Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elastic Search destination should not allow "none" auth method in Airbyte Cloud #16421

Closed
grishick opened this issue Sep 8, 2022 · 2 comments · Fixed by #16862
Closed

Elastic Search destination should not allow "none" auth method in Airbyte Cloud #16421

grishick opened this issue Sep 8, 2022 · 2 comments · Fixed by #16862
Assignees
@VitaliiMaltsev
Labels
type/bug Something isn't working

Comments

@grishick
Copy link
Contributor

grishick commented Sep 8, 2022

It is currently possible to set up ES destination with authentication method = "none". This should not be allowed in Airbyte Cloud as it exposes publicly exploitable ES installations.
@VitaliiMaltsev VitaliiMaltsev self-assigned this Sep 9, 2022
@VitaliiMaltsev
Copy link
Contributor

VitaliiMaltsev commented Sep 14, 2022
edited
Loading

@grishick i have two proposals on how to implement this task:
Proposal A
Remove "none" auth method from existing connector destination-elasticsearch and publish into the cloud
Pros and cons:

+ Easy to implement
+ No need to create separate connector
- We always need to enable auth security in elasticsearch setup even for local development 
- Potential backward compatibility issue for existing Airbyte cloud users

Proposal B
Create separate connector (e.g destination-elasticsearch-strict-encrypt) with disabled authentication method = "none" in spec
Pros and cons

+ We will have 2 similar but separate connectors for OSS and Cloud. For OSS version authentication method = "none" will be enabled
+ No worries of backward compatibility
- We should replace existing destination-elasticsearch connector with strict-encrypt version for Airbyte cloud
- All existing cloud users must create connection from the scratch

@grishick
Copy link
Contributor Author

@VitaliiMaltsev we have only 1 Airbyte Cloud workspace with ES destination, so let's go with proposal B which follows the same pattern as all other connectors

@alexandr-shegeda alexandr-shegeda linked a pull request Sep 27, 2022 that will close this issue
Destination ElasticSearch strict encrypt #16862
Merged
37 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VitaliiMaltsev VitaliiMaltsev

Labels
type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Destination ElasticSearch strict encrypt airbytehq/airbyte
3 participants
@grishick @alexandr-shegeda @VitaliiMaltsev