From 47e12ed41a354a6d02fbef92cdb93b71e9a49865 Mon Sep 17 00:00:00 2001 From: Jeremy Chan Date: Wed, 29 Jul 2020 15:49:42 +0100 Subject: [PATCH 01/10] INFRA-1014: Add returned email in headers to log --- aws-es-proxy.go | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/aws-es-proxy.go b/aws-es-proxy.go index 54bdd575..9837bbff 100644 --- a/aws-es-proxy.go +++ b/aws-es-proxy.go @@ -18,6 +18,7 @@ import ( "runtime" "strings" "time" + "encoding/base64" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" @@ -88,6 +89,10 @@ type proxy struct { realm string } +type jwt_header struct { + Email string `json:"email"` +} + func newProxy(args ...interface{}) *proxy { noRedirect := func(req *http.Request, via []*http.Request) error { @@ -339,8 +344,18 @@ func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { fmt.Println("Body: ") fmt.Println(string(prettyBody.Bytes())) } else { - log.Printf(" -> %s; %s; %s; %s; %d; %.3fs\n", - r.Method, r.RemoteAddr, + encoded_header := r.Header.Get("X-Amzn-Oidc-Data") + var jwtHeader jwt_header + + if encoded_header != "" { + encoded_header_payload := strings.Split(encoded_header, ".") + // the payload is in the middle + jwt_header_bytes, _ := base64.StdEncoding.DecodeString(encoded_header_payload[1]) + _ = json.Unmarshal(jwt_header_bytes, &jwtHeader) + } + + log.Printf(" %s -> %s; %s; %s; %s; %d; %.3fs\n", + jwtHeader.Email, r.Method, r.RemoteAddr, proxied.RequestURI(), query, resp.StatusCode, requestEnded.Seconds()) } From a8e8a29ef0410927dc6f19f41239beff76760bb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Wed, 18 May 2022 12:13:50 +0100 Subject: [PATCH 02/10] [master] Add CircleCI config --- .circleci/config.yml | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..dfb58c5b --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,88 @@ +version: 2.1 + +orbs: + kubernetes: oak/kubernetes@0.1.0 + utils: oak/utils@0.0.1 + +aliases: + - &only-master + branches: + only: + - master + + - &only-prs + branches: + ignore: + - master + + - &base-image + resource_class: small + docker: + - image: cimg/base:2022.03 + + - &devops-image + resource_class: small + docker: + - image: 049961945951.dkr.ecr.us-east-1.amazonaws.com/devops-neo:3 + + - &run-on-release + filters: + tags: + only: + - /\d+\.\d+\.\d+/ + branches: + ignore: /.*/ + + - &ssh-fingerprint + fingerprints: + - e9:12:fd:9e:1a:78:da:f6:c0:26:4d:0b:35:0a:08:15 + +jobs: + create-git-tag: + <<: *devops-image + steps: + - checkout + - add_ssh_keys: + <<: *ssh-fingerprint + - utils/create-git-tag + + container-build-push: + <<: [*base-image] + parameters: + repo: + type: string + description: 'Name of the container image repo to build without the registry prefix' + tag: + type: string + description: 'Tag that image should have' + default: 'sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}' + steps: + - checkout + - kubernetes/container-build-push: + path: ./ + dockerfile: Dockerfile + repo: << parameters.repo >> + tag: << parameters.tag >> + - store_artifacts: + path: /tmp/lacework-data + +workflows: + git-tag-creation-workflow: + jobs: + - create-git-tag: + context: marmot-deploy-dev + filters: + <<: *only-master + + container-workflow: + jobs: + - kubernetes/kube-linter: + name: kube-linter + context: marmot-deploy-dev + - container-build-push: + name: Build and Push + path: example_service + repo: example-service + context: marmot-deploy-dev + requires: + - kube-linter From 231af47c74472d778d2fca8385ac6802e882ecaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Wed, 18 May 2022 12:17:01 +0100 Subject: [PATCH 03/10] [master] Fix ci config --- .circleci/config.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index dfb58c5b..03f131ca 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -39,11 +39,11 @@ aliases: jobs: create-git-tag: - <<: *devops-image + <<: [*devops-image] steps: - checkout - - add_ssh_keys: - <<: *ssh-fingerprint + # - add_ssh_keys: + # <<: *ssh-fingerprint - utils/create-git-tag container-build-push: @@ -81,8 +81,7 @@ workflows: context: marmot-deploy-dev - container-build-push: name: Build and Push - path: example_service - repo: example-service + repo: aws-es-proxy context: marmot-deploy-dev requires: - kube-linter From ac21b8b8bad9e4ee859eb0fbaea09c755a9de9c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Wed, 18 May 2022 12:18:04 +0100 Subject: [PATCH 04/10] [master] lint --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a4bafe40..9f6b682b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14-alpine +FROM golang:1.14-alpine as build WORKDIR /go/src/github.com/abutaha/aws-es-proxy COPY . . @@ -11,7 +11,7 @@ LABEL name="aws-es-proxy" \ RUN apk --no-cache add ca-certificates WORKDIR /home/ -COPY --from=0 /go/src/github.com/abutaha/aws-es-proxy/aws-es-proxy /usr/local/bin/ +COPY --from=build /go/src/github.com/abutaha/aws-es-proxy/aws-es-proxy /usr/local/bin/ ENV PORT_NUM 9200 EXPOSE ${PORT_NUM} From f171aeff85802f1f192b47c28e7bdcdf8cf8f2ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Wed, 18 May 2022 12:29:32 +0100 Subject: [PATCH 05/10] [master] install aws cli --- .circleci/config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 03f131ca..5fe4591f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,6 +3,7 @@ version: 2.1 orbs: kubernetes: oak/kubernetes@0.1.0 utils: oak/utils@0.0.1 + aws-cli: circleci/aws-cli@3.1.1 aliases: - &only-master @@ -58,6 +59,7 @@ jobs: default: 'sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}' steps: - checkout + - aws-cli/install - kubernetes/container-build-push: path: ./ dockerfile: Dockerfile From ef92b76ac52caa7ccbbdc4cd4261b110defbbedf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Thu, 19 May 2022 10:06:04 +0100 Subject: [PATCH 06/10] [master] Use new k8s orb --- .circleci/config.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5fe4591f..9e501fe0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,7 @@ version: 2.1 orbs: - kubernetes: oak/kubernetes@0.1.0 + kubernetes: oak/kubernetes@dev:76f6857 utils: oak/utils@0.0.1 aws-cli: circleci/aws-cli@3.1.1 @@ -36,15 +36,15 @@ aliases: - &ssh-fingerprint fingerprints: - - e9:12:fd:9e:1a:78:da:f6:c0:26:4d:0b:35:0a:08:15 + - 0f:f3:91:06:fd:7c:18:ed:bc:3d:8c:74:f6:59:a2:12 jobs: create-git-tag: <<: [*devops-image] steps: - checkout - # - add_ssh_keys: - # <<: *ssh-fingerprint + - add_ssh_keys: + <<: *ssh-fingerprint - utils/create-git-tag container-build-push: @@ -59,14 +59,12 @@ jobs: default: 'sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}' steps: - checkout - - aws-cli/install - kubernetes/container-build-push: path: ./ dockerfile: Dockerfile repo: << parameters.repo >> tag: << parameters.tag >> - - store_artifacts: - path: /tmp/lacework-data + workflows: git-tag-creation-workflow: From 5ad5fa34ecb7191dc639109361e5320252514538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Thu, 19 May 2022 10:13:38 +0100 Subject: [PATCH 07/10] [master] Use new k8s orb --- .circleci/config.yml | 48 ++++++++++++++++---------------------------- 1 file changed, 17 insertions(+), 31 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9e501fe0..d99a7371 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,14 +7,10 @@ orbs: aliases: - &only-master - branches: - only: - - master - - - &only-prs - branches: - ignore: - - master + filters: + branches: + only: + - master - &base-image resource_class: small @@ -32,7 +28,7 @@ aliases: only: - /\d+\.\d+\.\d+/ branches: - ignore: /.*/ + only: /.*/ - &ssh-fingerprint fingerprints: @@ -47,41 +43,31 @@ jobs: <<: *ssh-fingerprint - utils/create-git-tag - container-build-push: - <<: [*base-image] - parameters: - repo: - type: string - description: 'Name of the container image repo to build without the registry prefix' - tag: - type: string - description: 'Tag that image should have' - default: 'sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}' - steps: - - checkout - - kubernetes/container-build-push: - path: ./ - dockerfile: Dockerfile - repo: << parameters.repo >> - tag: << parameters.tag >> - - workflows: git-tag-creation-workflow: jobs: - create-git-tag: context: marmot-deploy-dev - filters: - <<: *only-master + <<: *only-master container-workflow: jobs: - kubernetes/kube-linter: name: kube-linter context: marmot-deploy-dev - - container-build-push: + <<: *run-on-release + - kubernetes/container-build-push: name: Build and Push + path: ./ + dockerfile: Dockerfile repo: aws-es-proxy + tag: '${CIRCLE_TAG:-sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}}' context: marmot-deploy-dev + <<: *run-on-release requires: - kube-linter + + + + + - container-build-push: From d67dccbbea43fae771d471e2d2577ff6cc13d280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Thu, 19 May 2022 10:14:07 +0100 Subject: [PATCH 08/10] [master] Use new k8s orb --- .circleci/config.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d99a7371..b5f8f5ff 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -66,8 +66,3 @@ workflows: <<: *run-on-release requires: - kube-linter - - - - - - container-build-push: From 0295701ab12c0a0288b1a92d48e03afe0285bc43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Thu, 19 May 2022 10:30:15 +0100 Subject: [PATCH 09/10] [master] Only release after build --- .circleci/config.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b5f8f5ff..be8a1311 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,7 @@ version: 2.1 orbs: - kubernetes: oak/kubernetes@dev:76f6857 + kubernetes: oak/kubernetes@dev:c1dcf39 utils: oak/utils@0.0.1 aws-cli: circleci/aws-cli@3.1.1 @@ -44,11 +44,6 @@ jobs: - utils/create-git-tag workflows: - git-tag-creation-workflow: - jobs: - - create-git-tag: - context: marmot-deploy-dev - <<: *only-master container-workflow: jobs: @@ -66,3 +61,8 @@ workflows: <<: *run-on-release requires: - kube-linter + - create-git-tag: + context: marmot-deploy-dev + <<: *only-master + requires: + - Build and Push From 88711a8d4ae21956b8f41d6705b4b0ea8d340aa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Juan=20G=C3=B3mez=20Pe=C3=B1alver?= Date: Mon, 2 Oct 2023 15:45:47 +0100 Subject: [PATCH 10/10] [CORE-1774] feat: Archive project --- .circleci/config.yml | 68 -------------------------------------------- README.md | 5 ++++ 2 files changed, 5 insertions(+), 68 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index be8a1311..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,68 +0,0 @@ -version: 2.1 - -orbs: - kubernetes: oak/kubernetes@dev:c1dcf39 - utils: oak/utils@0.0.1 - aws-cli: circleci/aws-cli@3.1.1 - -aliases: - - &only-master - filters: - branches: - only: - - master - - - &base-image - resource_class: small - docker: - - image: cimg/base:2022.03 - - - &devops-image - resource_class: small - docker: - - image: 049961945951.dkr.ecr.us-east-1.amazonaws.com/devops-neo:3 - - - &run-on-release - filters: - tags: - only: - - /\d+\.\d+\.\d+/ - branches: - only: /.*/ - - - &ssh-fingerprint - fingerprints: - - 0f:f3:91:06:fd:7c:18:ed:bc:3d:8c:74:f6:59:a2:12 - -jobs: - create-git-tag: - <<: [*devops-image] - steps: - - checkout - - add_ssh_keys: - <<: *ssh-fingerprint - - utils/create-git-tag - -workflows: - - container-workflow: - jobs: - - kubernetes/kube-linter: - name: kube-linter - context: marmot-deploy-dev - <<: *run-on-release - - kubernetes/container-build-push: - name: Build and Push - path: ./ - dockerfile: Dockerfile - repo: aws-es-proxy - tag: '${CIRCLE_TAG:-sha-${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}-$(date +%F)-${CIRCLE_BUILD_NUM}}' - context: marmot-deploy-dev - <<: *run-on-release - requires: - - kube-linter - - create-git-tag: - context: marmot-deploy-dev - <<: *only-master - requires: - - Build and Push diff --git a/README.md b/README.md index 8e09bf53..a5581cf1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ +# ARCHIVED + +We do not use AWS ElasticSearch (OpenSearch now) anymore + + # aws-es-proxy [![Docker Pulls](https://img.shields.io/docker/pulls/abutaha/aws-es-proxy.svg)](https://hub.docker.com/r/abutaha/aws-es-proxy/)