Cache doesn't work with AWS S3 if using FIPS endpoints
When using AWS S3 FIPS endpoints, cache operations fail.
For example, when using the following cache configuration for runner
[runners.cache]
Type = "s3"
Shared = true
[runners.cache.s3]
ServerAddress = "s3-fips.us-east-1.amazonaws.com"
AccessKey = "<AWS_ACCESS_KEY_ID>"
SecretKey = "<AWS_SECRET_ACCESS_KEY>"
BucketName = "foobar-bucket"
BucketLocation = "us-east-1"
We see logs similar to the following
Saving cache for successful job
Creating cache test-cache-1-protected...
test_file: found 1 matching files and directories
Uploading cache.zip to https://foobar-bucket.s3-fips.us-east-1.amazonaws.com/project/36878543/test-cache-1-protected
FATAL: received: 400 Bad Request
Failed to create cache
On debugging more, we find that the presigned URL used by cache-archiver
, when visited via browser shows the following error message
Error parsing the X-Amz-Credential parameter; the region 'fips.us-east-1' is wrong; expecting 'us-east-1'
On investigating more, found that this actually stems from the underlying minio-go
library. Opened an issue and a PR upstream. The PR has been merged, so it should be fixed in the next version of the library. When that is out, we should bump our dependency to that. This issue is intended to track that update.