Fix S3 cache access for buckets located outside US
What does this MR do?
Previously if ServerAddress were set to to s3.amazonaws.com, the
dual-stack S3 endpoints were disabled since the AWS SDK does not allow
you to set a custom endpoint and enable the dual-stack option
simultaneously.
We had one customer that appears to rely on the dual-stack endpoint,
possibly because the IPv4 endpoint is firewalled or proxied. To make
existing configurations work, avoid setting a custom endpoint if
ServerAddress is the default AWS S3 endpoint.
Relates to #38277 (closed)
Why was this MR needed?
Customers that relied on dual-stack endpoints may find that the upgrade to AWS SDK v2 in !4987 (merged) may no longer work if ServerAddress is set to anything with *.s3.amazonaws.com, including s3.amazonaws.com.
- With GitLab Runner v17.5.0, which uses the AWS SDK, the requests failed because
ServerAddresspoints to the legacy global endpoint, https://s3.amazonaws.com. - This previously worked in older GitLab Runner versions because the Minio SDK essentially ignores whatever is stored in
ServerAddressas long as it ends withs3.amazonaws.com. For example, for a bucket ineu-south-1, the Minio SDK looks up the endpoint foreu-south-1and returnss3.dualstack.eu-south-1.amazonaws.com. - In contrast, the AWS SDK assumes that if you provide a custom
ServerAddressthen that it should use that.
What's the best way to test this MR?
- Define a cache that sets
ServerAddresstos3.amazonaws.com:
[runners.cache.s3]
ServerAddress = "s3.amazonaws.com"
BucketName = "example"
BucketLocation = "us-west-2"- Launch a CI job that uses the cache.
- Observe that before the
Downloading cachemessage showshttps://<bucket>.s3.amazonaws.com. With this change it should showhttps://<bucket>.s3.dualstack.<region>.amazonaws.com
What are the relevant issue numbers?
Edited by Stan Hu