[arvados] created: 2.1.0-3008-gd0f348373

git repository hosting git at public.arvados.org
Wed Nov 2 19:03:48 UTC 2022


        at  d0f3483739a0140802374e6a9f5d0ab5972bd951 (commit)


commit d0f3483739a0140802374e6a9f5d0ab5972bd951
Author: Tom Clegg <tom at curii.com>
Date:   Wed Nov 2 15:01:15 2022 -0400

    19234: s3v2 + non-aws: default to us-east-1 signing settings.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/doc/install/configure-s3-object-storage.html.textile.liquid b/doc/install/configure-s3-object-storage.html.textile.liquid
index e9866d510..746c1d402 100644
--- a/doc/install/configure-s3-object-storage.html.textile.liquid
+++ b/doc/install/configure-s3-object-storage.html.textile.liquid
@@ -46,8 +46,9 @@ Volumes are configured in the @Volumes@ section of the cluster configuration fil
           AccessKeyID: <span class="userinput">""</span>
           SecretAccessKey: <span class="userinput">""</span>
 
-          # Storage provider region. For Google Cloud Storage, use ""
-          # or omit.
+          # Storage provider region. If Endpoint is specified, the
+          # region determines the request signing method, and defaults
+          # to "us-east-1".
           Region: <span class="userinput">us-east-1</span>
 
           # Storage provider endpoint. For Amazon S3, use "" or
diff --git a/services/keepstore/s3aws_volume.go b/services/keepstore/s3aws_volume.go
index f7cff6d33..d068dde07 100644
--- a/services/keepstore/s3aws_volume.go
+++ b/services/keepstore/s3aws_volume.go
@@ -184,19 +184,25 @@ func (v *S3AWSVolume) check(ec2metadataHostname string) error {
 			if v.Endpoint != "" && service == "s3" {
 				return aws.Endpoint{
 					URL:           v.Endpoint,
-					SigningRegion: v.Region,
+					SigningRegion: region,
 				}, nil
 			} else if service == "ec2metadata" && ec2metadataHostname != "" {
 				return aws.Endpoint{
 					URL: ec2metadataHostname,
 				}, nil
+			} else {
+				return defaultResolver.ResolveEndpoint(service, region)
 			}
-
-			return defaultResolver.ResolveEndpoint(service, region)
 		}
 		cfg.EndpointResolver = aws.EndpointResolverFunc(myCustomResolver)
 	}
-
+	if v.Region == "" {
+		// Endpoint is already specified (otherwise we would
+		// have errored out above), but Region is also
+		// required by the aws sdk, in order to determine
+		// SignatureVersions.
+		v.Region = "us-east-1"
+	}
 	cfg.Region = v.Region
 
 	// Zero timeouts mean "wait forever", which is a bad

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list