Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow not using signed URLs on consumers #9

Merged
merged 34 commits into from
Oct 11, 2024
Merged

Allow not using signed URLs on consumers #9

merged 34 commits into from
Oct 11, 2024

Conversation

ddowker
Copy link
Collaborator

@ddowker ddowker commented Jun 6, 2024
edited
Loading

Sometimes the broker sends a signed URL to a consumer to allow them to retrieve fragments directly from buckets. Some of our customers do not like adding the required permissions to allow the broker to be able to sign. We had an earlier PR that was merged into the arize branch which allowed us to turn off signing on the broker side. This PR is required for the consumers to properly work with the earlier broker change to avoid using signed URLs.

ddowker added 30 commits June 5, 2024 10:52
@ddowker
avoiding signed urls requires auth header support
44b2ed5
@ddowker
avoid signature overloading
b73ffdc
@ddowker
name cleanup
f6ff841
@ddowker
fix typo
d5c7718
@ddowker
work around import cycle caused by stores_test.go
3f45f00
@ddowker
fix method
fee88be
@ddowker
put back gcsClient method
a469eda
@ddowker
fix return
fcca94c
@ddowker
copy more missing code
3ceebdc
@ddowker
port over more code
dd7569c
@ddowker
debug url variations
c18011e
@ddowker
bump up log level
1ce9c0e
@ddowker
better logging
5dea541
@ddowker
more logs
f74798b
@ddowker
more logs
c24f9ec
@ddowker
modify URL
57bd4c8
@ddowker
adjust offset
620b3f5
@ddowker
better log
c9e98f0
@ddowker
adjust to compressed returned data
98e2f8f
@ddowker
fixes
791498f
@ddowker
another fix
29f8aea
@ddowker
clean up debug logs
10f1846
@ddowker
merge in latest from arize branch
be19305
@ddowker
update deprecated github action
909bff0
@ddowker
change flag style to help on-prem substitutions
20d68a2
@ddowker
combine the support for external_account
c280280
@ddowker
update the release version to match upstream
564fc53
@ddowker
add support for external_account in another location
6a6de9d
@ddowker
fix typo
66a5465
@ddowker
by default do not skip signing URLs
3c7f3d3
@ddowker ddowker changed the title WIP: Allow not using signed URLs on consumers Allow not using signed URLs on consumers Sep 18, 2024
michaelschiff
michaelschiff reviewed Oct 11, 2024
View reviewed changes
broker/fragment/store_gcs.go
}
}

if creds.JSON != nil && !externalAccount {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if it is an external account?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With an external_account we now fall into the else portion which the client is prepared to work with a number of formats including external_account. It was a case that when finding the default credentials for external_account format they still filled in creds.JSON which we did not really need and made us fall into the signed url code.

@ddowker ddowker merged commit 3770af5 into arize Oct 11, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelschiff michaelschiff michaelschiff approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ddowker @michaelschiff