feat(cfg): ensure we don't make unecessary call to get region when en…

…dpoint for s3 is specified
uc-cdis · Mar 10, 2020 · bbbbd05 · bbbbd05
1 parent 1062432
commit bbbbd05
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 21 deletions.
diff --git a/fence/__init__.py b/fence/__init__.py
@@ -171,8 +171,8 @@ def public_keys():
 
 def _check_s3_buckets(app):
     """
-    Function to ensure that all s3_buckets have a valid credential. 
-    Additionally, if there is no region it will produce a warning then trys to fetch and cache the region. 
+    Function to ensure that all s3_buckets have a valid credential.
+    Additionally, if there is no region it will produce a warning then trys to fetch and cache the region.
     """
     buckets = config.get("S3_BUCKETS") or {}
     aws_creds = config.get("AWS_CREDENTIALS") or {}
@@ -190,21 +190,25 @@ def _check_s3_buckets(app):
                     cred, bucket_name
                 )
             )
-        if not region:
-            logger.warning(
-                "WARNING: no region for S3_BUCKET: {}. Providing the region will reduce"
-                " response time and avoid a call to GetBucketLocation which you make lack the AWS ACLs for.".format(
-                    bucket_name
+
+        # only require region when we're not specifying an
+        # s3-compatible endpoint URL (ex: no need for region when using cleversafe)
+        if not bucket_details.get("endpoint_url"):
+            if not region:
+                logger.warning(
+                    "WARNING: no region for S3_BUCKET: {}. Providing the region will reduce"
+                    " response time and avoid a call to GetBucketLocation which you make lack the AWS ACLs for.".format(
+                        bucket_name
+                    )
                 )
-            )
-            credential = S3IndexedFileLocation.get_credential_to_access_bucket(
-                bucket_name,
-                aws_creds,
-                config.get("MAX_PRESIGNED_URL_TTL", 3600),
-                app.boto,
-            )
-            region = app.boto.get_bucket_region(bucket_name, credential)
-            config["S3_BUCKETS"][bucket_name]["region"] = region
+                credential = S3IndexedFileLocation.get_credential_to_access_bucket(
+                    bucket_name,
+                    aws_creds,
+                    config.get("MAX_PRESIGNED_URL_TTL", 3600),
+                    app.boto,
+                )
+                region = app.boto.get_bucket_region(bucket_name, credential)
+                config["S3_BUCKETS"][bucket_name]["region"] = region
 
 
 def app_config(

diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py
@@ -638,11 +638,15 @@ def get_signed_url(
         if aws_access_key_id == "*" or (public_data and not force_signed_url):
             return http_url
 
-        region = self.get_bucket_region()
-        if not region:
-            region = flask.current_app.boto.get_bucket_region(
-                self.parsed_url.netloc, credential
-            )
+        # only attempt to get the region when we're not specifying an
+        # s3-compatible endpoint URL (ex: no need for region when using cleversafe)
+        region = None
+        if not current_bucket.get("endpoint_url"):
+            region = self.get_bucket_region()
+            if not region:
+                region = flask.current_app.boto.get_bucket_region(
+                    self.parsed_url.netloc, credential
+                )
 
         user_info = _get_user_info()