Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add proxy settings for GCS repository plugin #2096

Merged
merged 1 commit into from
Feb 17, 2022

Conversation

willyborankin
Copy link
Contributor

@willyborankin willyborankin commented Feb 12, 2022

Description

Now to configure GCS plugin to use any proxy you need to set standard process variables:

  • proxyHost
  • socksProxyHost
  • proxyPort
  • proxyUser
  • proxyPassword

with proxy types prefix.

Such settings have 2 main problems:

  • Storing password this way is insecure
  • In case of password leaking it is necessary to restart all nodes in the cluster

To avoid of a such problem all proxy settings were added to OS settings and security settings
Storing username/password in security settings is more secure compare to process settings and in case of any problem with username and password such security settings could be reloaded without restart of each node in the cluster.

Re-loadable security settings:

  • gcs.client.*.proxy.username - Proxy user name
  • gcs.client.*.proxy.password - Proxy user password

Static settings:

  • gcs.client.*.proxy.type - java Proxy.Type names: HTTP, SOCKS. default is DIRECT
  • gcs.client.*.proxy.host - Proxy host name
  • gcs.client.*.proxy.port - Proxy port

Note: Such properties can be added for S3 and Azure as well, so I'm planning to add theme separate PRs.

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@opensearch-ci-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 4e97e3de3d712669f00693dfdc2be47aa94a62c2
Log 2354

Reports 2354

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 0d5765806e205fd76fea108e833b96cb7466018a
Log 2355

Reports 2355

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure e279defbb455a3da6e51e1b6dd0ded22b73e4239
Log 2356

Reports 2356

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure a0d064fdf844c426e5883dab6996efc5bec3dee1
Log 2357

Reports 2357

@willyborankin willyborankin marked this pull request as ready for review February 12, 2022 18:52
@willyborankin willyborankin requested a review from a team as a code owner February 12, 2022 18:52
@willyborankin willyborankin changed the title Add proxy settings for GCS repository Add proxy settings for GCS repository plugin Feb 12, 2022
@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success 1c316a8178af843213e9eb3c1c0b7c05c1a79ed5
Log 2358

Reports 2358

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success 60c1a19865ef0b812b568fb7132ab2477397ff14
Log 2359

Reports 2359

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success f72a1812ba59f88b33ee570ba3975f675feb90bf
Log 2360

Reports 2360

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success e1b3b886fc42e742607aea83388bd18be15a8b84
Log 2364

Reports 2364

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 83573d5c509b34aa5289003213694870bd1918c7
Log 2385

Reports 2385

@dblock
Copy link
Member

dblock commented Feb 14, 2022

#2105

@dblock
Copy link
Member

dblock commented Feb 14, 2022

start gradle check

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 83573d5c509b34aa5289003213694870bd1918c7
Log 2389

Reports 2389

@kartg
Copy link
Member

kartg commented Feb 15, 2022

#1957

@kartg
Copy link
Member

kartg commented Feb 15, 2022

start gradle check

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 83573d5c509b34aa5289003213694870bd1918c7
Log 2395

Reports 2395

@willyborankin
Copy link
Contributor Author

x   Gradle Check failure 83573d5 Log 2395

Reports 2395

As far as I understand the tests failure is not related to this PR:

[MovePrimaryFirstTests](https://github.com/opensearch-project/OpenSearch/pull/classes/org.opensearch.cluster.routing.MovePrimaryFirstTests.html). [testClusterGreenAfterPartialRelocation](https://github.com/opensearch-project/OpenSearch/pull/classes/org.opensearch.cluster.routing.MovePrimaryFirstTests.html#testClusterGreenAfterPartialRelocation)

@dblock
Copy link
Member

dblock commented Feb 16, 2022

start gradle check

Copy link
Member

@dblock dblock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there logging missing similar to the Azure plugin for whether proxy is set vs. not?

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 83573d5c509b34aa5289003213694870bd1918c7
Log 2458

Reports 2458

@willyborankin
Copy link
Contributor Author

Is there logging missing similar to the Azure plugin for whether proxy is set vs. not?

let me check.

@willyborankin
Copy link
Contributor Author

Is there logging missing similar to the Azure plugin for whether proxy is set vs. not?

Double checked all classes in org.opensearch.repositories.gcs no toString.

@dblock
Copy link
Member

dblock commented Feb 16, 2022

#2143

@dblock
Copy link
Member

dblock commented Feb 16, 2022

start gradle check

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure 83573d5c509b34aa5289003213694870bd1918c7
Log 2469

Reports 2469

static final Setting.AffixSetting<Integer> PROXY_PORT_SETTING = Setting.affixKeySetting(
PREFIX,
"proxy.port",
key -> Setting.intSetting(key, 0, 0, 1 << 16, Setting.Property.NodeScope),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super minor - the maxValue condition should really be (1 << 16) - 1

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point, will fix.

Comment on lines +279 to +288
// Validate proxy settings
if (proxyType == Proxy.Type.DIRECT
&& (proxyPort != 0 || Strings.hasText(proxyHost) || Strings.hasText(proxyUserName) || Strings.hasText(proxyPassword))) {
throw new SettingsException(
"Google Cloud Storage proxy port or host or username or password have been set but proxy type is not defined."
);
}
if (proxyType != Proxy.Type.DIRECT && (proxyPort == 0 || Strings.isEmpty(proxyHost))) {
throw new SettingsException("Google Cloud Storage proxy type has been set but proxy host or port is not defined.");
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor - given that this is identical to the logic introduced in #2098 , it might be worth it to move this to a common StorageSettings superclass and have the two classes inherit from this. We could also move getConfigValue into this parent class.

Copy link
Contributor Author

@willyborankin willyborankin Feb 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes and this is a problem. All these plugins do not have a common repo or something and as a result, all of them contains the same classes e.g. AccessSocket is almost the same and with the same functionality for all plugins. I was planning to open a discussion here about improvements for Cloud Plugins. And how we (I mean our company) can help with it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's have that discussion in an issue so we can close out this PR. I've opened #2155 around it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure. will leave comments.

import java.net.Proxy;
import java.util.Objects;

public class ProxySettings {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor - Most of this is identical to the Azure ProxySettings class. Could you move the majority of this to a superclass and declare Azure and GCS specific subclasses?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above :-(

@willyborankin
Copy link
Contributor Author

I'm a bit worried about test failures. Could it be that my changes somehow affected it? At a first glance, I did not change anything critical and the plugin is not involved in the failing test. But still not clear for me.

@andrross
Copy link
Member

#2147 will fix the backward compatibility test failures. The other failures I see frequently are related to timeouts trying to download CentOS linux. I haven't seen any failures related to the GCS repository plugin.

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure b40dd7c9ef5646d52af7fc62b94e811e6e2191c0
Log 2495

Reports 2495

@willyborankin
Copy link
Contributor Author

#2147 will fix the backward compatibility test failures. The other failures I see frequently are related to timeouts trying to download CentOS linux. I haven't seen any failures related to the GCS repository plugin.

Ok I see. Yes I see same failures for CentOS as well on my machine something with docker.

@kartg
Copy link
Member

kartg commented Feb 17, 2022

@willyborankin Could you rebase to pull in the fix in #2147 so we can confirm that Gradle_Check passes before we merge this change in?

Added proxy settings for GCS repository.
Security settings:
- gcs.client.*.proxy.username - Proxy user name
- gcs.client.*.proxy.password - Proxy user password

Common settings:
- gcs.client.*.proxy.type - java Proxy.Type names: HTTP, SOCKS. default is DIRECT
- gcs.client.*.proxy.host - Proxy host name
- gcs.client.*.proxy.port - Proxy port

Signed-off-by: Andrey Pleskach <[email protected]>
@willyborankin
Copy link
Contributor Author

@willyborankin Could you rebase to pull in the fix in #2147 so we can confirm that Gradle_Check passes before we merge this change in?

done

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success 533f57a
Log 2507

Reports 2507

@kartg kartg merged commit b9ff91d into opensearch-project:main Feb 17, 2022
@willyborankin
Copy link
Contributor Author

the ticket for docs: opensearch-project/documentation-website#418

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants