Merge pull request #21660 from overleaf/jpa-s3-https

[object-persistor] s3: simplify using a custom CA for HTTPS endpoints

GitOrigin-RevId: 2c6a5312a842582e5e40e917ccc586392087cb7a
This commit is contained in:
Jakob Ackermann 2024-11-08 09:33:22 +01:00 committed by Copybot
parent 65dc6bf940
commit 122d89a831
5 changed files with 18 additions and 34 deletions

View file

@ -523,7 +523,7 @@ class S3Persistor extends AbstractPersistor {
if (this.settings.endpoint) { if (this.settings.endpoint) {
const endpoint = new URL(this.settings.endpoint) const endpoint = new URL(this.settings.endpoint)
options.endpoint = this.settings.endpoint options.endpoint = this.settings.endpoint
options.sslEnabled = endpoint.protocol === 'https' options.sslEnabled = endpoint.protocol === 'https:'
} }
// path-style access is only used for acceptance tests // path-style access is only used for acceptance tests
@ -537,6 +537,14 @@ class S3Persistor extends AbstractPersistor {
} }
} }
if (options.sslEnabled && this.settings.ca && !options.httpOptions?.agent) {
options.httpOptions = options.httpOptions || {}
options.httpOptions.agent = new https.Agent({
rejectUnauthorized: true,
ca: this.settings.ca,
})
}
return options return options
} }

2
package-lock.json generated
View file

@ -39546,7 +39546,6 @@
}, },
"devDependencies": { "devDependencies": {
"@google-cloud/storage": "^6.10.1", "@google-cloud/storage": "^6.10.1",
"aws-sdk": "^2.718.0",
"chai": "^4.3.6", "chai": "^4.3.6",
"chai-as-promised": "^7.1.1", "chai-as-promised": "^7.1.1",
"mocha": "^10.2.0", "mocha": "^10.2.0",
@ -50110,7 +50109,6 @@
"@overleaf/object-persistor": "*", "@overleaf/object-persistor": "*",
"@overleaf/settings": "*", "@overleaf/settings": "*",
"@overleaf/stream-utils": "^0.1.0", "@overleaf/stream-utils": "^0.1.0",
"aws-sdk": "^2.718.0",
"body-parser": "^1.20.3", "body-parser": "^1.20.3",
"bunyan": "^1.8.15", "bunyan": "^1.8.15",
"chai": "^4.3.6", "chai": "^4.3.6",

View file

@ -36,7 +36,6 @@
}, },
"devDependencies": { "devDependencies": {
"@google-cloud/storage": "^6.10.1", "@google-cloud/storage": "^6.10.1",
"aws-sdk": "^2.718.0",
"chai": "^4.3.6", "chai": "^4.3.6",
"chai-as-promised": "^7.1.1", "chai-as-promised": "^7.1.1",
"mocha": "^10.2.0", "mocha": "^10.2.0",

View file

@ -7,7 +7,6 @@ const Path = require('path')
const FilestoreApp = require('./FilestoreApp') const FilestoreApp = require('./FilestoreApp')
const TestHelper = require('./TestHelper') const TestHelper = require('./TestHelper')
const fetch = require('node-fetch') const fetch = require('node-fetch')
const S3 = require('aws-sdk/clients/s3')
const { promisify } = require('util') const { promisify } = require('util')
const { Storage } = require('@google-cloud/storage') const { Storage } = require('@google-cloud/storage')
const streamifier = require('streamifier') const streamifier = require('streamifier')
@ -43,6 +42,7 @@ const {
PerProjectEncryptedS3Persistor, PerProjectEncryptedS3Persistor,
RootKeyEncryptionKey, RootKeyEncryptionKey,
} = require('@overleaf/object-persistor/src/PerProjectEncryptedS3Persistor') } = require('@overleaf/object-persistor/src/PerProjectEncryptedS3Persistor')
const { S3Persistor } = require('@overleaf/object-persistor/src/S3Persistor')
const crypto = require('crypto') const crypto = require('crypto')
describe('Filestore', function () { describe('Filestore', function () {
@ -521,18 +521,11 @@ describe('Filestore', function () {
bucketName = `random-bucket-${new ObjectId().toString()}` bucketName = `random-bucket-${new ObjectId().toString()}`
fileUrl = `${filestoreUrl}/bucket/${bucketName}/key/${fileId}` fileUrl = `${filestoreUrl}/bucket/${bucketName}/key/${fileId}`
const cfg = s3Config() const s3 = new S3Persistor({
const s3ClientSettings = { ...s3Config(),
credentials: { key: process.env.MINIO_ROOT_USER,
accessKeyId: process.env.MINIO_ROOT_USER, secret: process.env.MINIO_ROOT_PASSWORD,
secretAccessKey: process.env.MINIO_ROOT_PASSWORD, })._getClientForBucket(bucketName)
},
endpoint: cfg.endpoint,
httpOptions: cfg.httpOptions,
s3ForcePathStyle: cfg.pathStyle,
}
const s3 = new S3(s3ClientSettings)
await s3 await s3
.createBucket({ .createBucket({
Bucket: bucketName, Bucket: bucketName,
@ -1263,16 +1256,8 @@ describe('Filestore', function () {
}) })
let s3Client let s3Client
before('create s3Client', function () { before('create s3 client', function () {
const cfg = s3Config() s3Client = new S3Persistor(s3Config())._getClientForBucket('')
const s3ClientSettings = {
accessKeyId: cfg.key,
secretAccessKey: cfg.secret,
endpoint: cfg.endpoint,
httpOptions: cfg.httpOptions,
s3ForcePathStyle: cfg.pathStyle,
}
s3Client = new S3(s3ClientSettings)
}) })
async function checkDEKStorage({ async function checkDEKStorage({

View file

@ -1,7 +1,6 @@
const fs = require('fs') const fs = require('fs')
const Path = require('path') const Path = require('path')
const crypto = require('crypto') const crypto = require('crypto')
const https = require('https')
const { const {
RootKeyEncryptionKey, RootKeyEncryptionKey,
} = require('@overleaf/object-persistor/src/PerProjectEncryptedS3Persistor') } = require('@overleaf/object-persistor/src/PerProjectEncryptedS3Persistor')
@ -12,12 +11,7 @@ function s3BaseConfig() {
endpoint: process.env.AWS_S3_ENDPOINT, endpoint: process.env.AWS_S3_ENDPOINT,
pathStyle: true, pathStyle: true,
partSize: 100 * 1024 * 1024, partSize: 100 * 1024 * 1024,
httpOptions: {
agent: new https.Agent({
rejectUnauthorized: true,
ca: [fs.readFileSync('/certs/public.crt')], ca: [fs.readFileSync('/certs/public.crt')],
}),
},
} }
} }