improve S3 vhost matching on any domain #7870

bentsku · 2023-03-14T22:42:24Z

While testing lambda transparent endpoint injection, @thrau came across the issue that we were too restrictive with our domain matching. This is also part of @simonrw #7774, and should simplify the logic concerning matching on external hostname. @whummer also came across the new provider issue at the same time today.

This PR is building on the new test Waldemar implemented, and add more scenarios where we should properly match the route. This should be merged right after #7868.

The only question I have is: is s3.localhost.localstack.cloud:{edge_port} always resolvable from LocalStack? Or is it safer to target localhost when proxying the request to ourselves? I'd rather target s3.localhost.localstack.cloud:{edge_port} as the service parser will match more effectively against S3 than localhost.
edit: after checking with Thomas and Waldemar, it's faster to use localhost for the loopback network device. So we're target the request to localhost, but set the Host header to s3.localhost.localstack.cloud:{edge_port} to allow the service name parser to short-circuit and quickly know it's an S3 request.

whummer

Looks great, thanks for jumping on this @bentsku ! 🚀

The only question I have is: is s3.localhost.localstack.cloud:{edge_port} always resolvable from LocalStack? Or is it safer to target localhost when proxying the request to ourselves? I'd rather target s3.localhost.localstack.cloud:{edge_port} as the service parser will match more effectively against S3 than localhost.

I like the approach you've taken here - it's a good mix of efficient forwarding on loopback (using config.get_edge_url()), as well as forwarding the *.s3.localhost.localstack.cloud host header to facilitate service name parsing.

Minor nitpick - but will pick it up in the other branch (no need to change). 👍

whummer · 2023-03-15T10:05:57Z

localstack/services/s3/virtual_host.py


        If the region is contained in the host-name we remove it (for now) as moto cannot handle the region correctly

        :param url: the original url
+        :param domain: the domain name
        :param bucket: the bucket name
        :param region: the region name
        :return: re-written url as string


nit: could add the port parameter to the docstring as well

Oops, thanks for catching that!

This brings along #7870

bentsku requested a review from macnev2013 as a code owner March 14, 2023 22:42

bentsku requested review from whummer and thrau March 14, 2023 22:43

bentsku self-assigned this Mar 14, 2023

bentsku added the aws:s3 Amazon Simple Storage Service label Mar 14, 2023

bentsku changed the title ~~improve S3 vhost matching to access any domain~~ improve S3 vhost matching on any domain Mar 14, 2023

bentsku added 2 commits March 15, 2023 02:45

rework s3 virtual host addressing

f75b7c4

use config.get_edge_url() as forward_base_url

97c345b

bentsku force-pushed the s3-improve-vhost-match branch from b36e946 to 97c345b Compare March 15, 2023 01:45

whummer approved these changes Mar 15, 2023

View reviewed changes

whummer merged commit 5ae8605 into s3-favicon Mar 15, 2023

whummer deleted the s3-improve-vhost-match branch March 15, 2023 11:00

simonrw added a commit that referenced this pull request Mar 15, 2023

Merge branch 'master' into network-unification

fa16a0d

This brings along #7870

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

improve S3 vhost matching on any domain #7870

improve S3 vhost matching on any domain #7870

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

improve S3 vhost matching on any domain #7870

improve S3 vhost matching on any domain #7870

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!