wikimedia / operations-software-tegola / 155fb5518

47%

v0.13.x: 46%

push

github

Add proxy_host setting to the S3 cache.

This change is a test to figure out if Tegola can
use a local proxy to connect to its S3 endpoint
(in our case, Thanos Swift). With the current code
it is not enough to set the endpoint arg to something
like http://localhost:port, since Request Signing
is affected ending up in a HTTP 403 returned by
Thanos with the following error:

"""
SignatureDoesNotMatch: The request signature we calculated
does not match the signature you provided.
Check your key and signing method.
"""

After reading https://github.com/aws/aws-sdk-go/issues/1473
it seems that the issue is related to the HTTP Host header,
that in the case of a local proxy is set to "localhost:port",
and it is not what it needs to be ("thanos-swift.discovery.wmnet").
As suggested in the gh issue, fixing the client is a quick
way to circumvent the problem. Other roads could be to update
envoy (our local proxy) to fix  request signing on Tegola's
behalf, but the envoy filter that does that is currently in
experimental state (not suggested to be used in production).

If this test works we can decide what to do, possibly sending
a patch to upstream to discuss it further.

Bug: T344324
Change-Id: I96f03961b

8 of 18 new or added lines in 1 file covered. (44.44%)

6563 of 13994 relevant lines covered (46.9%)

251.42 hits per line