HADOOP-19740. S3A: add explicit "sdk" and "ec2" regions for region resolution. #8058
+1,006
−172
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
💔 -1 overall
This message was automatically generated. |
Contributor
Author
|
running full test suites with java17 and the test region set to sdk. as usual, it's that forked |
…solution. * Pull out region resolution to new class RegionResolution for isolation and testing through TestRegionResolution. * Add new "sdk" and "ec2" mappings to hand down to SDK * Test in ITestS3AEndpointRegion to verify that either the SDK fails to resolve with an SDK message or it does resolve to *something* and the test assert fails instead.
IF the region == ec2 then we don't handle off to the SDK chain, instead only use the bit of the SDK for metadata retrieval. Nominally private/unstable, but cloudstore has used it in the past... If it is removed after an SDK update, we will have to handle it.
steveloughran
force-pushed
the
s3/HADOOP-19740-regions
branch
from
ec5ae6b to
6f662bf
Compare
|
💔 -1 overall
This message was automatically generated. |
...and no attempt to fall back to central-1 here. You no longer need to declare a region for a third party store; endpoint is enough.
|
💔 -1 overall
This message was automatically generated. |
Contributor
Author
|
also, I think we may want to add an enum of fallbacks this would define the policy for calculating the region of a bucket which isn't set explicitly, or inferred from the endpoint (vpce, aws, external). today's behaviour is "central", which doesn't work when the network is locked down in a VPC in a different region. if you set ec2 or sdk, then unless the region is declared (or set to those explicit region names) then the fallback will be whichever of the defaults. There's one more thing to consider here: should we always do an EC2/IAM probe before falling back to central? I think the fallback option has better compatibility. now, given we are doing ec2 region resolution in our own code, we have a choice of what to do when the resolution fails. so what does mean? so maybe we only need two fallbacks |
Contributor
Author
|
@mukund-thakur @ahmarsuhail thoughts on what I'm doing here? I'm coming round to
|
| // allow this if people really want it; it is OK to rely on this | ||
| // when deployed in EC2. | ||
| WARN_OF_DEFAULT_REGION_CHAIN.warn(SDK_REGION_CHAIN_IN_USE); | ||
| DEFAULT_REGION_CHAIN.info(SDK_REGION_CHAIN_IN_USE); |
Contributor
There was a problem hiding this comment.
So we tell sdk to determine the region by not setting anything in the builder.
Contributor
There was a problem hiding this comment.
can we cut the log on line 324, we're logging the same thing twice
|
|
||
| // If the region was configured, set it. | ||
| // this includes special handling of the sdk, ec2 and "" regions. | ||
| if (configuredRegion != null) { |
Contributor
There was a problem hiding this comment.
Where is the not configured else part?
Contributor
There was a problem hiding this comment.
Okay from line 451 I guess.
If fs.s3a.endpoint.region is not set we fall back to fs.s3a.endpoint.. old stuff.
| * @param endpoint non-null endpoint URL | ||
| * @return true if this is amazonaws or amazonaws china | ||
| */ | ||
| public static boolean isAwsEndpoint(final String endpoint) { |
Contributor
There was a problem hiding this comment.
can there be other cases. How do we test this?
Contributor
There was a problem hiding this comment.
let's move this into utils, as it's a commonly required method. can see it also exists in NetworkBinding
| } | ||
|
|
||
| final Region r = resolution.getRegion(); | ||
| if (r != null && Region.regions().contains(r)) { |
Contributor
There was a problem hiding this comment.
shouldn't this be a !? doesn't contain?
ahmarsuhail
requested changes
Nov 18, 2025
Contributor
ahmarsuhail
left a comment
ahmarsuhail
left a comment
There was a problem hiding this comment.
Have done a high level review..this code always gives me a headache.
will take another look tomorrow
|
|
||
| /** | ||
| * Parses the endpoint to get the region. | ||
| * If endpoint is the central one, use US_EAST_2. |
Contributor
There was a problem hiding this comment.
need to update the java doc here, as we are no longer falling back to US_EAST_2
| * @param endpoint non-null endpoint URL | ||
| * @return true if this is amazonaws or amazonaws china | ||
| */ | ||
| public static boolean isAwsEndpoint(final String endpoint) { |
Contributor
There was a problem hiding this comment.
let's move this into utils, as it's a commonly required method. can see it also exists in NetworkBinding
| final String endpointStr = parameters.getEndpoint(); | ||
| boolean endpointDeclared = endpointStr != null && !endpointStr.isEmpty(); | ||
| // will be null if endpointStr is null/empty | ||
| final URI endpoint = buildEndpointUri(endpointStr, |
Contributor
There was a problem hiding this comment.
can just do
if (endpointDeclared) {
buildEndpointUri(
}
Comment on lines
+436
to
+439
| } else if (isEc2Region(configuredRegion)) { | ||
| // special EC2 handling | ||
| final Resolution r = getS3RegionFromEc2IAM(); | ||
| resolution.withRegion(r.getRegion(), r.getMechanism()); |
Contributor
There was a problem hiding this comment.
do we really need this? the SDK will call IMDS in it's region resolution chain anyway.
the InstanceProfileRegionProvider is marked SdkProtectedApi, so i'm worried if it changes across SDK versions, it's just going to make upgrading more of a pain
| if (!endpointDeclared || isAwsEndpoint(endpointStr)) { | ||
| // still failing to resolve the region | ||
| // fall back to central | ||
| resolution.withRegion(US_EAST_2, RegionResolutionMechanism.FallbackToCentral); |
Contributor
There was a problem hiding this comment.
should we change the fallback to US_EAST_1? We had to do US_EAST_2 during the initial upgrade because there was no cross-region client then, but now US_EAST_1 works and restores consistent behaviour with the 3.3.x versions.
For context, we recently had a customer who was trying to upgrade 3.4.x, and they had access to US_EAST_2, and couldn't figure out why there requests were failing
| // allow this if people really want it; it is OK to rely on this | ||
| // when deployed in EC2. | ||
| WARN_OF_DEFAULT_REGION_CHAIN.warn(SDK_REGION_CHAIN_IN_USE); | ||
| DEFAULT_REGION_CHAIN.info(SDK_REGION_CHAIN_IN_USE); |
Contributor
There was a problem hiding this comment.
can we cut the log on line 324, we're logging the same thing twice
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
How was this patch tested?
New tests.
For code changes:
LICENSE,LICENSE-binary,NOTICE-binaryfiles?