rf: azure location config, use account / key #968
Conversation
lib/Config.js
Outdated
| } | ||
| }); | ||
| assert(azureContainerName, 'bad location constraint: ' + | ||
| `"${location}" azureContainerName must be defined`); |
There was a problem hiding this comment.
This would assert false if locationObj.details.azureContainerName was defined as something falsy. I don't know why someone would set their config that way, but I guess it's possible.
There was a problem hiding this comment.
Made it more explicit to check if it is actually undefined and added some checks to make sure it is a string. The isValidBucketName function will check for length (make sure it's not an empty string)
| }, | ||
| '/should not throw for a valid azure location constraint/'); | ||
| }); | ||
| it('should throw error for if type is azure and azureContainerName is ' + |
There was a problem hiding this comment.
thanks, updated those
ironman-machine
dismissed
bennettbuchanan’s stale review
Do it again human slave!:point_right: :runner: (Oh and the pull request has been updated, by the way.)
|
PR has been updated. Reviewers, please be cautious. |
|
constants.js
Outdated
| @@ -111,6 +111,10 @@ const constants = { | |||
| mpuMDStoredExternallyBackend: { aws_s3: true }, | |||
| /* eslint-enable camelcase */ | |||
| mpuMDStoredOnS3Backend: { azure: true }, | |||
| azureAccountNameRegex: /^[a-z0-9]{3,24}$/, | |||
| azureAccessKeyRegex: | |||
| new RegExp('^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==' + | |||
There was a problem hiding this comment.
This looks like a regular base64 validation regexp, could it be shared in a more generic base64Regex constant? (ideally in Arsenal but not worth a PR just for this), then azureAccessKeyRegex can point to it.
Also you may shorten it by removing the last |[A-Za-z0-9+/]{4} and make the trailer match block optional.
There was a problem hiding this comment.
I think we can just use the general base64Regex for the azureAccessKey check then.
Thanks for the tip
lib/Config.js
Outdated
| if (!locationConstraintDest) { | ||
| return true; | ||
| } | ||
| const accountNames = [locationConstraintSrc, locationConstraintDest] |
There was a problem hiding this comment.
style: for a simple comparison, I think calling twice getAzureStorageAccountName and comparing the results would be more straigthtforward than relying on a map.
There was a problem hiding this comment.
That's true, I updated it
| azureBlobSAS = process.env[`${azureLocation}_AZURE_BLOB_SAS`]; | ||
| isTestingAzure = true; | ||
| } else if (config.locationConstraints[azureLocation] && | ||
| const isTestingAzure = Object.keys(envMap).every(key => { |
There was a problem hiding this comment.
Maybe you can just rely on azureStorageAccountName presence, since an azure test would not make sense without the access key set as well.
There was a problem hiding this comment.
We also create the blobservice client below, and we need to get the azureStorageAccessKey (stored in params in the every step) for that.
lib/data/external/AzureClient.js
Outdated
| this._client = azure.createBlobService( | ||
| this._azureStorageCredentials.storageAccountName, | ||
| this._azureStorageCredentials.storageAccessKey); | ||
| this._azureStorageEndpoint = this._client.host.primaryHost; |
There was a problem hiding this comment.
are we relying on a documented property of the azure node sdk here? do they have a method for the endpoint? is this the best way to do this?
There was a problem hiding this comment.
Doesn't seem documented, they also don't have a method (they just access the StorageServiceClient.host.primaryHost property to get the value when sending a request). Maybe it's safest to require the blob endpoint explicitly again?
There was a problem hiding this comment.
do you have to tell the client the endpoint? since it has this primary concept loaded, why do you need to tell it what it knows?
There was a problem hiding this comment.
we don't need it for the blob storage client, there is so far one case where we use it:
for the copy source uri https://github.com/scality/S3/pull/968/files#diff-96a8cd65c80ea7fb9b908a81388494d4R366
We always use a put object if copying from one account to another (instead of copy object) so the storage endpoint for the copy source uri should be the same as the destination endpoint
lib/data/locationConstraintParser.js
Outdated
| @@ -74,11 +75,12 @@ function parseLC() { | |||
| clients[location].clientType = 'aws_s3'; | |||
| } | |||
| if (locationObj.type === 'azure') { | |||
| const azureBlobEndpoint = config.getAzureEndpoint(location); | |||
| const azureBlobSAS = config.getAzureBlobSas(location); | |||
| assert(locationObj.details, 'bad location constraint: details ' + | |||
There was a problem hiding this comment.
why is this assertion here rather than in config.js?
electrachong
force-pushed
the
rf/azureCredentials
branch
3 times, most recently
from
f3b8d03 to
f774bae
Compare
|
@ironman-machine try |
|
Hello @electrachong "try": Success: Try build successfully launched on 'http://ci.ironmann.io/gh/scality/Integration/16555' with the following env. args: {
"SCALITY_INTEGRATION_BRANCH": "ultron/master",
"REPO_NAME": "S3",
"DEFAULT_BRANCH": "master",
"SCALITY_S3_BRANCH": "rf/azureCredentials"
} |
|
💔 ☔ circleCI test failed. |
|
end to end retried here: http://ci.ironmann.io/gh/scality/Integration/16559 |
electrachong
force-pushed
the
rf/azureCredentials
branch
from
879124b to
1ce30b4
Compare
electrachong
force-pushed
the
rf/azureCredentials
branch
from
1ce30b4 to
249d401
Compare
|
@ironman-machine try |
|
Hello @electrachong "try": Success: Try build successfully launched on 'http://ci.ironmann.io/gh/scality/Integration/16611' with the following env. args: {
"SCALITY_INTEGRATION_BRANCH": "ultron/master",
"REPO_NAME": "S3",
"DEFAULT_BRANCH": "master",
"SCALITY_S3_BRANCH": "rf/azureCredentials"
} |
|
☀️ 👍 circleCI test succeeded! |
No description provided.