Add proxy username and password settings for Azure repository plugin #2098
Conversation
|
Can one of the admins verify this patch? |
|
✅ Gradle Check success 76c49fa37417aec92265cc02e11db34176dd337b |
willyborankin
force-pushed
the
azure-proxy-support
branch
from
76c49fa to
b09a27a
Compare
|
✅ Gradle Check success b09a27a234ca91554d7d47017c61e283635b6e53 |
willyborankin
force-pushed
the
azure-proxy-support
branch
from
b09a27a to
b32ccb3
Compare
|
❌ Gradle Check failure b32ccb3c436168052086cc470c1f1bf50ec75de2 |
willyborankin
force-pushed
the
azure-proxy-support
branch
from
b32ccb3 to
d5c6238
Compare
|
✅ Gradle Check success d5c6238497f1e789c9c1e9886480289bc9ed23ae |
willyborankin
changed the title
| } | ||
| }); | ||
| } | ||
| final Type azureProxyType = proxySettings.getType() == Proxy.Type.SOCKS ? Type.SOCKS5 : Type.HTTP; |
There was a problem hiding this comment.
I am not sure we should discard the possibility of Type.SOCKS4 usage since we don't know all possible deployment scenarios. May be it makes sense to widen the proxy types (detach from enumeration) to DIRECT, HTTP, SOCKS (default to SOCKS4 to support compatibility since this is what is being picked right now), SOCKS4, SOCKS5?
There was a problem hiding this comment.
That is the problem that Azure SDK wraps up Proxy.Tpe and the real type for both - is Proxy.Type.SOCKS. We can set any in this case, since JDK takes care about SOCKS version
There was a problem hiding this comment.
Now I get what do you mean. Let's use Azure SDK ProxyType explicitly
There was a problem hiding this comment.
done. I had had to add ProxySettings.ProxyType. It wraps Azure SDK Type and use NONE as a default value, since settings cannot be null, and we need to check if ProxyType was set or not.
willyborankin
force-pushed
the
azure-proxy-support
branch
from
d5c6238 to
3341e65
Compare
| AZURE_CLIENT_PREFIX_KEY, | ||
| "proxy.type", | ||
| (key) -> new Setting<>(key, "direct", s -> Proxy.Type.valueOf(s.toUpperCase(Locale.ROOT)), Property.NodeScope), | ||
| (key) -> new Setting<>(key, "none", s -> ProxySettings.ProxyType.valueOf(s.toUpperCase(Locale.ROOT)), Property.NodeScope), |
There was a problem hiding this comment.
Why not keep direct as the default? It seems like none is really not needed
|
|
||
| SOCKS5(ProxyOptions.Type.SOCKS5.name()), | ||
|
|
||
| NONE("NONE"); |
There was a problem hiding this comment.
We better keep DIRECT instead of none since people may use this value (and it was a default)
| public static enum ProxyType { | ||
| HTTP(ProxyOptions.Type.HTTP.name()), | ||
|
|
||
| SOCKS4(ProxyOptions.Type.SOCKS4.name()), |
There was a problem hiding this comment.
We probably need SOCKS(ProxyOptions.Type.SOCKS4.name()) since it was a legit proxy value before (but mark is as @Deprecated, referring to SOCKS4)
|
❌ Gradle Check failure 3341e652c0ce03374c9c3ba84aaba7f2c5443fb5 |
willyborankin
force-pushed
the
azure-proxy-support
branch
from
3341e65 to
d1cdcae
Compare
|
@reta fixed your comments |
| + username | ||
| + '\'' | ||
| + ", password='" | ||
| + (Strings.isNullOrEmpty(password) ? "NO_EMPTY" : "EMPTY") |
There was a problem hiding this comment.
Super minor: NOT_EMPTY (or *****)
|
✅ Gradle Check success d1cdcae982e5be7d6c2b98dbfca7f0c025782110 |
|
I see |
|
Please open related issues to document this plugin and its settings in https://github.com/opensearch-project/documentation-website. |
|
@kartg Care to give this another look and merge? |
plugins/repository-azure/src/main/java/org/opensearch/repositories/azure/ProxySettings.java
Outdated
Show resolved
Hide resolved
...pository-azure/src/test/java/org/opensearch/repositories/azure/AzureStorageServiceTests.java
Outdated
Show resolved
Hide resolved
willyborankin
force-pushed
the
azure-proxy-support
branch
from
d1cdcae to
13eadee
Compare
|
✅ Gradle Check success 13eadeed3dafb7b7b0830543810009f2909aa9c1 |
| final ProxySettings proxySettings = azureStorageSettings.getProxySettings(); | ||
| if (proxySettings != ProxySettings.NO_PROXY_SETTINGS) { | ||
| if (proxySettings.isAuthenticated()) { | ||
| Authenticator.setDefault(new Authenticator() { |
There was a problem hiding this comment.
it must be wrapped up with SocketAccess
Added username/password proxy settings for Azure repository. Security settings: - azure.client.*.proxy.username - Proxy user name - azure.client.*.proxy.password - Proxy user password Signed-off-by: Andrey Pleskach <[email protected]>
willyborankin
force-pushed
the
azure-proxy-support
branch
from
13eadee to
36df329
Compare
Added username/password proxy settings for Azure repository. Security settings: - azure.client.*.proxy.username - Proxy user name - azure.client.*.proxy.password - Proxy user password Signed-off-by: Andrey Pleskach <[email protected]> (cherry picked from commit 62361ce)
| @@ -325,7 +327,7 @@ public String toString() { | |||
| sb.append(", timeout=").append(timeout); | |||
| sb.append(", endpointSuffix='").append(endpointSuffix).append('\''); | |||
| sb.append(", maxRetries=").append(maxRetries); | |||
| sb.append(", proxy=").append(proxy); | |||
| sb.append(", proxySettings=").append(proxySettings != ProxySettings.NO_PROXY_SETTINGS ? "PROXY_SET" : "PROXY_NOT_SET"); | |||
There was a problem hiding this comment.
This is a nitpick, but things like PROXY_SET imply some kind of variable. Since this is a log, maybe just use "set" and "not set"?
…#2108) Added username/password proxy settings for Azure repository. Security settings: - azure.client.*.proxy.username - Proxy user name - azure.client.*.proxy.password - Proxy user password Signed-off-by: Andrey Pleskach <[email protected]> (cherry picked from commit 62361ce) Co-authored-by: Andrey Pleskach <[email protected]>
|
Description
Now to configure Azure plugin to use any proxy you need to set username/password using standard process variables:
Such settings have 2 main problems:
To avoid of a such problem username and password security settings were added
Storing username/password in security settings is more secure compare to process settings and in case of any problem with username and password such security settings could be reloaded without restart of each node in the cluster.
Re-loadable security settings:
azure.client.*.proxy.username- Proxy user nameazure.client.*.proxy.password- Proxy user passwordIssues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.