Commit 489602ef authored by Harshavardhana's avatar Harshavardhana Committed by Harrison Healey

Allow regions to be set and honored for S3 driver. (#7010)

This is necessary for certain users where
GetBucketLocation API is disabled using IAM
policies. There is a field AmazonS3Region
which we need to re-purpose and use to support
this properly.

Fixes https://github.com/mattermost/platform/issues/6999
parent c506c5ca
......@@ -20,6 +20,7 @@ import (
"github.com/mattermost/platform/utils"
s3 "github.com/minio/minio-go"
"github.com/minio/minio-go/pkg/credentials"
)
func TestUploadFile(t *testing.T) {
......@@ -820,11 +821,19 @@ func readTestFile(name string) ([]byte, error) {
}
}
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool) (*s3.Client, error) {
// Similar to s3.New() but allows initialization of signature v2 or signature v4 client.
// If signV2 input is false, function always returns signature v4.
//
// Additionally this function also takes a user defined region, if set
// disables automatic region lookup.
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool, region string) (*s3.Client, error) {
var creds *credentials.Credentials
if signV2 {
return s3.NewV2(endpoint, accessKey, secretKey, secure)
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV2)
} else {
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV4)
}
return s3.NewV4(endpoint, accessKey, secretKey, secure)
return s3.NewWithCredentials(endpoint, creds, secure, region)
}
func cleanupTestFile(info *model.FileInfo) error {
......@@ -834,7 +843,8 @@ func cleanupTestFile(info *model.FileInfo) error {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
return err
}
......
......@@ -695,7 +695,8 @@ func TestUserCreateImage(t *testing.T) {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
t.Fatal(err)
}
......@@ -800,7 +801,8 @@ func TestUserUploadProfileImage(t *testing.T) {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
t.Fatal(err)
}
......
......@@ -23,8 +23,9 @@ import (
"github.com/mattermost/platform/utils"
"github.com/mattermost/platform/wsapi"
s3 "github.com/minio/minio-go"
"github.com/mattermost/platform/jobs"
s3 "github.com/minio/minio-go"
"github.com/minio/minio-go/pkg/credentials"
)
type TestHelper struct {
......@@ -641,11 +642,19 @@ func readTestFile(name string) ([]byte, error) {
}
}
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool) (*s3.Client, error) {
// Similar to s3.New() but allows initialization of signature v2 or signature v4 client.
// If signV2 input is false, function always returns signature v4.
//
// Additionally this function also takes a user defined region, if set
// disables automatic region lookup.
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool, region string) (*s3.Client, error) {
var creds *credentials.Credentials
if signV2 {
return s3.NewV2(endpoint, accessKey, secretKey, secure)
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV2)
} else {
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV4)
}
return s3.NewV4(endpoint, accessKey, secretKey, secure)
return s3.NewWithCredentials(endpoint, creds, secure, region)
}
func cleanupTestFile(info *model.FileInfo) error {
......@@ -655,7 +664,8 @@ func cleanupTestFile(info *model.FileInfo) error {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
return err
}
......
......@@ -28,6 +28,7 @@ import (
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/utils"
s3 "github.com/minio/minio-go"
"github.com/minio/minio-go/pkg/credentials"
"github.com/rwcarlsen/goexif/exif"
_ "golang.org/x/image/bmp"
)
......@@ -60,11 +61,17 @@ const (
// Similar to s3.New() but allows initialization of signature v2 or signature v4 client.
// If signV2 input is false, function always returns signature v4.
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool) (*s3.Client, error) {
//
// Additionally this function also takes a user defined region, if set
// disables automatic region lookup.
func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool, region string) (*s3.Client, error) {
var creds *credentials.Credentials
if signV2 {
return s3.NewV2(endpoint, accessKey, secretKey, secure)
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV2)
} else {
creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV4)
}
return s3.NewV4(endpoint, accessKey, secretKey, secure)
return s3.NewWithCredentials(endpoint, creds, secure, region)
}
func ReadFile(path string) ([]byte, *model.AppError) {
......@@ -74,7 +81,8 @@ func ReadFile(path string) ([]byte, *model.AppError) {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
return nil, model.NewLocAppError("ReadFile", "api.file.read_file.s3.app_error", nil, err.Error())
}
......@@ -107,7 +115,8 @@ func MoveFile(oldPath, newPath string) *model.AppError {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
return model.NewLocAppError("moveFile", "api.file.write_file.s3.app_error", nil, err.Error())
}
......@@ -146,7 +155,8 @@ func WriteFile(f []byte, path string) *model.AppError {
secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
secure := *utils.Cfg.FileSettings.AmazonS3SSL
signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
region := utils.Cfg.FileSettings.AmazonS3Region
s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
if err != nil {
return model.NewLocAppError("WriteFile", "api.file.write_file.s3.app_error", nil, err.Error())
}
......
......@@ -526,11 +526,6 @@ func (o *Config) SetDefaults() {
o.FileSettings.AmazonS3Endpoint = "s3.amazonaws.com"
}
if o.FileSettings.AmazonS3Region == "" {
// Defaults to "us-east-1" region.
o.FileSettings.AmazonS3Region = "us-east-1"
}
if o.FileSettings.AmazonS3SSL == nil {
o.FileSettings.AmazonS3SSL = new(bool)
*o.FileSettings.AmazonS3SSL = true // Secure by default.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment