search

mcohen01 / amazonica

A comprehensive Clojure client for the entire Amazon AWS api.
1.01k stars 202 forks source link

Make S3 client side encryption respect specified endpoints #479

Closed iarenaza closed 3 months ago

iarenaza commented 4 months ago

When creating "regular" S3 clients (clients not using client side encryption), if an endpoint if configured for that client (using any of the available mechanisms), that endpoint is used to create the client builder. But the same thing doesn't happen when creating S3 clients with client side encryption. In that case, the configured endpoint is ignored (not used in the client builder), and the default behavior (of AWS SDK) is to fallback to building the endpoint from the region name.

Which prevents the whole thing from working if one is using a S3-compatible service from another cloud provider. E.g., in our case the OVH S3 compatible service, where the region (in our case) is "rbx", and the actual endpoint (again, in our case) is "https://s3.rbx.io.cloud.ovh.net". But Amazonica ends up using "http://s3.rbx.amazonaws.com" as the endpoint for the request, and the request obviously fails: the credentials are not valid for AWS, the bucket name does not exist in AWS, etc.

This patch implements the same approach used to create "regular" S3 clients, to the creation of S3 clients with client side encryption.

mcohen01 commented 3 months ago

0.3.167 is on clojars