Allow regions to be set and honored for S3 driver. (#7010)

This is necessary for certain users where
GetBucketLocation API is disabled using IAM
policies. There is a field AmazonS3Region
which we need to re-purpose and use to support
this properly.

Fixes https://github.com/mattermost/platform/issues/6999

2 files changed, 18 insertions, 6 deletions

diff --git a/api/file_test.go b/api/file_test.go
index dfe561e50..0e0a5772c 100644
--- a/api/file_test.go
+++ b/api/file_test.go
@@ -20,6 +20,7 @@ import (
 	"github.com/mattermost/platform/utils"
 
 	s3 "github.com/minio/minio-go"
+	"github.com/minio/minio-go/pkg/credentials"
 )
 
 func TestUploadFile(t *testing.T) {
@@ -820,11 +821,19 @@ func readTestFile(name string) ([]byte, error) {
 	}
 }
 
-func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool) (*s3.Client, error) {
+// Similar to s3.New() but allows initialization of signature v2 or signature v4 client.
+// If signV2 input is false, function always returns signature v4.
+//
+// Additionally this function also takes a user defined region, if set
+// disables automatic region lookup.
+func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool, region string) (*s3.Client, error) {
+	var creds *credentials.Credentials
 	if signV2 {
-		return s3.NewV2(endpoint, accessKey, secretKey, secure)
+		creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV2)
+	} else {
+		creds = credentials.NewStatic(accessKey, secretKey, "", credentials.SignatureV4)
 	}
-	return s3.NewV4(endpoint, accessKey, secretKey, secure)
+	return s3.NewWithCredentials(endpoint, creds, secure, region)
 }
 
 func cleanupTestFile(info *model.FileInfo) error {
@@ -834,7 +843,8 @@ func cleanupTestFile(info *model.FileInfo) error {
 		secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *utils.Cfg.FileSettings.AmazonS3SSL
 		signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
-		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
+		region := utils.Cfg.FileSettings.AmazonS3Region
+		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
 			return err
 		}
diff --git a/api/user_test.go b/api/user_test.go
index 51e4482b7..f76403ee1 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -695,7 +695,8 @@ func TestUserCreateImage(t *testing.T) {
 		secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *utils.Cfg.FileSettings.AmazonS3SSL
 		signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
-		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
+		region := utils.Cfg.FileSettings.AmazonS3Region
+		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -800,7 +801,8 @@ func TestUserUploadProfileImage(t *testing.T) {
 			secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
 			secure := *utils.Cfg.FileSettings.AmazonS3SSL
 			signV2 := *utils.Cfg.FileSettings.AmazonS3SignV2
-			s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2)
+			region := utils.Cfg.FileSettings.AmazonS3Region
+			s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 			if err != nil {
 				t.Fatal(err)
 			}