From 627b11d9cf4e2cdc2d9e4c1ecb9b86214a01cfe9 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Tue, 16 Jul 2024 16:48:39 -0400 Subject: [PATCH 1/2] Set hinting region to use from GetBucketRegion() Signed-off-by: Tiger Kaovilai --- changelogs/unreleased/210-kaovilai | 1 + velero-plugin-for-aws/config.go | 5 +++++ velero-plugin-for-aws/object_store.go | 12 ++++++++++-- 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/210-kaovilai diff --git a/changelogs/unreleased/210-kaovilai b/changelogs/unreleased/210-kaovilai new file mode 100644 index 0000000..84ab149 --- /dev/null +++ b/changelogs/unreleased/210-kaovilai @@ -0,0 +1 @@ +Fix region discovery after aws-sdk-go-v2 \ No newline at end of file diff --git a/velero-plugin-for-aws/config.go b/velero-plugin-for-aws/config.go index b368d91..ce26fa1 100644 --- a/velero-plugin-for-aws/config.go +++ b/velero-plugin-for-aws/config.go @@ -31,6 +31,11 @@ func (cb *configBuilder) WithRegion(region string) *configBuilder { return cb } +func (cb *configBuilder) WithAnonymousCredentials() *configBuilder { + cb.opts = append(cb.opts, config.WithCredentialsProvider(aws.AnonymousCredentials{})) + return cb +} + func (cb *configBuilder) WithProfile(profile string) *configBuilder { cb.opts = append(cb.opts, config.WithSharedConfigProfile(profile)) return cb diff --git a/velero-plugin-for-aws/object_store.go b/velero-plugin-for-aws/object_store.go index 11bf9ea..4922282 100644 --- a/velero-plugin-for-aws/object_store.go +++ b/velero-plugin-for-aws/object_store.go @@ -139,12 +139,20 @@ func (o *ObjectStore) Init(config map[string]string) error { // AWS (not an alternate S3-compatible API) and region not // explicitly specified: determine the bucket's region + // GetBucketRegion will attempt to get the region for a bucket using the + // client's configured region to determine which AWS partition to perform the query on. + // The request will not be signed, and will not use your AWS credentials. if s3URL == "" && region == "" { - cfg, err := newConfigBuilder(o.log).WithTLSSettings(insecureSkipTLSVerify, caCert).Build() + regionCfg, err := newConfigBuilder(o.log).WithTLSSettings(insecureSkipTLSVerify, caCert). + // configures anonymous credentials + WithAnonymousCredentials(). + // configures region for GetBucketRegion to query from + WithRegion("us-east-1"). + Build() if err != nil { return errors.WithStack(err) } - client, err := newS3Client(cfg, s3URL, s3ForcePathStyle) + client, err := newS3Client(regionCfg, s3URL, s3ForcePathStyle) if err != nil { return errors.WithStack(err) } From 156fb10e60f865b4c167de043801b690277f90d9 Mon Sep 17 00:00:00 2001 From: Tiger Kaovilai Date: Thu, 25 Jul 2024 12:17:52 -0400 Subject: [PATCH 2/2] Use credentials to GetBucketRegion Signed-off-by: Tiger Kaovilai --- velero-plugin-for-aws/config.go | 5 ----- velero-plugin-for-aws/object_store.go | 31 ++++++++++----------------- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/velero-plugin-for-aws/config.go b/velero-plugin-for-aws/config.go index ce26fa1..b368d91 100644 --- a/velero-plugin-for-aws/config.go +++ b/velero-plugin-for-aws/config.go @@ -31,11 +31,6 @@ func (cb *configBuilder) WithRegion(region string) *configBuilder { return cb } -func (cb *configBuilder) WithAnonymousCredentials() *configBuilder { - cb.opts = append(cb.opts, config.WithCredentialsProvider(aws.AnonymousCredentials{})) - return cb -} - func (cb *configBuilder) WithProfile(profile string) *configBuilder { cb.opts = append(cb.opts, config.WithSharedConfigProfile(profile)) return cb diff --git a/velero-plugin-for-aws/object_store.go b/velero-plugin-for-aws/object_store.go index 4922282..196f5f8 100644 --- a/velero-plugin-for-aws/object_store.go +++ b/velero-plugin-for-aws/object_store.go @@ -137,26 +137,24 @@ func (o *ObjectStore) Init(config map[string]string) error { } } + cfg, err := newConfigBuilder(o.log).WithRegion(region). + WithProfile(credentialProfile). + WithCredentialsFile(credentialsFile). + WithTLSSettings(insecureSkipTLSVerify, caCert).Build() + if err != nil { + return errors.WithStack(err) + } + // AWS (not an alternate S3-compatible API) and region not // explicitly specified: determine the bucket's region // GetBucketRegion will attempt to get the region for a bucket using the // client's configured region to determine which AWS partition to perform the query on. - // The request will not be signed, and will not use your AWS credentials. if s3URL == "" && region == "" { - regionCfg, err := newConfigBuilder(o.log).WithTLSSettings(insecureSkipTLSVerify, caCert). - // configures anonymous credentials - WithAnonymousCredentials(). - // configures region for GetBucketRegion to query from - WithRegion("us-east-1"). - Build() + regionClient, err := newS3Client(cfg, s3URL, s3ForcePathStyle) if err != nil { return errors.WithStack(err) } - client, err := newS3Client(regionCfg, s3URL, s3ForcePathStyle) - if err != nil { - return errors.WithStack(err) - } - region, err = manager.GetBucketRegion(context.Background(), client, bucket) + region, err = manager.GetBucketRegion(context.Background(), regionClient, bucket, func(o *s3.Options) { o.Region = "us-east-1" }) if err != nil { o.log.Errorf("Failed to determine bucket's region bucket: %s, error: %v", bucket, err) return err @@ -164,14 +162,7 @@ func (o *ObjectStore) Init(config map[string]string) error { if region == "" { return fmt.Errorf("unable to determine bucket's region, bucket: %s", bucket) } - } - - cfg, err := newConfigBuilder(o.log).WithRegion(region). - WithProfile(credentialProfile). - WithCredentialsFile(credentialsFile). - WithTLSSettings(insecureSkipTLSVerify, caCert).Build() - if err != nil { - return errors.WithStack(err) + cfg.Region = region } client, err := newS3Client(cfg, s3URL, s3ForcePathStyle)