-
Notifications
You must be signed in to change notification settings - Fork 24.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Region and Signer Algorithm Overrides to S3 Repos #52112
Conversation
Pinging @elastic/es-distributed (:Distributed/Snapshot/Restore) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've left two minor comments. I'm a bit more concerned about how we test these settings, can we have an integration test for this?
docs/plugins/repository-s3.asciidoc
Outdated
`region`:: | ||
|
||
Allows specifying the signing region to use. Specificing this setting manually should not be necessary for most use cases. Generally, | ||
the SDK will correctly guess the singing region to use. It should be considered an expert level setting to support S3-compatible APIs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo singing
Thanks for taking a look Tanguy!
Sure we can, it's just a matter of coding it up :) I wonder if it's worth the effort? It seems that this would be outright testing the SDK. The amount of code it takes to add these tests makes me not want to do it. The fact that SDKs have bugs does makes me want to add the test :D |
I dunno, I think there's value in an integration test too, just checking that we've got all the end-to-end plumbing right. Maybe against Minio with an explicit region, given that the point of this feature is to support non-S3 services with nonempty regions? |
The annoying thing with that is that it forces us to add yet another Minio IT run and I'm not sure you can really force Minio to only accept v4 signatures. So we can only test signer override + region. But I just realised we have no auth testing whatsoever on our S3 mock ... probably good to have it in some form, let's add it for this effort then :) On it. |
Yes I know :( But we have to maintain such settings for a long time and we previously broke them multiple times without noticing, mostly because we were lacking integration tests. This would also be easier to migrate to AWS SDK V2 if we have more tests. I completely understand your point but I think it will still be valuable at the end. |
Wait, I found them again. This logic got split up across |
No worries, I was also confused by this and was only referring to the integration tests. For now I decided to keep it simple though and added the minimum testing required to verify that both setting enforce the right region and/or signer override in d54c45f => let me know what you think :) |
I can confirm that this patch is working. I was able to backport it to 7.4.1 and able to test this plugin on one of our testclusters against an openstack swift container. Was able to run backup successfully. Would really love to see this included in v7.7. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks Yannick + Tanguy! |
Exposes S3 SDK signing region and algorithm override settings as requested in elastic#51861. Closes elastic#51861
Exposes S3 SDK signing region and algorithm override settings as requested in #51861.
Closes #51861