Azure: Add support for Gov Cloud #7664
Conversation
N-o-Z
added
area/block-adapter
azure
N-o-Z
added
the
include-changelog
E2E Test Results - DynamoDB Local - Local Block Adapter |
There was a problem hiding this comment.
Overall looks great. Couple of things that prevents me from approving:
- Failing esti tests. They seem related to this change.
- Missing docs update for this change.
- I believe @arielshaqed opposed to passing a domain. I was on the same side too, but this PR convinced me otherwise.
pkg/config/config.go
Outdated
| ChinaCloud bool `mapstructure:"china_cloud"` | ||
| // TestEndpointURL for testing purposes | ||
| // Deprecated: Value ignored | ||
| ChinaCloud bool `mapstructure:"china_cloud"` |
There was a problem hiding this comment.
| ChinaCloud bool `mapstructure:"china_cloud"` | |
| DeprecatedChinaCloud bool `mapstructure:"china_cloud"` |
pkg/config/config.go
Outdated
| @@ -509,17 +511,17 @@ func (c *Config) BlockstoreAzureParams() (blockparams.Azure, error) { | |||
| logging.ContextUnavailable().Warn("blockstore.azure.auth_method is deprecated. Value is no longer used.") | |||
| } | |||
| if c.Blockstore.Azure.ChinaCloud { | |||
| logging.ContextUnavailable().Warn("blockstore.azure.china_cloud is enabled. lakeFS will only function on Azure China Cloud") | |||
| logging.ContextUnavailable().Warn("blockstore.azure.china_cloud is deprecated. Value is no longer used.") | |||
There was a problem hiding this comment.
Shouldn't we exit? If someone is using this, by design, lakeFS won't work for him.
There was a problem hiding this comment.
I think we should actually do something else so it wouldn't be a breaking change - fixing
pkg/block/azure/adapter.go
Outdated
| var ( | ||
| ErrInvalidDomain = errors.New("invalid Azure Domain") | ||
|
|
||
| endpointRegex = regexp.MustCompile(`https://(?P<account>[\w]+).(?P<domain>[\w.-]+)[/:][\w-/]*$`) |
There was a problem hiding this comment.
Now you have 2 problems.....
There was a problem hiding this comment.
Not sure I understand your comment
There was a problem hiding this comment.
There was a problem hiding this comment.
Sometimes you just have to do it :)
pkg/block/azure/adapter.go
Outdated
| if params.Domain == "" { | ||
| params.Domain = BlobEndpointDefaultDomain | ||
| } else { | ||
| domain := strings.TrimSuffix(params.Domain, "/") |
There was a problem hiding this comment.
Not blocking, but I think we should be more strict here.. Accepting things like blob.core.usgovcloudapi.net/ is weird
There was a problem hiding this comment.
I can go either way, removing
pkg/block/azure/adapter.go
Outdated
| @@ -605,3 +631,20 @@ func (a *Adapter) GetPresignUploadPartURL(_ context.Context, _ block.ObjectPoint | |||
| func (a *Adapter) ListParts(_ context.Context, _ block.ObjectPointer, _ string, _ block.ListPartsOpts) (*block.ListPartsResponse, error) { | |||
| return nil, block.ErrOperationNotSupported | |||
| } | |||
|
|
|||
| func ParseURL(raw string) (string, string, error) { | |||
There was a problem hiding this comment.
Let's add documentation and named args.. (string, string, error) is not very indicative.
|
♻️ PR Preview 1b229b3 has been successfully destroyed since this PR has been closed.
🤖 By surge-preview |
Small hiccup with how we build the pre-signed urls. Should be fixed now |
docs/reference/configuration.md
Outdated
| * ~~`blockstore.azure.china_cloud` `(bool : false)`~~ - Enable for using lakeFS on Azure China Cloud. | ||
| **Note:** Deprecated - In favor of `blockstore.azure.domain` | ||
| {: .note } | ||
| * `blockstore.azure.domain` `(string : blob.core.windows.net)` - Enables support of different Azure cloud domains. Current supported domains: [`blob.core.chinacloudapi.cn`, `blob.core.usgovcloudapi.net`] |
There was a problem hiding this comment.
You missed the default one
There was a problem hiding this comment.
Also - some are beta (untested, might be broken in future versions).
Let's be explicit about what's 'first tier' (blob.core.windows.net) and what are 'beta'.
There was a problem hiding this comment.
The default is the default, no need to add it to the supported domains.
Added a remark that supported domains are in Beta stage (Though this was not mentioned explicitly on the China flag)
pkg/block/azure/adapter.go
Outdated
| var ( | ||
| ErrInvalidDomain = errors.New("invalid Azure Domain") | ||
|
|
||
| endpointRegex = regexp.MustCompile(`https://(?P<account>[\w]+).(?P<domain>[\w.-]+)[/:][\w-/]*$`) |
There was a problem hiding this comment.
| if c.Blockstore.Azure.ChinaCloudDeprecated { | ||
| logging.ContextUnavailable().Warn("blockstore.azure.china_cloud is deprecated. Value is no longer used. Please pass Domain = 'blob.core.chinacloudapi.cn'") | ||
| c.Blockstore.Azure.Domain = "blob.core.chinacloudapi.cn" |
There was a problem hiding this comment.
I wouldn't warn here, I would panic. We're allowed to drop support for beta features.
It was released only recently, it's easier to drop support now instead of later.
There was a problem hiding this comment.
I don't want to break backward compatibility to current users. We didn't advertise this as a Beta feature, I don't see this becoming a bigger problem in the future
pkg/block/azure/client_cache.go
Outdated
| } else { | ||
| url = buildAccountEndpoint(params.StorageAccount, params.ChinaCloud) | ||
| domain := strings.TrimSuffix(params.Domain, "/") |
There was a problem hiding this comment.
Again with the suffix? 🙈
* Azure: Add support for Gov Cloud * Small fix * CR Fixes * Fix lint * CR Fixes 2 * Add TODO * Fix upload * Fix upload * Fix upload * Fix upload
Closes #7662
Change Description
Background
Add support for Azure users using the Gov Cloud endpoint
New Feature
Add support for additional Azure cloud endpoints in a more modular way
Testing Details
Added tests for the namespace and endpoint validations
Very hard to actually test usage as we have no access to the gov cloud endpoint
Breaking Change?
No - but we have depracated the China cloud configuration flag