NGINX Configs to Reference Remote External Files #1389
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1389 +/- ##
==========================================
+ Coverage 86.31% 86.38% +0.06%
==========================================
Files 102 102
Lines 12603 12798 +195
==========================================
+ Hits 10878 11055 +177
- Misses 1249 1260 +11
- Partials 476 483 +7
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
| fs.Duration( | ||
| ClientFileDownloadTimeoutKey, | ||
| DefClientFileDownloadTimeout, | ||
| "Timeout value in seconds, to downloading file for config apply.", |
There was a problem hiding this comment.
| "Timeout value in seconds, to downloading file for config apply.", | |
| "Timeout value in seconds, for downloading a file during a config apply.", |
| fs.String( | ||
| ExternalDataSourceProxyUrlKey, | ||
| DefExternalDataSourceProxyUrl, | ||
| "Url to the proxy service to fetch the external file.", |
There was a problem hiding this comment.
| "Url to the proxy service to fetch the external file.", | |
| "Url to the proxy service for fetching external files.", |
| }) | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Can you add a test for external Data source and add the external data source to TestResolveConfig() which checks all the values that can be set in the agent config
| filesMutex sync.RWMutex | ||
| currentFilesOnDisk map[string]*mpi.File // key is file path | ||
| previousManifestFiles map[string]*model.ManifestFile | ||
| newExternalFileHeaders map[string]DownloadHeaders |
There was a problem hiding this comment.
| newExternalFileHeaders map[string]DownloadHeaders | |
| externalFileHeaders map[string]DownloadHeaders |
| fileDiff[fileName] = modifiedFile | ||
|
|
||
| continue | ||
| // if file currently exists and file hash is different, file has been updated |
There was a problem hiding this comment.
Why was the continue removed ?
|
|
||
| continue | ||
| case model.Delete, model.Update: | ||
| case model.Delete, model.Update, model.ExternalFile: |
There was a problem hiding this comment.
With the external files are the files still considered updated, added or deleted? Just wondering instead should it be a field added to the file rather than an action this might fix a few of the things the linter had an issue with which required the checking of Adding and updating in the switch statement
| headers.ETag = resp.Header.Get("ETag") | ||
| headers.LastModified = resp.Header.Get("Last-Modified") | ||
| case http.StatusNotModified: | ||
| slog.InfoContext(ctx, "File content unchanged (304 Not Modified)", "file_name", fileName) |
There was a problem hiding this comment.
| slog.InfoContext(ctx, "File content unchanged (304 Not Modified)", "file_name", fileName) | |
| slog.DebugContext(ctx, "File content unchanged (304 Not Modified)", "file_name", fileName) |
| } | ||
| } | ||
|
|
||
| func isWildcardMatch(hostname, pattern string) bool { |
There was a problem hiding this comment.
Can the naming of this be changed
| return false | ||
| } | ||
|
|
||
| for _, pattern := range allowedDomains { |
There was a problem hiding this comment.
| for _, pattern := range allowedDomains { | |
| for _, domain := range allowedDomains { |
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| type fakeFSO struct { |
There was a problem hiding this comment.
We already have a fake file operator in agent/internal/file/filefakes/fake_file_operator.go
| fs.Duration( | ||
| ClientFileDownloadTimeoutKey, | ||
| DefClientFileDownloadTimeout, | ||
| "Timeout value in seconds, to downloading file for config apply.", |
There was a problem hiding this comment.
| "Timeout value in seconds, to downloading file for config apply.", | |
| "Timeout value in seconds, to download a file during a config apply request.", |
|
|
||
| for _, domain := range domains { | ||
| if strings.ContainsAny(domain, "/\\ ") || domain == "" { | ||
| slog.Error("domain is not specified in allowed_domains") |
There was a problem hiding this comment.
no need to log error here if you are returning the error anyways
| } | ||
|
|
||
| for _, domain := range domains { | ||
| if strings.ContainsAny(domain, "/\\ ") || domain == "" { |
There was a problem hiding this comment.
Is there a better way to validate if the string is a valid domain name or not? Maybe there is a regex we could use?
| DefLibDir = "/var/lib/nginx-agent" | ||
|
|
||
| DefExternalDataSourceProxyUrl = "" | ||
| DefExternalDataSourceMaxBytes = 100 * 1024 * 1024 |
There was a problem hiding this comment.
can you add a comment to say what the default size is in MB
| return fso.sendUpdateFileStream(ctx, fileToUpdate, fso.agentConfig.Client.Grpc.FileChunkSize) | ||
| } | ||
|
|
||
| func (fso *FileServiceOperator) RenameExternalFile( |
There was a problem hiding this comment.
instead of duplicating the RenameFile function can we update the RenameFile function to just rename the file and have the hash validation in a separate function like this:
func (fso *FileServiceOperator) RenameAndValidateFile(
ctx context.Context, source, destination string,
) error {
err := fso.RenameFile(ctx, source, destination)
if err != nil {
return err
}
return fso.validateFileHash(desination, hash)
}
| executePerm = 0o111 | ||
| ) | ||
|
|
||
| type DownloadHeaders struct { |
There was a problem hiding this comment.
| type DownloadHeaders struct { | |
| type DownloadHeader struct { |
| modifiedFile.Action = model.Update | ||
| fileDiff[fileName] = modifiedFile | ||
| } | ||
| if modifiedFile.File.GetExternalDataSource() != nil || currentFile.GetExternalDataSource() != nil { |
There was a problem hiding this comment.
can you move this if statement up to just after line 404? It will save you from doing unnecessary os.Stat
| func (fms *FileManagerService) handleExternalFileDownload(ctx context.Context, fileAction *model.FileCache, | ||
| tempFilePath string, | ||
| ) error { |
There was a problem hiding this comment.
| func (fms *FileManagerService) handleExternalFileDownload(ctx context.Context, fileAction *model.FileCache, | |
| tempFilePath string, | |
| ) error { | |
| func (fms *FileManagerService) downloadExternalFile(ctx context.Context, fileAction *model.FileCache, | |
| filePath string, | |
| ) error { |
| ctx, | ||
| content, | ||
| path, | ||
| "0600", |
There was a problem hiding this comment.
the file permissions should come from the file meta in the File proto message
Extends the ConfigApply capability to manage NGINX configurations that reference external resources hosted at remote URLs. The agent now handles downloading of these files into the NGINX configuration directory before applying the new configuration.
Checklist
Before creating a PR, run through this checklist and mark each as complete.
CONTRIBUTINGdocumentmake install-toolsand have attached any dependency changes to this pull requestREADME.md)