnotation=testValue
on that placementAgain, this is not a real-life example. The placement numbers above do not correspond with the actual placements that are configured in production. To see what is actually in production, see an example here in the infra repo.
For this ticket, we want to be able to add annotation to placement rules to override the default edge services URLs for projects with those placements.
So for example:
If the satellite has a placement rule configured as
And a project has
default_placement
set to10
, when registering credentials on authservice within the UI, we should use the custom URL, https://custom.authservice.url, from the placement configuration instead of the default, https://auth.storjsatelliteshare.io.Acceptance Criteria
auth-url
,public-linksharing-url
, andinternal-linksharing-url
.Old issue text:
Depends on #6190
Looking through the code, it appears we will need to have the
FrontendConfig
values ofGatewayCredentialsRequestURL
,LinksharingURL
, andPublicLinksharingURL
all set dynamically by project. Once #6190 has a defined way of determining a project's settings for these values, we will need to make sure that either:The text was updated successfully, but these errors were encountered: