Closed kiahna-tucker closed 1 month ago
kiahna-tucker
commented
1 month ago A connector that uses a private port is: ghcr.io/estuary/materialize-sqlite. To add that connector to your local set up, you can run the following command: ./scripts/install-connector-local.sh ghcr.io/estuary/materialize-sqlite dev
kiahna-tucker
commented
1 month ago It should be noted that a page containing an error is displayed (in a new tab) when the link for an endpoint that corresponds to a failed shard is clicked. This behavior is accepted at this time. The suggestion to show a warning in the Endpoints section of the details Overview tab when at least one endpoint corresponds to a failed shard was rejected.
This note is relevant to issue 1273 as well.
Target of an endpoint that corresponds to a failed shard
Last Updated: Oct. 04, 2024
The connector private networking authorization redirect flow needs to use the reactor address and token provided by the control-plane, task authorization API,
/authorize/user/taskinstead of the that returned by thegateway_auth_tokenRPC.Below are the base requirements for this feature:
Use the reactor address and token provided by the control-plane, task authorization API in the connector private networking authorization redirect flow.
Rewrite the reactor address for tasks using the legacy data-plane so that it is recognized by the data-plane gateway. The task authorization API will return an internal service address which is unreachable.
Verify that the
orig_urlredirect matches the reactor address returned by the control-plane, task authorization API.Additional Comments
For client development, the
DataPlaneAuthReqcomponent anduseScopedGatewayAuthTokenhook are the primary points of interest. PR 526 introduced this feature.Issue 530 identifies a security concern in the existing workflow that would be worth re-evaluating (and addressing if applicable).
References
Code