(nifi) branch main updated: NIFI-14588 Fixed Endpoint Override URL handling in AWS S3 processors

Fri, 06 Jun 2025 09:22:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 07d9066539 NIFI-14588 Fixed Endpoint Override URL handling in AWS S3 
processors
07d9066539 is described below

commit 07d906653988eeda2e8d1740cfbc16b1feed01eb
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Thu Jun 5 10:00:06 2025 +0200

    NIFI-14588 Fixed Endpoint Override URL handling in AWS S3 processors
    
    Signed-off-by: Pierre Villard <[email protected]>
    
    This closes #9991.
---
 .../AbstractAWSCredentialsProviderProcessor.java   | 25 +++++++++++++++++++++-
 .../processors/aws/s3/AbstractS3Processor.java     |  6 ++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
index e4885fa9c3..216cfbfa62 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
@@ -137,6 +137,7 @@ public abstract class 
AbstractAWSCredentialsProviderProcessor<ClientType extends
             REL_FAILURE
     );
 
+    private static final String VPCE_ENDPOINT_SUFFIX = ".vpce.amazonaws.com";
 
     // Member variables
     private final Cache<String, ClientType> clientCache = Caffeine.newBuilder()
@@ -256,10 +257,32 @@ public abstract class 
AbstractAWSCredentialsProviderProcessor<ClientType extends
         }
 
         final String endpointOverride = 
overrideValue.evaluateAttributeExpressions().getValue();
-        return new AwsClientBuilder.EndpointConfiguration(endpointOverride, 
region.getName());
+
+        final String signingRegion;
+        if (isVpceEndpoint(endpointOverride)) {
+            // AWS VPCE endpoints contain the region but the AWS library 
cannot extract it from the URL
+            // e.g. https://vpce-***-***.sqs.{region}.vpce.amazonaws.com
+            signingRegion = region.getName();
+        } else if (isCustomSignerConfigured(context)) {
+            // custom endpoints containing no region info
+            signingRegion = region.getName();
+        } else {
+            // endpoints where the AWS library can parse the region out
+            // including S3 compatible service endpoints with non-AWS regions
+            // e.g. https://s3.{region}.io.cloud.ovh.net
+            signingRegion = null;
+        }
+
+        return new AwsClientBuilder.EndpointConfiguration(endpointOverride, 
signingRegion);
     }
 
+    private boolean isVpceEndpoint(final String endpoint) {
+        return endpoint.endsWith(VPCE_ENDPOINT_SUFFIX);
+    }
 
+    protected boolean isCustomSignerConfigured(final ProcessContext context) {
+        return false;
+    }
 
     @Override
     public List<ConfigVerificationResult> verify(final ProcessContext context, 
final ComponentLog verificationLogger, final Map<String, String> attributes) {
diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/s3/AbstractS3Processor.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/s3/AbstractS3Processor.java
index 86f18b124e..a704d8bca6 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/s3/AbstractS3Processor.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/s3/AbstractS3Processor.java
@@ -324,6 +324,12 @@ public abstract class AbstractS3Processor extends 
AbstractAWSCredentialsProvider
         }
     }
 
+    @Override
+    protected boolean isCustomSignerConfigured(final ProcessContext context) {
+        final AwsSignerType signerType = 
context.getProperty(SIGNER_OVERRIDE).asAllowableValue(AwsSignerType.class);
+        return signerType == CUSTOM_SIGNER;
+    }
+
 
     protected Grantee createGrantee(final String value) {
         if (StringUtils.isEmpty(value)) {

Reply via email to