You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2019/03/25 10:04:09 UTC

[GitHub] [incubator-openwhisk] chetanmeh opened a new pull request #4392: Enable attachment reads from CloudFront

chetanmeh opened a new pull request #4392: Enable attachment reads from CloudFront
URL: https://github.com/apache/incubator-openwhisk/pull/4392
 
 
   Enables support for reading attachment content from CloudFront which fronts the S3 bucket. 
   
   ## Description
   
   For Multi Region deployments (#4277) we plan to make use of CloudFront CDN which fronts the S3 bucket used to store attachments. It makes use of [CloudFront support for serving private content][1]
   
   This feature is optional. By default `S3AttachmentStore` would perform read and writes from S3 directly. However once CloudFront configuration is provided then the reads would be performed from CloudFront while reads and deletes would be done at S3 level
   
   ### Usage 
   
   Configure OpenWhisk S3 support with CloudFront config `cloud-front-config`
   
   ```
   whisk {
     s3 {
       bucket = "openwhisk-test"
       prefix = "dev"
       cloud-front-config {
         domain-name = "foo.com"
         key-pair-id = "OPENWHISKISFUNTOUSE"
         private-key = """-----BEGIN RSA PRIVATE KEY-----
   MIIBPAIBAAJBAOY+Q7vyH1SnCUoFIpzqmZe1TNCxiE6zuiMRmjuJqiAzQWdb5hEA
   ZaC+f7Lcu53IvczZR0KsP4JndzG23rVg/y0CAwEAAQJBAMK+F3x4ppdrUSgSf9xJ
   cfAnoPlDsA8hZWcUFGgXYJYqKYw3NqoYG5fwyZ7xrwdMhpbdgD++nsBC/JMwUhEB
   h+ECIQDzj5Tbd7WvfaKGjozwQgHA9u3f53kxCWovpFEngU6VNwIhAPIAkAPnzuDr
   q3cEyAbM49ozjyc6/NOV6QK65HQj1gC7AiBrax/Ty3At/dL4VVaDgBkV6dHvtj8V
   CXnzmRzRt43Y8QIhAIzrvPE5RGP/eEqHUz96glhm276Zf+5qBlTbpfrnf0/PAiEA
   r1vFsvC8+KSHv7XGU1xfeiHHpHxEfDvJlX7/CxeWumQ=
   -----END RSA PRIVATE KEY-----
   """
         timeout = 10 m
       }
     }
   }
   ```
   
    Here you need to provide the
   
   1. `domain-name` - Like _xxx.cloudfront.net_. This would be determined based on the CloudFront distribution configured
   2. `key-pair-id` - ID of the private key used to perform url signing. See [here][3] for steps
   3. `private-key` - Content of RSA private key in `pem` format. You can also pass the key via an env variable
   4. `timeout` - Timeout for generated signed url. This ened not be very high as generated url is consumed immediately to read the content
   
   Refer to [AWS Docs][2] for more details.
   
   ### Test Runs
   
   There is a `S3AttachmentStoreCloudFrontTests` test which run the integration test when CloudFront releated configuration is provided. It needs following env variables defined to run. See details above for what values need to provided for them.
   
   - `CLOUDFRONT_DOMAIN_NAME`
   - `CLOUDFRONT_KEY_PAIR_ID`
   - `CLOUDFRONT_PRIVATE_KEY`
   
   ## Related issue and scope
   <!--- Please include a link to a related issue if there is one. -->
   - [ ] I opened an issue to propose and discuss this change (#4277)
   
   ## My changes affect the following components
   <!--- Select below all system components are affected by your change. -->
   <!--- Enter an `x` in all applicable boxes. -->
   - [ ] API
   - [ ] Controller
   - [ ] Message Bus (e.g., Kafka)
   - [ ] Loadbalancer
   - [ ] Invoker
   - [ ] Intrinsic actions (e.g., sequences, conductors)
   - [ ] Data stores (e.g., CouchDB)
   - [ ] Tests
   - [ ] Deployment
   - [ ] CLI
   - [ ] General tooling
   - [ ] Documentation
   
   ## Types of changes
   <!--- What types of changes does your code introduce? Use `x` in all the boxes that apply: -->
   - [ ] Bug fix (generally a non-breaking change which closes an issue).
   - [ ] Enhancement or new feature (adds new functionality).
   - [ ] Breaking change (a bug fix or enhancement which changes existing behavior).
   
   ## Checklist:
   <!--- Please review the points below which help you make sure you've covered all aspects of the change you're making. -->
   
   - [ ] I signed an [Apache CLA](https://github.com/apache/incubator-openwhisk/blob/master/CONTRIBUTING.md).
   - [ ] I reviewed the [style guides](https://github.com/apache/incubator-openwhisk/wiki/Contributing:-Git-guidelines#code-readiness) and followed the recommendations (Travis CI will check :).
   - [ ] I added tests to cover my changes.
   - [ ] My changes require further changes to the documentation.
   - [ ] I updated the documentation where necessary.
   
   [1]: https://aws.amazon.com/blogs/developer/accessing-private-content-in-amazon-cloudfront/
   [2]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
   [3]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services