Return an informative error message when using 'api/v1' for S3 GW endpoint

[itaigilo]

Closes #3082

Change Description

Quite a few users are trying sometimes to access the S3 Gateway using an endpoint starting with /api/v1.
This used to lead to a NoSuchBucket 404 error.

After the fix, such scenario leads to a 404 error, but with a different message:

Using lakeFS API URI as the endpoint. Try removing the 'api/v1/' part from the endpoint.

[github-actions]

E2E Test Results - DynamoDB Local - Local Block Adapter

[arielshaqed]

Thanks, great improvement! Requesting changes to help users who legitimately have a bucket "api" and a tag "v1".

[arielshaqed]

Perhaps afford people an explanation? I'm thinking of the poor user who has a repo named "api" and manages to mitype a branch name "v1"

[itaigilo]

Can you squeeze more into an error message?
If so - any suggestions on how to improve this?

[arielshaqed]

Hmmm... good thing they don't deduct bandwidth for errors from my paycheck. I'd go with a definitive error message, followed by a suggestion:

Suggested change

	Description: "Using lakeFS API URI as the endpoint. Try removing the 'api/v1/' part from the endpoint.",
	Description: `Repository "api" not found; this can happen if your endpoint URL mistakenly ends in "` + apiutil.BaseURL + `".`,

(the ` is an alternative quotation mark that reduces the number of backslashes needed here.)

[arielshaqed]

Or just state what this is. If I want to know who added this code, GitHub has excellent blame.

[itaigilo]

Makes sense. Done.

[arielshaqed]

This has to be defined on some constant. Can we use that constant here?

[itaigilo]

You are right. Done.

[arielshaqed]

Don't we need to fail to find a bucket first?

[itaigilo]

Nope. As far as I understand this, it's the last line before turning to the ErrNoSuchBucket error.

[arielshaqed]

Thanks!

How was this tested? OK to pull with only a manual test, but if you do then please also add a test in a later PR.

[arielshaqed]

Hmmm... good thing they don't deduct bandwidth for errors from my paycheck. I'd go with a definitive error message, followed by a suggestion:

Suggested change

	Description: "Using lakeFS API URI as the endpoint. Try removing the 'api/v1/' part from the endpoint.",
	Description: `Repository "api" not found; this can happen if your endpoint URL mistakenly ends in "` + apiutil.BaseURL + `".`,

(the ` is an alternative quotation mark that reduces the number of backslashes needed here.)

[arielshaqed]

You added the test -- yay! -- but I suspect that it is broken because /api/v1 needs to be a prefix of the path of the URL. So now I'm requesting that change.

[arielshaqed]

I think that this is backwards!?

[N-o-Z]

Thanks!
The code looks good, some comments on the test

[N-o-Z]

Suggested change

	endpoint := "/api/v1" + viper.GetString("s3_endpoint")
	endpoint := viper.GetString("s3_endpoint") + apiutil.BaseURL

[N-o-Z]

This will panic if err is nil. You need to check

[N-o-Z]

also, not sure but I think you can use require.ErrorIs

[N-o-Z]

Better for forward compatibility

Suggested change

	t.Run("use_api_v1_for_client_endpoint", func(t *testing.T) {
	t.Run("use_open_api_for_client_endpoint", func(t *testing.T) {

[itaigilo]

Well, the test I've added fails, for:

minio.New: Endpoint url cannot have fully qualified paths.

I'm using s3.local.lakefs.io:8000/api/v1 for the endpoint of minio, but this isn't allowed (no extra path is allowed, only hostname).

@arielshaqed @N-o-Z Can you think of another way to test this, or should I release it without the test?

[N-o-Z]

Well, the test I've added fails, for:

minio.New: Endpoint url cannot have fully qualified paths.

I'm using s3.local.lakefs.io:8000/api/v1 for the endpoint of minio, but this isn't allowed (no extra path is allowed, only hostname).

@arielshaqed @N-o-Z Can you think of another way to test this, or should I release it without the test?

One possible option is not using a minio client.
Bottom line you are testing an http server and want to check that when you initiate a request with a certain path prefix you get a specific error. There are several ways to test that I assume

[itaigilo]

One possible option is not using a minio client. Bottom line you are testing an http server and want to check that when you initiate a request with a certain path prefix you get a specific error. There are several ways to test that I assume

Yeah this makes sense -
But I don't think it's worth the effort for this case.
Unless you think it'll be a useful infra for the future (I don't think so, but I probably don't have enough context)?

[N-o-Z]

One possible option is not using a minio client. Bottom line you are testing an http server and want to check that when you initiate a request with a certain path prefix you get a specific error. There are several ways to test that I assume

Yeah this makes sense - But I don't think it's worth the effort for this case. Unless you think it'll be a useful infra for the future (I don't think so, but I probably don't have enough context)?

If there's a scenario, we need to test it.
Adding an automated test protects us from regression

[N-o-Z]

Some additional comments

[N-o-Z]

Suggested change

	require.NotNil(t, listErr)
	require.Contains(t, listErr.Error(), `Repository "api" not found`)
	require.ErrorContains(t, listErr, gtwerrors.ErrNoSuchBucketPossibleAPIEndpoint.Error())

[N-o-Z]

Suggested change

	_, listErr := s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{Bucket: aws.String("test")})
	_, listErr := s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{Bucket: aws.String("not-exists")})

[N-o-Z]

Suggested change

	_, listErr := s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{Bucket: aws.String("test")})
	require.NotNil(t, listErr)
	require.NotContains(t, listErr.Error(), `Repository "api" not found`)
	_, listErr := s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{Bucket: aws.String("not-exist")})
	require.ErrorContains(t, listErr, gtwerrors.ErrNoSuchBucket.Error())

[itaigilo]

Rewrote the tests, PTAL 🙏

[N-o-Z]

Excellent work! I have one suggestion but not blocking

[N-o-Z]

Nice one

[N-o-Z]

Just as thought,
There are several places who use testutil.SetupTestS3Client to change the endpoint (as you already noticed).
Suggest to put this func under the testutil package and use it in all the places where testutil.SetupTestS3Client is called.

[arielshaqed]

I would prefer not to do this. viper state is, by definition, global. So I want all uses of viper to appear in the test, rather than in a "don't worry about it" setup function.

[arielshaqed]

Thanks!

Would really like not to read config in testutil.

[arielshaqed]

I'd prefer the same style as in delete_objects_test.go, below. But what I really want is for both calls to look the same.

[arielshaqed]

I would prefer not to do this. viper state is, by definition, global. So I want all uses of viper to appear in the test, rather than in a "don't worry about it" setup function.