Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Mar 31 08:37
    matthewdavidson removed as member
  • Mar 12 14:23
    matteofigus commented #1184
  • Mar 12 14:23
    matteofigus commented #1184
  • Mar 12 14:11
    dianatamas commented #1184
  • Mar 12 14:11
    dianatamas commented #1184
  • Mar 12 14:10
    dianatamas updated the wiki
    Registry
  • Mar 12 14:10
    dianatamas updated the wiki
    Registry
  • Mar 12 14:09
    dianatamas updated the wiki
    Registry
  • Mar 12 14:09
    dianatamas updated the wiki
    Registry
  • Mar 12 12:24

    matteofigus on master

    0.48.18 changelog (compare)

  • Mar 12 12:24

    matteofigus on master

    0.48.18 changelog (compare)

  • Mar 12 12:24

    matteofigus on v0.48.18

    (compare)

  • Mar 12 12:24

    matteofigus on v0.48.18

    (compare)

  • Mar 12 12:22
    matteofigus commented #1184
  • Mar 12 12:22
    matteofigus commented #1184
  • Mar 12 12:20

    matteofigus on master

    Add support for custom keepAliv… Merge pull request #1184 from d… (compare)

  • Mar 12 12:20

    matteofigus on master

    Add support for custom keepAliv… Merge pull request #1184 from d… (compare)

  • Mar 12 12:20
    matteofigus closed #1184
  • Mar 12 12:20
    matteofigus closed #1184
  • Mar 12 11:35
    dianatamas opened #1184
Paul Browning
@centaurreader
now 0:792 Uncaught TypeError: Cannot read property 'length' of undefined :(
hmm
ah i had not put externals in there
solved my own problem. ignore me lol
Matteo Figus
@matteofigus
Glad you solved @centaurreader
@RajG54950629_twitter if you follow the starter kit I think we have heroku it now, but you can just run the registry anywhere really. Would a aws template help? That’s something that’s been in my list for a while
Mark "debo" De Bortoli
@debo
Hi everyone, is anyone online who could shed some light on how to solve an issue we are having due to a probably wrong setup? It has to do with using open components side by side with dependabot which seems to be a little recipe for disaster and I was wondering if we are doing it wrong.
14 replies
Mark "debo" De Bortoli
@debo
More details in the thread, thanks.
Francisco
@francjpd

Hello.

it's been a while since i last posted here!.

This is probably an easy question for you guys.

Some Context: You know there is this feature about the oc-registry where is able to serve the static files from a component. You can configure the path from the static files through the package.json.

Well the thing is , while the oc registry is ran locally (through the oc dev ). Is able to serve these files, BUT, whenever i run the oc-registry NOT locally, is not able to get these files.

Is it normal ?
I debugged the code and found that the static files were only being served while the oc-registry ran locally ( when initializing the Routes , it asks if theres a conf.local === true)
i didn't like the fact that the oc-registry behave differently if you were on local and on production , so i added a new route with the static path that would proxy to the s3 and it worked well..
Anyway my another final question, Why you guys made the oc-registry to behave differently from local to production when retriving files ?.
Matteo Figus
@matteofigus
@francjpd I assume you are passing static path from server to view? https://github.com/opencomponents/oc-components-examples/tree/master/static-image
The component should behave the same and you shouldn’t create the static route. The publishing takes care of putting the static resources to s3 as opposite of hosting statically in express for better scalability. The reason there is a different behaviour is that locally the thing is hosted locally, when publishing that’s in the cdn
Francisco
@francjpd

Hello @matteofigus , Thanks for the fast response.

So i tested your component locally and i could access to it by using

http://localhost:3030/static-image/1.0.0/static/images/oc.png

but this route is not available if i publish it to a real oc-registry and the only way to get the static path is to use Javascript to retrieve it from the server.js and while this is convenient when you are able to use Javascript, is not going to work on css Files... for fonts and images, OR i am missing something ?

i created a route like so:
router.use(
        '/:componentName/:componentVersion/static/*',
        proxy(`${conf.storage.options.path}${conf.storage.options.componentsDir}`, {
            proxyReqPathResolver: function (req) {
                return `${conf.storage.options.path}${conf.storage.options.componentsDir}/${req.params.componentName}/${req.params.componentVersion}/${req.params[0]}`;
            },
            proxyReqOptDecorator: function (proxyReqOpts, originalReq) {
                proxyReqOpts.rejectUnauthorized = false
                return proxyReqOpts;
            }
        })
    );
and with this route i am able to put the registry on css files to retrieves fonts and images... and i dont have the need to access to the server.js or use javascript
Matteo Figus
@matteofigus
The issue is that you are using the same instance for hosting both static and registry which is kind of an anti pattern. OC is designed to store anything static in the cdn during publishing to solve that problem. With the approach you posted you are proxying to the cdn but if you use context.staticPath you’ll just use the cdn base urls making unnecessary to setup the proxy
Btw that can work for anything static really, including images css js etc. Anything declared as static in the package.json will be uploaded during publishing and accessible
Francisco
@francjpd

The issue is that you are using the same instance for hosting both static and registry which is kind of an anti pattern. OC is designed to store anything static in the cdn during publishing to solve that problem. With the approach you posted you are proxying to the cdn but if you use context.staticPath you’ll just use the cdn base urls making unnecessary to setup the proxy

Got you. Nevermind about what i posted then, i think it just works for our case scenario.

ALex
@aresobus_twitter

hi @matteofigus @kmcrawford @nickbalestra thank you so much for your work ! I hope you will be able to answer one question
We are trying to deploy registry to AWS S3 using Jenkins, Docker and K8s.
here is how our config looks like, just standard:

'use strict';

require('dotenv').config();
const Registry = require('oc').Registry;

const configuration = {
  baseUrl:'our-url-here',
  port: 3000, #do we need to have this port be the same as where baseUrl running?
  refreshInterval: 600,
  pollingInterval: 5,
  publishAuth: {
    type: 'basic',
    username: 'a',
    password: 'b'
  },
  s3: {
    key: '**',
    secret: '**',
    bucket: 'bucket-name',
    region: 'region',
    path: `path`,
    componentsDir: 'components'
  },
  dependencies: [],
  templates: [],
};

const registry = new Registry(configuration);
registry.start(function (err, app) {
  if (err) {
    console.log('Registry not started: ', err);
    process.exit(1);
  }
});

And we are getting this error:

Registry not started:  components_list_save

I found where is this error coming from and looks like it can't find folder "components" in the bucket or list of components in the bucket. Components folder It exists and I can upload things there from command line. So I'm getting this error because access to this bucket restricted just to a certain user ? (even we provide aws s3 secrets and key for this user in the config file )...
If yes - is there any work around to have bucket be restricted just for a certain users and to not make it public? or it should be always public and reachable to make "oc publish" work and be able to read from the registry?

It lives under company AWS account and security won't allow it to be public, so maybe you faced the same issue or can suggest a solution?

Thank you

Matteo Figus
@matteofigus
@aresobus_twitter the registry needs to be able to write to s3 as it uses it to store various metadata including the components list. From the error it looks like the credentials used don’t have write access to that bucket.
The bucket shouldn’t need to be public, it just needs to be writeable by the registry by the user you specified the credentials for
ALex
@aresobus_twitter

@matteofigus wow ;) I didn't expect to receive immediate answer from you, thank you!

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OurSid",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

Hmm, weird. Above you can see the policy for a user so he can perform every action with this bucket
I tried manually write to the bucket using this credentials and it works, but during the deployment registry won't start and still getting this error (( so you think issue is with access and there is no need for additional configuration ?
I apologize for very theoretical questions ;)

Matteo Figus
@matteofigus
Uhm the policy actually looks ok 👍
Can you check the bucket policy too?
Wondering if there is something strange going on there
ALex
@aresobus_twitter
@matteofigus will do, do we want the bucket to be public or just allow this user read and write to the bucket?
I tried deploying the same config to my personal AWS account via heroku and it works and it makes me think that some corporate policy configuration prevents it from working...
ALex
@aresobus_twitter

@matteofigus here is bucket policy(allow all actions for user above)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::account-id:user/user-name"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::our-bucket-name"
        },
        {
            "Sid": "statement2",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::account-id:user/user-name"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::our-bucket-name/*"
        }
    ]
}

Is something looks weird to you ?

note: bucket is not public as I mentioned earlier
Matteo Figus
@matteofigus
The policy looks ok. The registry doesn’t need the bucket to be public but it puts some objects with public acls - i wonder if that’s the bit that is somehow conflicting with some existing account policies
But on registry start, all the components metadata is private, so it should be ok..
ALex
@aresobus_twitter
@matteofigus thanks a lot, will try to play around with policies, at least I know what is wrong. Have a great weekend!
ALex
@aresobus_twitter
hi @matteofigus so regarding my last question about S3 bucket policies, it works now but only if I partly allow public access to the S3 bucket by checking only 1 and 3 (see screenshot). Were you able to publish and work with the registry when you have full "Block public access" enabled and just grant access to the certain user ?
Now we can read and write from the bucket using IAM role with correct policy, but for some reason I can't publish to the registry when I'm using S3 keys and secrets for a user :
getting error error occurred when publishing to a registry {}
Screen Shot 2020-09-10 at 6.32.32 PM.png
It's only one thing that prevents us from running full CI/CD and use OC in production(
Matteo Figus
@matteofigus
oh ok, that makes sense, ok, I didn't think of the block policies. Some objects such as the package.json and the static assets are published with public ACL as are needed by the browser, so they need to be public. The server.js is instead published as private
Matteo Figus
@matteofigus
@aresobus_twitter out of curiosity, are you running the registry inside AWS? In that case, you can probably just omit key/secret from the registry configuration and infer that via IAM
ALex
@aresobus_twitter
@matteofigus thank you for your help again, now it make sense. I thought that I'm doing something wrong and there is a way to make it work with "block public access" enabled. We are using s3, k8s and docker to run registry and security people concerned about making bucket public...
Matteo Figus
@matteofigus
Ok. Consider that you need some stuff to be public if you need client side rendering and for static assets..but if you do SSR only and you setup a CDN on top of s3 with the proper policies to go public, then you may be ok with full private.
But you may need to change some code in the registry to avoid saving with public ACL..which shouldn’t be too much effort
You can fork the storage adapter and override it making sure all gets private here https://github.com/opencomponents/storage-adapters/blob/f164e7fefa1e1a874b28c8612e38f988a090b30b/packages/oc-s3-storage-adapter/index.js#L212
ALex
@aresobus_twitter

@matteofigus Hi! We use SSR only and I think I'll need to use you suggestion and override public part. So after in my server.js I should have something like this when I use storage adapter?

const oc = require('oc');
const s3 = require('oc-s3-storage-adapter');

let config = {
  baseUrl: 'my url', 
  port: 3000,
  refreshInterval: 600,
  pollingInterval: 5,
  templates: [require('oc-template-jade')],
  storage: {
    adapter: s3,
    options: {
      key: 'my key', 
      secret: 'my secret', 
      bucket: 'my bucket name',
      region: 'us-east-2',
      componentsDir: 'components',
      sslEnabled: false,
      s3ForcePathStyle: true,
      path - > ??
      debug: true,
      endpoint: 'http://localhost:8080'
    }    
  },
  env: { name: 'production' }
};

let registry = new oc.Registry(config);

registry.start(function(err, app){
  if(err) {
    console.log('Registry not started: ', err);
    process.exit(1);
  }
});

I was looking for some documentation for storage adapters, maybe you have some examples? The most part is self explanatory, but maybe I'll miss something accidentally or I need more configuration under 'options'...

Ken Crawford
@kmcrawford
@alex all options are passed to the s3 adapter as the conf object. https://github.com/opencomponents/storage-adapters/blob/master/packages/oc-s3-storage-adapter/index.js#L17
ALex
@aresobus_twitter
@kmcrawford thank you !
ALex
@aresobus_twitter
@matteofigus @kmcrawford Hi guys, thank you so much for your help and suggestions, I made adjustments to the adapter and I'm able to work with fully private bucket & SSR. In order to do that we sacrifice components preview, but it is ok in our case.
The only thing that I want to optimize is a mechanism of getting components from the registry with private S3 bucket, now I have to send SECRET and KEY along with request(otherwise getting Access denied) to a registry trying to combine it with
client.renderComponents() but it makes rendering a little slower, so I hope I'm on the right track because I don't have any other option in my mind.
Have a great day !
Ken Crawford
@kmcrawford
:thumbsup:
Ken Crawford
@kmcrawford
@aresobus_twitter check out https://github.com/crunchyroll/evs-s3helper I haven’t used it but it should be able to proxy a private s3 bucket on an internal server
ALex
@aresobus_twitter

@kmcrawford wow thank you! I'm trying to do something like that in NodeJS and express.js router, so far can't get through access denied message.
My initial idea was to do following:

  1. get a pre-signed url's:
    const AWS = require('aws-sdk')
const s3 = new AWS.S3()
AWS.config.update({accessKeyId: 'id', secretAccessKey: 'key'})
const myBucket = 'bucket-name'
const signedUrlExpireSeconds = 60 * 5 <-- just a test
const url = s3.getSignedUrl('getObject', {
 Bucket: myBucket,
 Key: "/",
 Expires: signedUrlExpireSeconds
})
console.log(url)
    And then pass it to the client = to have something like that:
const client = new Client({
    registries: {
      serverRendering: pre-signed url here <---

    },
  })

maybe I'm on the wrong track, will see