Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Directly download commercial ip geolocation databases from providers #110844

Merged
merged 79 commits into from
Jul 18, 2024

Conversation

joegallo
Copy link
Contributor

@joegallo joegallo commented Jul 12, 2024

Adds a feature for downloading commercial ip geolocation databases directly from different providers and exposing those databases to the geoip processor -- at present the only supported provider is MaxMind.

joegallo and others added 27 commits July 8, 2024 10:42
Some cluster state customs have singular nouns and some have plural,
and I think plural is more natural for this case.
to work around a race condition on the first run (when there is no
next run already scheduled).
From ingest.geoip.downloader.maxmind.default.license_key to just
ingest.geoip.downloader.maxmind.license_key.
In this version Maxmind is very much a hardcoded configuration -- I
think we might want a NamedWriteable here rather than merely a
Writeable, but this allows us to keep making progress.
@joegallo joegallo added >feature :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP Team:Data Management Meta label for data/management team labels Jul 12, 2024
try {
this.cachedSecureSettings = extractSecureSettings(settings, List.of(MAXMIND_LICENSE_KEY_SETTING));
} catch (GeneralSecurityException e) {
logger.error("Keystore exception while reloading enterprise geoip download task executor", e);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty sure that you want to rethrow this (or wrap with better type and rethrow) so that the REST reload API also know that this failed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, yeah. 95a820b


@Override
public InputStream getFile(String setting) {
throw new IllegalStateException("A NotificationService setting cannot be File.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NotificationService ?
Also, perhaps UnsupportedOperationException instead of IllegalStateException ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, 572991a

// get the secure settings out
final SecureSettings sourceSecureSettings = Settings.builder().put(source, true).getSecureSettings();
// filter and cache them...
final Map<String, Tuple<SecureString, byte[]>> cache = new HashMap<>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

super nitpick (feel free to ignore)

  • I think Records reads a lot nicer than Tuple's and are only 1 line of code difference (assuming you don't need to backport to 7.x).
  • Cache is bit misleading since the SecureSettings returned here is what is cached, this is the just the innerMap ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am in the business of saying yes to things: 12655ed and 31af5d6

Comment on lines 185 to 212
/**
* Extracts the {@link SecureSettings}` out of the passed in {@link Settings} object. The {@code Setting} argument has to have the
* {@code SecureSettings} open/available. Normally {@code SecureSettings} are available only under specific callstacks (eg. during node
* initialization or during a `reload` call). The returned copy can be reused freely as it will never be closed (this is a bit of
* cheating, but it is necessary in this specific circumstance). Only works for secure settings of type string (not file).
*
* @param source A {@code Settings} object with its {@code SecureSettings} open/available.
* @param securePluginSettings The list of settings to copy.
* @return A copy of the {@code SecureSettings} of the passed in {@code Settings} argument.
*/
private static SecureSettings extractSecureSettings(Settings source, List<Setting<?>> securePluginSettings)
throws GeneralSecurityException {
// get the secure settings out
final SecureSettings sourceSecureSettings = Settings.builder().put(source, true).getSecureSettings();
// filter and cache them...
final Map<String, Tuple<SecureString, byte[]>> cache = new HashMap<>();
if (sourceSecureSettings != null && securePluginSettings != null) {
for (final String settingKey : sourceSecureSettings.getSettingNames()) {
for (final Setting<?> secureSetting : securePluginSettings) {
if (secureSetting.match(settingKey)) {
cache.put(
settingKey,
new Tuple<>(sourceSecureSettings.getString(settingKey), sourceSecureSettings.getSHA256Digest(settingKey))
);
}
}
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only reviewed the secure settings bits, LGTM pending the outcome of the error handling (see comment above)

@joegallo joegallo marked this pull request as ready for review July 17, 2024 21:11
@joegallo joegallo requested a review from a team as a code owner July 17, 2024 21:11
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-data-management (Team:Data Management)

Copy link
Member

@dakrone dakrone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for working through this with me

Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SecureSetting bits LGTM

@joegallo joegallo merged commit 27e7601 into elastic:main Jul 18, 2024
15 checks passed
@joegallo joegallo deleted the enterprise-downloader branch July 18, 2024 00:55
joegallo added a commit to joegallo/elasticsearch that referenced this pull request Jul 18, 2024
joegallo added a commit that referenced this pull request Jul 19, 2024
ioanatia pushed a commit to ioanatia/elasticsearch that referenced this pull request Jul 22, 2024
salvatore-campagna pushed a commit to salvatore-campagna/elasticsearch that referenced this pull request Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >feature Team:Data Management Meta label for data/management team v8.15.0 v8.16.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants