-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent infinite loops when handling S3 region redirects #1419
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look good. Assuming all tests pass.
{ | ||
"category": "``s3``", | ||
"type": "bugfix", | ||
"description": "Fix bug where invalidate head_object requests would cause an infinite loop (alternate fix to `#1400 <https://github.com/boto/botocore/issues/1400>`__)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
invalid*
Codecov Report
@@ Coverage Diff @@
## develop #1419 +/- ##
==========================================
+ Coverage 80.69% 80.7% +<.01%
==========================================
Files 87 87
Lines 12131 12135 +4
==========================================
+ Hits 9789 9793 +4
Misses 2342 2342
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Just had a small suggestion on adding another test. But the approach looks fine. I also like the script that you made for testing all of the regions. It gives me a lot more confidence about this 🚢
@@ -339,6 +339,51 @@ def test_resign_request_with_region_when_needed(self): | |||
'?encoding-type=url') | |||
self.assertEqual(calls[1].url, fixed_url) | |||
|
|||
def test_resign_request_in_us_east_1(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be good to have the other case when the initial bad_request_response
should resolve to a 400 on the user side (i.e. bad SSE-C key case). It looks like there is a integration test for this, but it would be nice if there was a functional or unit test as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a test for this case in 68b3997
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢
This adds an alternate fix for #1409 . I've pulled in @joguSD's patch and added additional unit/integration tests.
The fix is to set a flag when we redirect the first time and verify we haven't previously redirected on subsequent requests. I also added an integration test for the specific case mentioned in #1400.
As for the regression caused from #1409, we need buckets with DNS propagated in order to actually test this, but I did write a one off integration test to verify this works as expected. I don't think it makes sense to include in our main integration test suite, I think the unit/functional tests suffice. If you're curious though, here's the test: https://gist.github.com/jamesls/9e1f0eb8e6b632f62ea5cb38131de2ae