search

deis / postgres

A PostgreSQL database used by Deis Workflow.
https://deis.com
MIT License
36 stars 22 forks source link

fix(postgres): block invalid S3 bucket name #182

Closed greglearns closed 7 years ago

greglearns commented 7 years ago

Using a period in an S3 BUCKET_NAME causes helm install -f values.yaml deis/workflow --namespace=deis to fail.

REPRODUCING THE BUG

Using a period in BUCKET_NAME causes helm install -f values.yaml deis/workflow --namespace=deis to fail with this error:

ssl.CertificateError: hostname 'deis.subdomain.domain.com-registry.s3-us-west-2.amazonaws.com' doesn't match either of 's3-us-west-2.amazonaws.com', '*.s3-us-west-2.amazonaws.com', 's3.us-west-2.amazonaws.com', '*.s3.us-west-2.amazonaws.com', 's3.dualstack.us-west-2.amazonaws.com', '*.s3.dualstack.us-west-2.amazonaws.com', '*.s3.amazonaws.com'
2017/01/14 07:20:04 Error creating the registry bucket: exit status 1

A POSSIBLE FIX

Not sure how to create a test for this (I just started using Deis 4 days ago), but, a hacky test is this:

echo "a.bad.thing-mixed-with-a-good-thing" | sed "s/[.]/-/g"

RELATED ISSUES

https://github.com/deis/workflow/issues/700 https://github.com/deis/workflow/pull/701 (documentation fix)

Note: this bug also exists for https://github.com/deis/registry/blob/master/rootfs/bin/create-bucket#L27

deis-admin commented 7 years ago

Thanks for the contribution! Please ensure your commits follow our style guide. This code will be tested once a Deis maintainer reviews it.

deis-bot commented 7 years ago

@bacongobbler and @paulczar are potential reviewers of this pull request based on my analysis of git blame information. Thanks @greglearns!

bacongobbler commented 7 years ago

This doesn't block invalid S3 bucket names, just substitutes periods for hyphens. Personally I'd prefer we keep the bucket name explicit and point out the S3 issue in the docs with deis/workflow#701. There may be some edge case where a user has worked around this and somehow has periods working.

What do you think?

greglearns commented 7 years ago

Agreed, that perhaps people have a work around that solves it. This PR solves one possible mistake, but not all. The issue still remains that a valid S3 name can still cause problems because of how Deis uses it, which is a bummer. Not sure how to solve that.

bacongobbler commented 7 years ago

I think the documentation should be more than enough for now. I don't think we should prevent users from using dots as it's an issue on S3's end which hopefully will get fixed. Until then the documentation should suffice, I think :)

Thanks for the PR!