Add connector (e.g. S3) support for custom certificate authority

elastic / connectors

Source code for all Elastic connectors, developed by the Search team at Elastic, and home of our Python connector development framework

https://www.elastic.co/guide/en/enterprise-search/master/index.html

Other

74 stars 128 forks source link

Add connector (e.g. S3) support for custom certificate authority #373

Open serenachou opened 1 year ago

serenachou commented 1 year ago

similar to #232 we need to support the ability for customers to set a custom CA for connection.

serenachou commented 1 year ago

related to #3763

akanshi-crest commented 1 year ago

Hey @serenachou , we are planning to refer this doc[https://boto3.amazonaws.com/v1/documentation/api/1.9.185/_modules/boto3/session.html] and we'll update our client and resource method for adding a certificate in verify parameter for both the methods. This will be a optional parameter in connector specific configuration and default value for this will be None. Attaching screenshot for adding the syntax of verify parameter: Screenshot (34)

akanshi-elastic commented 1 year ago

This is on hold for now due to priority of other connectors sharepoint.

tarekziade commented 1 year ago

@serenachou I am not sure to understand, can you explain how customers use a custom CA certificate with S3?

The S3 APIs are served by domains owned by Amazon, and they are present in the root certificate that is built-in in all servers OSes, and we already use an SSL connection right now and it works.

khusbu-crest commented 1 year ago

@serenachou could you please confirm for the above comment from @tarekziade ? OR can we close the issue as it is in a waiting state for a long?

khusbu-crest commented 1 year ago

@serenachou we are waiting for your confirmation for the above comment from @tarekziade ? OR can we close the issue as it is in a waiting state for a long?

danajuratoni commented 1 year ago

@khusbu-crest We'll keep this as part of the backlog review the custom CA topic as part of a larger initiative in the future.

serenachou commented 1 year ago

I was thinking we'd need it for S3 on outposts https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3outposts.html FWIW @tarekziade & for when customers have configured things like CloudFront with a custom ssl domain to access their data in their s3 buckets -> https://aws.amazon.com/cloudfront/custom-ssl-domains/

bradquarry commented 11 months ago

PNC has an active project where they would really like to use our MongoDB custom connector client with a self-signed cert from their internal CA.

seanstory commented 9 months ago

This issue looks related to https://github.com/elastic/connectors/issues/1272

PNC has an active project where they would really like to use our MongoDB custom connector client with a self-signed cert from their internal CA.

@bradquarry the MongoDB connector already has support for specifying a custom certificate. See: https://github.com/elastic/connectors/pull/1937