Comments (17)
I think there're 2 choices:
- only table:import and bulk_import:upload_parts (they use PUT method) use SSL by default
- all subcommands use SSL by default
1 solves the problem that they can't upload data, and doesn't cause performance problem. But it's insecure when it issues the other requests such as query, table:list, etc.
2 causes performance problem but it's secure.
I think problem is: How is it slow if SSL is enabled? If the performance impact is reasonable trade-off, it should enable SSL by default.
from td.
One more candidate
3 Support X-Method-Override
from td.
- all subcommands use SSL by default
++
My company want to use td-commands in secure environments.
from td.
I guess the significant problem is latency of SSL's handshake. It means that I think it can enable SSL for import and bulk_import:upload_parts by default because latency is not important for these two subcommands.
Latency problem impacts on small subcommands such as table:list.
from td.
I know that some company still use poor functionally http-proxy that don't support PUT/DELETE and CONNECT also.
Even though you change default transport to SSL, he/she won't be able to use td-import.
from td.
There are two types in http-proxies. One of them can use CONNECT method. And another one use GET directly: GET https://...
from td.
First patch:
diff --git a/lib/td/command/common.rb b/lib/td/command/common.rb
index cd33c82..5603303 100644
--- a/lib/td/command/common.rb
+++ b/lib/td/command/common.rb
@@ -16,6 +16,9 @@ module Command
end
def get_client(opts={})
+ unless opts.has_key?(:ssl)
+ opts[:ssl] = Config.secure
+ end
apikey = Config.apikey
unless apikey
raise ConfigError, "Account is not configured."
diff --git a/lib/td/command/runner.rb b/lib/td/command/runner.rb
index a7882a8..fd89bc4 100644
--- a/lib/td/command/runner.rb
+++ b/lib/td/command/runner.rb
@@ -8,9 +8,10 @@ class Runner
@config_path = nil
@apikey = nil
@prog_name = nil
+ @secure = true
end
- attr_accessor :apikey, :config_path, :prog_name
+ attr_accessor :apikey, :config_path, :prog_name, :secure
def run(argv=ARGV)
require 'td/version'
@@ -67,6 +68,7 @@ EOF
config_path = @config_path
apikey = @apikey
+ insecure = nil
$verbose = false
#$debug = false
@@ -78,6 +80,10 @@ EOF
apikey = s
}
+ op.on('--insecure', "Insecure access: disable SSL") { |b|
+ insecure = true
+ }
+
op.on('-v', '--verbose', "verbose mode", TrueClass) {|b|
$verbose = b
}
@@ -102,6 +108,9 @@ EOF
if apikey
TreasureData::Config.apikey = apikey
end
+ if insecure
+ TreasureData::Config.secure = false
+ end
rescue
usage $!.to_s
end
diff --git a/lib/td/config.rb b/lib/td/config.rb
index de7be0a..cc9bf0f 100644
--- a/lib/td/config.rb
+++ b/lib/td/config.rb
@@ -91,6 +91,7 @@ class Config
@@path = ENV['TREASURE_DATA_CONFIG_PATH'] || ENV['TD_CONFIG_PATH'] || File.join(ENV['HOME'], '.td', 'td.conf')
@@apikey = ENV['TREASURE_DATA_API_KEY'] || ENV['TD_API_KEY']
@@apikey = nil if @@apikey == ""
+ @@secure = true
def self.path
@@path
@@ -107,6 +108,14 @@ class Config
def self.apikey=(apikey)
@@apikey = apikey
end
+
+ def self.secure
+ @@secure
+ end
+
+ def self.secure=(secure)
+ @@secure = secure
+ end
end
@mattn : I see. Could you create other issue?
from td.
It worked fine for me, thanks. I don't mind if you don't support X-Method-Override
, because I can use td on my environment.
from td.
@hotchpotch
Could you check the above patch?
from td.
cool :)
LG ™️ 👍
from td.
Many tables account:
RUBYLIB=./../td-client-ruby/lib:./lib td tables
0.66s user 0.13s system 9% cpu 8.298 total
RUBYLIB=./../td-client-ruby/lib:./lib td --insecure
tables 0.26s user 0.10s system 4% cpu 7.300 total
Less tables account:
RUBYLIB=./../td-client-ruby/lib:./lib td tables
0.37s user 0.09s system 12% cpu 3.710 total
RUBYLIB=./../td-client-ruby/lib:./lib td --insecure
tables 0.21s user 0.08s system 14% cpu 1.999 total
SSL may causes 2x slower performance for small subcommands.
from td.
Any more discussion?
from td.
I'm OK.
@frsyuki @kzk @muga : any comments?
from td.
@repeatedly please use SSL by default.
My company want to use td-commands in secure environments.
This comments from @hotchpotch tells everything :)
from td.
🍣
from td.
@mattn btw, thanks for finding proxy problem. much appreciated :)
from td.
Pushed! bc05b2a
Thanks to everyone!
from td.
Related Issues (20)
- connector:* normalize connector config and show warning messages if users use old config specification
- feature request: labeld JSON format HOT 2
- connector:run's scheduled time argument is not passed to td-client-ruby HOT 1
- connector_config_normalizer ignores `filters:` config
- connector:update allows users to modify config_diff to control next scheduled execution
- connector:history raises TypeError when it reads connector jobs that are 'queued' status. HOT 1
- connector:show supports config_diff HOT 3
- Add table:rename HOT 2
- td doesn't work with msgpack 0.5.5 on OS X
- td command should be installed without td-agent.
- td should respect $XDG_CONFIG_HOME
- TD command to create new table HOT 1
- Upgrade rubyzip dependency
- Can't update rubocop ver0.49 because of the parallel gem conflict HOT 1
- Release v0.16.4 on toolbelt.treasuredata.com?
- Update rubyzip dependency for CVE
- Dead link on td account command message
- Improve error message of table:import to UDP.
- No option for disabling certificate verification HOT 1
- `td wf` command should support "-e https://api.treasuredata.co.jp/" as same as `td` command
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from td.