Add signing region for use with custom endpoint. (#4064)

* Add signing region for use with custom endpoint.

* Add comment

CHANGELOG.md

@@ -14,6 +14,11 @@ v0.34.0-rc.2 (2023-06-06)
 
 - `prometheus.operator.podmonitors` and `prometheus.operator.servicemonitors` can now access cluster secrets for authentication to targets. (@captncraig)
 
+### Bugfixes
+
+- Add signing region to remote.s3 component for use with custom endpoints so that Authorization Headers work correctly when
+  proxying requests. (@mattdurham)
+
 v0.34.0-rc.1 (2023-06-02)
 --------------------
 

component/remote/s3/s3.go

@@ -135,7 +135,9 @@ func generateS3Config(args Arguments) (*aws.Config, error) {
 	// Override the endpoint.
 	if args.Options.Endpoint != "" {
 		endFunc := aws.EndpointResolverWithOptionsFunc(func(service, region string, _ ...interface{}) (aws.Endpoint, error) {
-			return aws.Endpoint{URL: args.Options.Endpoint}, nil
+			// The S3 compatible system used for testing with does not require signing region, so it's fine to be blank
+			// but when using a proxy to real S3 it needs to be injected.
+			return aws.Endpoint{URL: args.Options.Endpoint, SigningRegion: args.Options.SigningRegion}, nil
 		})
 		endResolver := aws_config.WithEndpointResolverWithOptions(endFunc)
 		configOptions = append(configOptions, endResolver)

component/remote/s3/types.go

@@ -25,12 +25,13 @@ type Arguments struct {
 
 // Client implements specific AWS configuration options
 type Client struct {
-	AccessKey    string            `river:"key,attr,optional"`
-	Secret       rivertypes.Secret `river:"secret,attr,optional"`
-	Endpoint     string            `river:"endpoint,attr,optional"`
-	DisableSSL   bool              `river:"disable_ssl,attr,optional"`
-	UsePathStyle bool              `river:"use_path_style,attr,optional"`
-	Region       string            `river:"region,attr,optional"`
+	AccessKey     string            `river:"key,attr,optional"`
+	Secret        rivertypes.Secret `river:"secret,attr,optional"`
+	Endpoint      string            `river:"endpoint,attr,optional"`
+	DisableSSL    bool              `river:"disable_ssl,attr,optional"`
+	UsePathStyle  bool              `river:"use_path_style,attr,optional"`
+	Region        string            `river:"region,attr,optional"`
+	SigningRegion string            `river:"signing_region,attr,optional"`
 }
 
 const minimumPollFrequency = 30 * time.Second

docs/sources/flow/reference/components/remote.s3.md

@@ -51,14 +51,16 @@ client | [client][] | Additional options for configuring the S3 client. | no
 
 The `client` block customizes options to connect to the S3 server.
 
-Name | Type | Description | Default | Required
----- | ---- | ----------- | ------- | --------
-`key` | `string` | Used to override default access key. | | no
-`secret` | `secret` | Used to override default secret value. | | no
-`endpoint` | `string` | Specifies a custom url to access, used generally for S3-compatible systems. | | no
-`disable_ssl` | `bool` | Used to disable SSL, generally used for testing. | | no
+Name | Type | Description                                                                             | Default | Required
+---- | ---- |-----------------------------------------------------------------------------------------| ------- | --------
+`key` | `string` | Used to override default access key.                                                    | | no
+`secret` | `secret` | Used to override default secret value.                                                  | | no
+`endpoint` | `string` | Specifies a custom url to access, used generally for S3-compatible systems.             | | no
+`disable_ssl` | `bool` | Used to disable SSL, generally used for testing.                                        | | no
 `use_path_style` | `string` | Path style is a deprecated setting that is generally enabled for S3 compatible systems. | `false` | no
-`region` | `string` | Used to override default region. | | no
+`region` | `string` | Used to override default region.                                                        | | no
+`signing_region` | `string` | Used to override the signing region when using a custom endpoint.                       | | no
+
 
 ## Exported fields