Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes Related To AWS STS (in BlockStoreS3 And add_external_connection) #7577

Merged
merged 1 commit into from
Dec 5, 2023
Merged

Fixes Related To AWS STS (in BlockStoreS3 And add_external_connection) #7577

merged 1 commit into from
Dec 5, 2023

Conversation

shirady
Copy link
Contributor

@shirady shirady commented Nov 12, 2023
edited

Explain the changes

  1. In test_store_validity add the condition related to AWS STS as it appears in all other methods in the class.
  2. In _delete_past_versions has a condition related to AWS so I added AWSSTS.
  3. In add_external_connection add the type AWSSTS in a condition (which I thought was missing).

Issues: Fixed #xxx / Gap #xxx

  1. Without the change in test_store_validity you could see in noobaa-core logs:

[WARN] core.agent.block_store_services.block_store_s3:: unexpected error (code=ExpiredToken) from deleteObject during test. ignoring..

Note: to see it live I changed the defaultSTSCredsValidity to 900 (minimum possible) and waited 15 minutes after the creation of the aws-sts backingstore.

Testing Instructions:

  1. Create AWS STS Setup on Minikube (the guide will be in the operator repo, meanwhile this is the PR #Doc | Create AWS STS Setup on Minikube Dev Guide noobaa-operator#1244.
  2. Build the image and deploy noobaa on MInikube (see guide).
    Note: nb is an alias that runs the local operator from build/_output/bin (alias created by devenv).
  3. Create backingstore:
    nb backingstore create aws-sts-s3 <backingstore-name> -n <your-namespace>
  4. Create bucket class:
    nb bucketclass create placement-bucketclass <bucketclass-name> --backingstores=<backingstore-name> -n <your-namespace>
  5. Create OBC:
    nb obc create <obc-name> --bucketclass=<bucket-class-name> -n <your-namespace>
  6. Using por-forward (due to using MacOS):
  7. kubectl port-forward -n <your-namespace> service/s3 12443:443
  8. Create the alias from the OBC creation output:
    alias s3-nb-user-1='AWS_SECRET_ACCESS_KEY=<paste-here> AWS_ACCESS_KEY_ID=<paste-here> aws --no-verify-ssl --endpoint-url https://localhost:12443'
  9. Set higher debug level:
    nb system set-debug-level 3 -n <your-namespace>
  10. Put an object
    s3-nb-user-1 s3api put-object --bucket <obc-bucket-name> --key <key-name> --body <path-to-file>
  11. Get the object
    s3-nb-user-1 s3api get-object --bucket <obc-bucket-name> --key <key-name>
  • Doc added/updated
  • Tests added

@shirady shirady self-assigned this Nov 12, 2023
@shirady shirady changed the title Fix in BlockStoreS3 Related To AWS STS Fixes Related To AWS STS (in BlockStoreS3 And add_external_connection) Nov 13, 2023
@shirady
fixes related to AWS STS
66a69da 
1) Add code fix in BlockStoreS3:
  1. In `test_store_validity` add the condition related to AWS STS as it appears in all other methods in the class.
  2. In `_delete_past_versions` has a condition related to AWS so I added AWSSTS.
2) Add the type AWSSTS in the add_external_connection.

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
@shirady shirady merged commit 6710bec into noobaa:master Dec 5, 2023
8 of 9 checks passed
@shirady shirady deleted the update-sts branch December 5, 2023 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dannyzaken dannyzaken dannyzaken approved these changes

@ezio-auditore ezio-auditore ezio-auditore approved these changes

@liranmauda liranmauda Awaiting requested review from liranmauda

Assignees

@shirady shirady

Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shirady @dannyzaken @ezio-auditore