Skip to content

Commit

Permalink
fix(operator): Configure Loki to use virtual-host-style URLs for S3 A…
Browse files Browse the repository at this point in the history
…WS endpoints (#12469)
  • Loading branch information
btaani authored Apr 10, 2024
1 parent 2e32ec5 commit 0084262
Show file tree
Hide file tree
Showing 6 changed files with 155 additions and 77 deletions.
1 change: 1 addition & 0 deletions operator/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## Main

- [12469](https://github.com/grafana/loki/pull/12469) **btaani**: Configure Loki to use virtual-host-style URLs for S3 AWS endpoints
- [12181](https://github.com/grafana/loki/pull/12181) **btaani**: Improve validation of provided S3 storage configuration
- [12370](https://github.com/grafana/loki/pull/12370) **periklis**: Update Loki operand to v2.9.6
- [12333](https://github.com/grafana/loki/pull/12333) **periklis**: Bump max OpenShift version to next release
Expand Down
10 changes: 6 additions & 4 deletions operator/internal/handlers/internal/storage/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,8 @@ func extractS3ConfigSecret(s *corev1.Secret, credentialMode lokiv1.CredentialMod
roleArn = s.Data[storage.KeyAWSRoleArn]
audience = s.Data[storage.KeyAWSAudience]
// Optional fields
region = s.Data[storage.KeyAWSRegion]
region = s.Data[storage.KeyAWSRegion]
forcePathStyle = !strings.HasSuffix(string(endpoint), awsEndpointSuffix)
)

sseCfg, err := extractS3SSEConfig(s.Data)
Expand All @@ -413,9 +414,10 @@ func extractS3ConfigSecret(s *corev1.Secret, credentialMode lokiv1.CredentialMod
}

cfg := &storage.S3StorageConfig{
Buckets: string(buckets),
Region: string(region),
SSE: sseCfg,
Buckets: string(buckets),
Region: string(region),
SSE: sseCfg,
ForcePathStyle: forcePathStyle,
}

switch credentialMode {
Expand Down
57 changes: 57 additions & 0 deletions operator/internal/handlers/internal/storage/secrets_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (

configv1 "github.com/grafana/loki/operator/apis/config/v1"
lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
"github.com/grafana/loki/operator/internal/manifests/storage"
)

func TestHashSecretData(t *testing.T) {
Expand Down Expand Up @@ -617,6 +618,62 @@ func TestS3Extract(t *testing.T) {
}
}

func TestS3Extract_S3ForcePathStyle(t *testing.T) {
tt := []struct {
desc string
secret *corev1.Secret
wantOptions *storage.S3StorageConfig
}{
{
desc: "aws s3 endpoint",
secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{
"endpoint": []byte("https://s3.region.amazonaws.com"),
"region": []byte("region"),
"bucketnames": []byte("this,that"),
"access_key_id": []byte("id"),
"access_key_secret": []byte("secret"),
},
},
wantOptions: &storage.S3StorageConfig{
Endpoint: "https://s3.region.amazonaws.com",
Region: "region",
Buckets: "this,that",
},
},
{
desc: "non-aws s3 endpoint",
secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "test"},
Data: map[string][]byte{
"endpoint": []byte("https://test.default.svc.cluster.local:9000"),
"region": []byte("region"),
"bucketnames": []byte("this,that"),
"access_key_id": []byte("id"),
"access_key_secret": []byte("secret"),
},
},
wantOptions: &storage.S3StorageConfig{
Endpoint: "https://test.default.svc.cluster.local:9000",
Region: "region",
Buckets: "this,that",
ForcePathStyle: true,
},
},
}

for _, tc := range tt {
tc := tc
t.Run(tc.desc, func(t *testing.T) {
t.Parallel()
options, err := extractS3ConfigSecret(tc.secret, lokiv1.CredentialModeStatic)
require.NoError(t, err)
require.Equal(t, tc.wantOptions, options)
})
}
}

func TestS3Extract_WithOpenShiftTokenCCOAuth(t *testing.T) {
fg := configv1.FeatureGates{
OpenShift: configv1.OpenShiftFeatureGates{
Expand Down
Loading

0 comments on commit 0084262

Please sign in to comment.