Merge pull request #2060 from grapl-security/twunderlich/fix-plugin-s…

…3-url Fix s3 uri format so that its explicitly a s3 URI
grapl-security · Oct 18, 2022 · 7228b83 · 7228b83
2 parents 7f528df + c611380
commit 7228b83
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 16 deletions.
diff --git a/src/rust/plugin-registry/src/server/deploy_plugin.rs b/src/rust/plugin-registry/src/server/deploy_plugin.rs
@@ -5,7 +5,7 @@ use rust_proto::graplinc::grapl::api::plugin_registry::v1beta1::PluginType;
 
 use super::{
     plugin_nomad_job,
-    s3_url::get_s3_url,
+    s3_uri::get_s3_uri,
     service::PluginRegistryServiceConfig,
 };
 use crate::{
@@ -54,7 +54,7 @@ pub fn get_job(
     let plugin_artifact_url = {
         let key = &plugin.artifact_s3_key;
         let bucket = &service_config.bucket_name;
-        get_s3_url(bucket, key)
+        get_s3_uri(bucket, key)
     };
     let passthru = service_config.passthrough_vars;
     let plugin_type = PluginType::try_from(plugin.plugin_type.as_str())

diff --git a/src/rust/plugin-registry/src/server/mod.rs b/src/rust/plugin-registry/src/server/mod.rs
@@ -2,5 +2,5 @@ mod create_plugin;
 mod deploy_plugin;
 mod get_plugin_health;
 mod plugin_nomad_job;
-mod s3_url;
+mod s3_uri;
 pub mod service;
diff --git a/src/rust/plugin-registry/src/server/s3_uri.rs b/src/rust/plugin-registry/src/server/s3_uri.rs
@@ -0,0 +1,19 @@
+use grapl_config::env_helpers::ENV_ENDPOINT;
+
+/// This gets a s3 URI to be used by Nomad's artifact stanza (in particular the grapl-plugin).
+/// The underlying library, Hashicorp's [go-getter](https://github.com/hashicorp/go-getter) lib,
+/// doesn't work with the `http://` schema prefix, but does work with an explicit s3 prefix `s3://`
+/// or without a prefix. We've opted for the s3 prefix to be explicit.
+pub fn get_s3_uri(bucket: &str, key: &str) -> String {
+    let local_endpoint = std::env::var(ENV_ENDPOINT).ok();
+    // If the above is specified, we're running locally against Localhost
+    // Otherwise, it's against prod S3; so we use the s3 URIs. Notably, the underlying go-getter
+    // lib does not seem to work with s3 object URLs (urls that start with http:// or https://),
+    // including the recommended virtual host style access.
+    // https://github.com/hashicorp/go-getter/issues/387 tracks updating the documentation.
+    // This is the s3 URI format used in the s3 console.
+    local_endpoint.map_or_else(
+        || format!("s3://{bucket}.s3.amazonaws.com/{key}"),
+        |endpoint| format!("{endpoint}/{bucket}/{key}"),
+    )
+}
diff --git a/src/rust/plugin-registry/src/server/s3_url.rs b/src/rust/plugin-registry/src/server/s3_url.rs