NSFS | S3 throwing error for empty header and default port for STS #8579
Conversation
naveenpaul1
force-pushed
the
nsfs_error_messages
branch
from
f28a4b4 to
7ae01fc
Compare
| @@ -334,7 +334,7 @@ function _get_arn_from_req_path(req) { | |||
| // we will reintreduce it together with bucket site support. | |||
| function parse_bucket_and_key(req) { | |||
| const { url, headers, virtual_hosts } = req; | |||
| const host = headers.host.split(':')[0]; // cutting off port | |||
| const host = headers?.host?.split(':')[0]; // cutting off port | |||
|
|
|||
There was a problem hiding this comment.
@naveenpaul1 do we need to throw here an error about this missing host header?
how AWS react to this missing host header?
There was a problem hiding this comment.
@romayalon I am not sure how to send the request to AWS s3 without host header, In doc I could see host header is required property for AWS S3. doc
For testing this fix I have to remove the host header inside the code, with curl and httpie are setting minimum header.
There was a problem hiding this comment.
I think this point is still open, if you decide on something could you please update it here?
There was a problem hiding this comment.
@romayalon I sent https request to AWS S3 url {bucket-name}.s3.amazonaws.com without any header and got AccessDenied error. Do we need to return the same error if header is missing?
There was a problem hiding this comment.
@naveenpaul1 if you attach the host header, do you have access to the bucket?
There was a problem hiding this comment.
@romayalon I send the request from JS, to make sure no headers.
const res = await http_utils.make_https_request({
hostname: '{bucket-name}.s3.amazonaws.com',
method: 'GET'
});
Not 100% sure this will send request without any default header, since we cant check in AWS S3 side. It dont have any access credentials.
There was a problem hiding this comment.
@naveenpaul1 we print headers on our logs, try this code directed to NooBaa and check the logs
There was a problem hiding this comment.
@romayalon tried the same even this request have header info
Anonymous request: GET / { host: 'localhost:6443', connection: 'close' }
There was a problem hiding this comment.
curl 127.0.0.1:6001/ --http1.0 -H 'Host:'
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InternalError</Code><Message>We encountered an internal error. Please try again.</Message><Resource>/</Resource><RequestId>m4if1b6o-dvqhe-12x3</RequestId></Error>%
There was a problem hiding this comment.
@romayalon I tried with AWS S3 url and its I didnt get any response for the request.
root:noobaa-core# curl https://{bucket-name}.s3.amazonaws.com --http1.0 -H 'Host:'
root:noobaa-core#
Signed-off-by: naveenpaul1 <[email protected]>
naveenpaul1
force-pushed
the
nsfs_error_messages
branch
from
7ae01fc to
0fbf9d2
Compare
| @@ -896,7 +896,7 @@ config.NSFS_NC_CONFIG_DIR_BACKEND = ''; | |||
| config.NSFS_NC_STORAGE_BACKEND = ''; | |||
| config.ENDPOINT_PORT = Number(process.env.ENDPOINT_PORT) || 6001; | |||
| config.ENDPOINT_SSL_PORT = Number(process.env.ENDPOINT_SSL_PORT) || 6443; | |||
| config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || -1; | |||
| config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || (process.env.NC_NSFS_NO_DB_ENV === 'true' ? -1 : 7443); | |||
There was a problem hiding this comment.
I would just add a comment for us that when we will support STS in NSFS we can remove this condition.
| const https_port_iam = options.https_port_iam || config.ENDPOINT_SSL_IAM_PORT; | ||
|
|
There was a problem hiding this comment.
If you can add back the newline, I think we wanted a separation between the port's definitions and the calls to the functions.
| @@ -112,7 +112,7 @@ async function handle_request(req, res) { | |||
| http_utils.set_cors_headers_s3(req, res, cors); | |||
|
|
|||
| if (req.method === 'OPTIONS') { | |||
| dbg.log1('OPTIONS!'); | |||
| dbg.log1('s3_rest : S3 request method is ', req.method); | |||
There was a problem hiding this comment.
I'm suggesting to add the function name in the logs
| dbg.log1('s3_rest : S3 request method is ', req.method); | |
| dbg.log1('s3_rest handle_request : S3 request method is ', req.method); |
| @@ -334,7 +334,7 @@ function _get_arn_from_req_path(req) { | |||
| // we will reintreduce it together with bucket site support. | |||
| function parse_bucket_and_key(req) { | |||
| const { url, headers, virtual_hosts } = req; | |||
| const host = headers.host.split(':')[0]; // cutting off port | |||
| const host = headers?.host?.split(':')[0]; // cutting off port | |||
|
|
|||
There was a problem hiding this comment.
I think this point is still open, if you decide on something could you please update it here?
Explain the changes
Issues: Fixed #xxx / Gap #xxx
Testing Instructions: