-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce System Repository #9088
Conversation
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
Compatibility status:
|
looks good on a high level 🎉 we also need to protect from deletions as well . |
@@ -159,7 +160,7 @@ public RepositoriesService( | |||
* @param request register repository request | |||
* @param listener register repository listener | |||
*/ | |||
public void registerRepository(final PutRepositoryRequest request, final ActionListener<ClusterStateUpdateResponse> listener) { | |||
public void registerOrUpdateRepository(final PutRepositoryRequest request, final ActionListener<ClusterStateUpdateResponse> listener) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When we try to register a new system repository, do we call this method? or that flow would be separate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That should be a separate flow
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Compatibility status:
|
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Compatibility status:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Compatibility status:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
repositoriesMetadata.add(newRepositoryMetadata); | ||
} else { | ||
repositoriesMetadata.add(repositoryMetadata); | ||
} | ||
} | ||
if (!found) { | ||
logger.info("put repository [{}]", request.name()); | ||
ensureNonSystemRepository(newRepositoryMetadata.settings(), newRepositoryMetadata.name()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we move this earlier where we also do We will anyways need this check here as we want this to be atomic .validateRepositoryMetadataSettings
?
repositoriesMetadata.add(new RepositoryMetadata(request.name(), request.type(), request.settings())); | ||
} else { | ||
logger.info("update repository [{}]", request.name()); | ||
validateRestrictedSystemRepositorySettings(currentRepositoryMetadata, newRepositoryMetadata); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should also restrict changing type
.
@@ -499,6 +518,22 @@ public Repository repository(String repositoryName) { | |||
throw new RepositoryMissingException(repositoryName); | |||
} | |||
|
|||
/** | |||
* Returns registered system repository |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is to make sure we always use system repository
for remote store .
@@ -288,6 +317,7 @@ public ClusterState execute(ClusterState currentState) { | |||
boolean changed = false; | |||
for (RepositoryMetadata repositoryMetadata : repositories.repositories()) { | |||
if (Regex.simpleMatch(request.name(), repositoryMetadata.name())) { | |||
ensureNonSystemRepository(repositoryMetadata.settings(), request.name()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The error message would be confusing here : cannot register a system repository externally
. We need to modify it .
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Compatibility status:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Bukhtawar Khan <bukhtawa@amazon.com>
Compatibility status:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Test Failure : #9186 |
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
); | ||
} | ||
Repository repository = repositories.get(currentRepositoryMetadata.name()); | ||
for (Setting<?> setting : repository.restrictedSystemRepositorySettings()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REMOTE_STORE_INDEX_SHALLOW_COPY
setting will be in snapshot repository. for that, we need to add validation in non system repository as well. or should we make snapshot repository as well a system repository once user enables shallow snapshots on it?
This PR is stalled because it has been open for 30 days with no activity. |
This draft PR has been stalled for a few weeks. Please re-open if you are still working on it. |
Description
The PR aims to introduce a system repository, that hardens repository interfaces. A repository can be marked as system repository by annotating the repository with the attribute
system_repository
to true. A system repository cannot be modified by external APIs once created.Related Issues
Resolves #8917
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.