Refactor endpoint resolver for AWS services #32921
Conversation
sayden
requested review from
belimawr and
fearful-symmetry
and removed request for
a team
botelastic
bot
added
needs_team
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
This pull request is now in conflicts. Could you fix it? 🙏 |
|
This is the least invasive way to update the current library without proper testing. We can use the default in a follow up, once we understand how it works and why AWS introduced a breaking change there. |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
could you expand on this a little? 😛 |
There are no tests, at all, that actually checks this across all Beats. I like to understand side effects of changing something that affects 5-6 packages. Hey, but I disagree and commit. Seriously, no prob. 🙂 |
|
Is there a way that the user can change this manually in config or environment variables without having to change it in the code? I'm asking to see if for users that are hit by this issue, if there is also currently a manual workaround? |
Good question, I have looked at the code and I don't see a workaround atm. The only way to avoid the issue will be to not use a customized endpoint as far as I can see. This function has 22 references in other parts of the code: billing, cloudwatch, rds, sqs... so it's complicated to predict side effects. Looking at the old and new code, this change looks like the missing piece. But I think we should consider to decouple those 22 functions to alleviate the side effects produced by small changes like this in the near future. This issue comes from a breaking change in the AWS library where they removed the generic resolver and introduced specific resolvers for each service: ec2 resolver, sqs resolver, etc. I have some degree of confidence, after looking at alternatives and other solutions in the AWS SDK, that this should solve the issue. But as I said before, we should look at those specific resolvers because they probably do much more for users than the custom generic solution we have now. |
I disagreed and committed :) Given other issues the problem does not seem to be limited to the missing My point to the change I made is that I expect the internal endpoint resolver of the packages in the aws sdk to be much more tested than any coverage and manual testing we can do for an hot fix. |
aspacca
force-pushed
the
aws-fix-region-not-being-used
branch
from
d91b80f
to
9818f62
Compare
|
This pull request is now in conflicts. Could you fix it? 🙏 |
|
after discussing with @sayden we agreed on reducing the surface of the change we need proper manual testing of different scenarios |
aspacca
changed the title
|
thanks for getting deeper into this @sayden and @aspacca. i think it would be have been best to merge the small fix as originally reviewed, then approach the larger refactor in a new PR. this way the short term fix for SQS could be merged, whilst the larger PR goes through review + test. i have removed my original ✅ for now. |
|
This pull request is now in conflicts. Could you fix it? 🙏 |
|
Looks like that has been handled via https://github.com/aws/aws-sdk-go-v2/blob/main/service/s3/internal/endpoints/endpoints.go. It appears as long as the region is set it will autoconfigure the proper endpoint. I would say that the docs should be updated to enforce the importance of setting the |
|
Quick question, will we expose a UI option for setting the |
* Add signing region * Add changelog entry * remove awscommon.EnrichAWSConfigWithEndpoint * add nonAWSBucketResolver when recreating the s3 client for new region * remove unused functions * changelog * fix changelog * fix docs Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co> (cherry picked from commit d0bc413) # Conflicts: # x-pack/libbeat/common/aws/credentials.go # x-pack/libbeat/common/aws/credentials_test.go
@legoguy1000 is taking care of it at elastic/integrations#4158 👍 |
…33014) * Refactor endpoint resolver for AWS services (#32921) * Add signing region * Add changelog entry * remove awscommon.EnrichAWSConfigWithEndpoint * add nonAWSBucketResolver when recreating the s3 client for new region * remove unused functions * changelog * fix changelog * fix docs Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co> (cherry picked from commit d0bc413) # Conflicts: # x-pack/libbeat/common/aws/credentials.go # x-pack/libbeat/common/aws/credentials_test.go * fix merge Co-authored-by: Mario Castro <mariocaster@gmail.com> Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co>
* Add signing region * Add changelog entry * remove awscommon.EnrichAWSConfigWithEndpoint * add nonAWSBucketResolver when recreating the s3 client for new region * remove unused functions * changelog * fix changelog * fix docs Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co>
What does this PR do?
Custom endpoint resolver in AWS services initialisation was broken after the aws sdk upgrade.
This PR remove the custom endpoint resolver, but for the case of non aws bucket in direct aws s3 input