Explicit configuration for cache s3 authentication type
What does this MR do?
Currently, when a customer is using the s3 cache, the ServerAddress
is not honored if IAM is being used. This MR fixes that by passing in the ServerAddress
to the initialization call that creates the S3 Client.
There is also a wider problem of the s3 cache configuration being a little confusing. If ServerAddress
, AccessKey
, or SecretKey
are blank, IAM is used. Otherwise, root credentials are used.
To improve this, we will add a new field AuthenticationType
where the user can explicitly indicate which authentication type should be used.
Why was this MR needed?
Certain customers need to specify a custom S3 server address.
What's the best way to test this MR?
- Create a job with cache enabled. Put in some non
s3.amazonaws.com
value for theServerAddress
.
config.toml
[[runners]]
name = "my-runner"
url = "https://gitlab.com/"
token = "j8y53CNvsxHCsi9R_jOuq"
executor = "shell"
[runners.custom_build_dir]
[runners.cache]
Type = "s3"
[runners.cache.s3]
ServerName = "s3.my-custom-url.com"
AuthenticationType = "IAM"
BucketName = "mybucket"
BucketLocation = "us-west-1"
.gitlab-ci.yaml
cache:
key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
paths:
- cached_file
job:
script:
- echo "generating file to be cached if it isn't cached."
- if [ ! -f cached_file ]; then echo 'some important data' > cached_file; else echo "Reusing cached_file."; fi;
When you run the job, you should see an error message with the custom url in the logs indicating the ServerAddress
got passed into the API call.
WARNING: Retrying... error=Put "https://s3.my-custom-url.com/mybucket/cached_file/project/28145097/job-china-sws?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA3M5AY5I232KN3JF5%2F20210830%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20210830T171909Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEIn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCWV1LXdlc3QtMSJIMEYCIQCDriDdOzEirhWEHl2feSQH30VZmrL%2FXDSTUiTFDyuGEwIhAIKGq9IK2UZCTg3iTLNtEam9%2FER5ZX%2B%2F1kDaQRJjC0RlKoMECML%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMNzgzNjMxODM3NzQ5IgzFAvKhmdvXdEgtrGQq1wOsYKKPHryVee%2Br8pj00SVtV%2FN9pbeWAEy1RmYQp2dWEGVqL%2B%2FvwhMsb23rfMFQ2QgyxSj05agQmxKfL1bx8QUKeX%2BqVUaUIOSgKZwCqxacphNb2V%2BqEqMAbU4pvNN7cN1zY2eJ7YoAgGNzd6SrcPGeZZmLzsAadedrCJSQznEhOzLruNLQKVGx8unUJODuLANKYUnfkrLgkdbfmU%2FO1qikCpjsW7pfcWOI61bLAB8eZL2RXr0rkhAIJHWYG%2Fl%2BHbxmENrk6T%2FgTpP7ZoGnL3Vd6DvGMulMxXROTdsmGKptzKdUdpzhl3WpA4IPX0h4NzvQQRYURDbVrrDxpCWV99cVIH7ctS%2FqbUMQpKMFPNxY5YjHny1yLGPgwkN3W9bfmwLzbk3SJGfpLJo62UqCG3LxzkDlmvhGInCiPVsHewcHXVCJDBXGmdp4%2BggobxFQMG5%2FUc60U4uRC9IKXddQOoAD6kybdrd19WxbzuVPanMzxdGGO28p08DWBLb%2FJ%2FjDmIboQKYSbnxR%2BlWzq%2BjXK0CPKTzDKOrV5ob33salNcTj%2BZYBqVOtRMkqvfhoQirIPxyYwSNz0jYHcFEVARLtUM6Z8Q4LDDT1zAVI87nWm02hBqEl2cVhSFQwn6C0iQY6pAFtzuZCvTLNRXsY4TITPtI8xRtpudBcaIn1HiimGby8w3NVpPpgq1nvSabXfEKlru28O%2FbOpzmQzEUJSrd0UloCooWR7t8jJhkC503yfvN6m8EPwYh%2FyQy%2BIKhADkmIsHlmLktM2auNpfKQojgbdUG60TDgk3xOQE7Ls04TCPhOw3t%2FJGPFs5N539TMJFD6iW5zYKu0Sd93Rcauoj4TrwP5S8%2BZaA%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=f8746c8e7e746623c8e86e34f60edcadad91675f2ea6de2cd8bab3083ddbfe5a": dial tcp: lookup customurl.whatever.com: no such host
To ensure that root credentials also work, repeat this process with
config.toml
[[runners]]
name = "my-runner"
url = "https://gitlab.com/"
token = "j8y53CNvsxHCsi9R_jOuq"
executor = "shell"
[runners.custom_build_dir]
[runners.cache]
Type = "s3"
[runners.cache.s3]
ServerName = "s3.my-custom-url.com"
AuthenticationType = "credentials"
AccessKey = "<fill this in>"
SecretKey = "<fill this in>"
BucketName = "mybucket"
BucketLocation = "us-west-1"