Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OADP-659 Remove HTTP/HTTPS port numbers from AWS S3 URLs. #1169

Merged
merged 3 commits into from Oct 4, 2023
Merged

OADP-659 Remove HTTP/HTTPS port numbers from AWS S3 URLs. #1169

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bd3fec0
OADP-659 Remove port numbers if HTTP or HTTPS.
mrnold Oct 2, 2023
e1b31cf
OADP-659 Move StripDefaultPorts to pkg/common.
mrnold Oct 3, 2023
6a7c75a
OADP-659 Fix port number in comment.
mrnold Oct 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 13 additions & 0 deletions controllers/bsl.go
View file
Open in desktop
Expand Up @@ -6,6 +6,7 @@ import (

"github.com/go-logr/logr"
oadpv1alpha1 "github.com/openshift/oadp-operator/api/v1alpha1"
"github.com/openshift/oadp-operator/pkg/bucket"
"github.com/openshift/oadp-operator/pkg/common"
velerov1 "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -221,6 +222,18 @@ func (r *DPAReconciler) updateBSLFromSpec(bsl *velerov1.BackupStorageLocation, d
registryDeployment = "False"
}
}
// The AWS SDK expects the server providing S3 blobs to remove default ports
// (80 for HTTP and 443 for HTTPS) before calculating a signature, and not
// all S3-compatible services do this. Remove the ports here to avoid 403
// errors from mismatched signatures.
if bslSpec.Provider == "aws" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code will get executed for minio as well as noobaa, right ? Any idea if we need this port stripping for them too ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it needs to run for anything that goes through the AWS SDK. I don't know if minio already deals with this, but I will try it and see. I think this change shouldn't cause any existing working connection types to stop working.

s3Url := bslSpec.Config["s3Url"]
if len(s3Url) > 0 {
if s3Url, err = bucket.StripDefaultPorts(s3Url); err == nil {
bslSpec.Config["s3Url"] = s3Url
}
}
}
bsl.Labels = map[string]string{
"app.kubernetes.io/name": common.OADPOperatorVelero,
"app.kubernetes.io/instance": bsl.Name,
Expand Down
18 changes: 18 additions & 0 deletions pkg/bucket/aws.go
View file
Open in desktop
Expand Up @@ -2,9 +2,12 @@ package bucket

import (
"fmt"
"net/http"
"net/url"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/aws/aws-sdk-go/service/s3/s3iface"
Expand Down Expand Up @@ -170,3 +173,18 @@ func (a awsBucketClient) Delete() (bool, error) {

return true, nil
}

// StripDefaultPorts removes port 80 from HTTP URLs and 443 from HTTPS URLs.
// Defer to the actual AWS SDK implementation to match its behavior exactly.
func StripDefaultPorts(fromUrl string) (string, error) {
u, err := url.Parse(fromUrl)
if err != nil {
return "", err
}
r := http.Request{
URL: u,
}
request.SanitizeHostForHeader(&r)
r.URL.Host = r.Host
return r.URL.String(), nil
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I would move this to more generic place.. maybe util.go you never know when this might be needed for non aws.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I tried moving this to pkg/common.