Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added 'region' and 'insecure' flag #84

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Added 'region' and 'insecure' flag #84

wants to merge 11 commits into from

Conversation

DustinKLo
Copy link

@DustinKLo DustinKLo commented Oct 30, 2020
edited
Loading

related issues:

the region and service values are parsed from the endpoint flag but sometimes the url is inconsistent with how the code is expecting it, so the region value is an empty string which returns a 403

level=error msg="Received 403 from AWSAuth, invalidating credentials for retrial"

now the proxy has a optional region flag (ie. -region us-west-2)

the proxy also assumes that your server has the proper SSL certificates and will return a verification error when you don't
i added a optional insecure flag to fix that issue

level=error msg="Get \"https://elastic.example.comt/\": x509: certificate is valid for *.eu-central-1.es.amazonaws.com, not elastic.example.com

@DustinKLo
added region flag to avoid having to parse the endpoint to get the re…
c656b87 
…gion (#1)

hard-coded proxy.service value to "es"
added insecure flag and logic to avoid SSL verification
@DustinKLo
Code cleanup (#2)
97edea5 
* added region flag to avoid having to parse the endpoint to get the region

hard-coded proxy.service value to "es"
added insecure flag and logic to avoid SSL verification

* cleaning up code, moving insecure logic to main function (TODO: still need to test)

* removed redundant use of insecure flag
@DustinKLo
squash commits
d5d4aa9
@DustinKLo
fixed merge conflicts with upstream/master
d4ec2dc
@DustinKLo DustinKLo mentioned this pull request Oct 30, 2020
Open
@DustinKLo
Copy link
Author

Also im not sure where to bump the version, can you point me where to do that? thanks 👍

@abutaha
Copy link
Owner

abutaha commented Nov 6, 2020

Thank you @DustinKLo. I like the SSL insecure option, however, I'm a bit concerned about having 'region' as a mandatory option and changing the current behavior of the proxy as this change will break many implementations of the proxy across multiple users who have the proxy installed and configured as part of their CI/CD. This change will break it for them and I want to keep backward compatibility within v1.x.

With that said, I've started the development of v2.x which WILL break the backward compatibility. In v2.x I'm moving command line options and parameters to a config file to make it easier to update the settings. I've included insecure ssl and region in the config in v2.0. Please have a look and let me know if you have any ideas.

Thanks,

@DustinKLo
Copy link
Author

@abutaha thanks for the review 👍

i can make the region flag optional and re-add the endpoint parsing logic if the region flag isn't supplied in the command line
this should ensure backwards compatibility I hope 🤞

Let me know what you think, i can continue development if you want to go this direction

@abutaha
Copy link
Owner

abutaha commented Nov 15, 2020

@abutaha thanks for the review

i can make the region flag optional and re-add the endpoint parsing logic if the region flag isn't supplied in the command line
this should ensure backwards compatibility I hope

Let me know what you think, i can continue development if you want to go this direction

Yes please go ahead. Just ensure to pull the latest master.

Thanks,

DustinKLo and others added 3 commits November 15, 2020 11:47
@DustinKLo @joshgarnett @abutaha
Fix merge conflict (#3)
54f37ec 
* Added support for assuming a role that has access to ElasticSearch

* Fixed small conflicts

* Added new contributors

Co-authored-by: Joshua Garnett <[email protected]>
Co-authored-by: Dido (Christoph Poelt) <[email protected]>
Co-authored-by: Muslim AbuTaha <[email protected]>
@DustinKLo
re-added endpoint parsing login (originally removed and replced with …
5ef81bb 
…a region flag) (#4)

made -region flag optional, if not supplied will go through the endpoint parsing logic instead
edited README.md description for region flag
added "assume" description to --help in README.md
@DustinKLo
fixed merge conflicts
d7f2ef7
@DustinKLo
Copy link
Author

@abutaha thanks for the response
I re-added the endpoint parsing logic and also allows for a optional region flag
please review when you have the time 👍

@pshomov
Copy link

pshomov commented Apr 19, 2021

This seems like something that is ready to be merged but comms ended abruptly. Sure would appreciate having this fixed 👍🏻.Thank you for the great work on this tool 🙏🏻 .

@neuralsandwich
Copy link

I've been experiencing the 403 as well but testing the changes on hysds:master doesn't seem to have addressed the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@DustinKLo @abutaha @pshomov @neuralsandwich