[ https://issues.apache.org/jira/browse/NIFI-7008?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard resolved NIFI-7008. ---------------------------------- Resolution: Fixed When testing recent versions of NiFi with recent versions of MinIO, I cannot reproduce this problem and it properly uses Signature v4. > PutS3Object: Invalid V4 Authorization Header When Using Custom S3 Blobstore > --------------------------------------------------------------------------- > > Key: NIFI-7008 > URL: https://issues.apache.org/jira/browse/NIFI-7008 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions > Affects Versions: 1.10.0 > Environment: Nifi 1.10.0, connecting to MinIO 2019-12-19 > S3-Compatible Blobstore > Reporter: Matt M > Priority: Minor > > Hello! > Some background: I'm currently attempting to use a {{PutS3Object}} processor > in Nifi {{1.10.0}} to upload an object to a [MinIO|https://min.io/] cluster. > The MinIO cluster is configured to act as an S3-compatible blobstore in the > {{us-east-1}} region. The MinIO cluster is running on an internal private > network at my company at https://s3.mydomain.mycompany.com . > The {{PutS3Object}} processor is configured thusly: > - {{Bucket}}: {{mybucket}} > - {{Region}}: {{US East (N. Virginia)}} > - {{Endpoint Override URL}}: {{https://s3.mydomain.mycompany.com:9000}} > - {{Signer Override}}: {{Signature v4}} > All other options are left at their default values. > What happens when I attempt to use the processor to put a file into MinIO is > that the processor shows an error like the following: {{Status Code: 400, > Error Code: AuthorizationHeaderMalformed}}. > After some debugging, it looks like that the HTTP {{Authorization}} header > being generated by Nifi isn't quite what I would expect. The > {{Authorization}} header starts off like this: > {noformat} > Authorization: AWS4-HMAC-SHA256 > Credential=AKIAIOSFODNN7EXAMPLE/20200111/mydomain/s3/aws4_request ... > {noformat} > Whereas what I would _expect_ is something more like this: > {noformat} > Authorization: AWS4-HMAC-SHA256 > Credential=AKIAIOSFODNN7EXAMPLE/20200111/us-east-1/s3/aws4_request ... > {noformat} > The current behaviour seems to be: take part of the domain from the > {{Endpoint Override URL}} and use that as the region inside of the > {{Authorization}} header, instead of using the {{Region}} that was specified. > As a workaround for now we can use {{Signature v2}} instead, but how long > MinIO will continue to support {{Signature v2}} at this time is unknown. > Would it be possible to fix the S3 family of processors so that they use the > {{Region}} being specified instead of attempting to extract the region from > the URL instead? -- This message was sent by Atlassian Jira (v8.20.10#820010)