Directly download commercial ip geolocation databases from providers #110844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
elastic#110675) Co-authored-by: Joe Gallo <[email protected]>
Some cluster state customs have singular nouns and some have plural, and I think plural is more natural for this case.
…f no database metadata is present
to work around a race condition on the first run (when there is no next run already scheduled).
From ingest.geoip.downloader.maxmind.default.license_key to just ingest.geoip.downloader.maxmind.license_key.
…arch into enterprise-downloader
In this version Maxmind is very much a hardcoded configuration -- I think we might want a NamedWriteable here rather than merely a Writeable, but this allows us to keep making progress.
…terprise-downloader
joegallo
added
>feature
:Data Management/Ingest Node
dakrone
reviewed
Jul 17, 2024
...main/java/org/elasticsearch/ingest/geoip/direct/TransportGetDatabaseConfigurationAction.java
Outdated
Show resolved
Hide resolved
jakelandis
reviewed
Jul 17, 2024
| try { | ||
| this.cachedSecureSettings = extractSecureSettings(settings, List.of(MAXMIND_LICENSE_KEY_SETTING)); | ||
| } catch (GeneralSecurityException e) { | ||
| logger.error("Keystore exception while reloading enterprise geoip download task executor", e); |
There was a problem hiding this comment.
pretty sure that you want to rethrow this (or wrap with better type and rethrow) so that the REST reload API also know that this failed.
There was a problem hiding this comment.
That makes sense, yeah. 95a820b
|
|
||
| @Override | ||
| public InputStream getFile(String setting) { | ||
| throw new IllegalStateException("A NotificationService setting cannot be File."); |
There was a problem hiding this comment.
NotificationService ?
Also, perhaps UnsupportedOperationException instead of IllegalStateException ?
| // get the secure settings out | ||
| final SecureSettings sourceSecureSettings = Settings.builder().put(source, true).getSecureSettings(); | ||
| // filter and cache them... | ||
| final Map<String, Tuple<SecureString, byte[]>> cache = new HashMap<>(); |
There was a problem hiding this comment.
super nitpick (feel free to ignore)
- I think Records reads a lot nicer than Tuple's and are only 1 line of code difference (assuming you don't need to backport to 7.x).
- Cache is bit misleading since the SecureSettings returned here is what is cached, this is the just the
innerMap?
Comment on lines
185
to
212
| /** | ||
| * Extracts the {@link SecureSettings}` out of the passed in {@link Settings} object. The {@code Setting} argument has to have the | ||
| * {@code SecureSettings} open/available. Normally {@code SecureSettings} are available only under specific callstacks (eg. during node | ||
| * initialization or during a `reload` call). The returned copy can be reused freely as it will never be closed (this is a bit of | ||
| * cheating, but it is necessary in this specific circumstance). Only works for secure settings of type string (not file). | ||
| * | ||
| * @param source A {@code Settings} object with its {@code SecureSettings} open/available. | ||
| * @param securePluginSettings The list of settings to copy. | ||
| * @return A copy of the {@code SecureSettings} of the passed in {@code Settings} argument. | ||
| */ | ||
| private static SecureSettings extractSecureSettings(Settings source, List<Setting<?>> securePluginSettings) | ||
| throws GeneralSecurityException { | ||
| // get the secure settings out | ||
| final SecureSettings sourceSecureSettings = Settings.builder().put(source, true).getSecureSettings(); | ||
| // filter and cache them... | ||
| final Map<String, Tuple<SecureString, byte[]>> cache = new HashMap<>(); | ||
| if (sourceSecureSettings != null && securePluginSettings != null) { | ||
| for (final String settingKey : sourceSecureSettings.getSettingNames()) { | ||
| for (final Setting<?> secureSetting : securePluginSettings) { | ||
| if (secureSetting.match(settingKey)) { | ||
| cache.put( | ||
| settingKey, | ||
| new Tuple<>(sourceSecureSettings.getString(settingKey), sourceSecureSettings.getSHA256Digest(settingKey)) | ||
| ); | ||
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
only reviewed the secure settings bits, LGTM pending the outcome of the error handling (see comment above)
|
Pinging @elastic/es-data-management (Team:Data Management) |
dakrone
approved these changes
Jul 17, 2024
jakelandis
approved these changes
Jul 17, 2024
joegallo
added a commit
to joegallo/elasticsearch
that referenced
this pull request
Jul 18, 2024
…lastic#110844) Co-authored-by: Keith Massey <[email protected]>
joegallo
added a commit
that referenced
this pull request
Jul 19, 2024
…viders (#110844) (#111077) Co-authored-by: Keith Massey <[email protected]>
ioanatia
pushed a commit
to ioanatia/elasticsearch
that referenced
this pull request
Jul 22, 2024
…lastic#110844) Co-authored-by: Keith Massey <[email protected]>
salvatore-campagna
pushed a commit
to salvatore-campagna/elasticsearch
that referenced
this pull request
Jul 23, 2024
…lastic#110844) Co-authored-by: Keith Massey <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a feature for downloading commercial ip geolocation databases directly from different providers and exposing those databases to the
geoipprocessor -- at present the only supported provider is MaxMind.