[PLT-7475] Add S3 region to system console and add S3 validation (#7373)

* add S3 region to system console and add S3 validation

* update translation message

* add bool as return value to Validate* functions

* update Validate* functions to be pure

2 files changed, 92 insertions, 18 deletions

diff --git a/utils/config.go b/utils/config.go
index b99194c46..b8ec43eb5 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -18,6 +18,7 @@ import (
 
 	l4g "github.com/alecthomas/log4go"
 	"github.com/fsnotify/fsnotify"
+	s3 "github.com/minio/minio-go"
 	"github.com/spf13/viper"
 
 	"net/http"
@@ -46,6 +47,25 @@ var ClientCfg map[string]string = map[string]string{}
 var originalDisableDebugLvl l4g.Level = l4g.DEBUG
 var siteURL = ""
 
+var AWS_S3_ENDPOINT_MAP = map[string]string{
+	"s3.amazonaws.com":                "us-east-1",
+	"s3-us-east-2.amazonaws.com":      "us-east-2",
+	"s3-us-west-2.amazonaws.com":      "us-west-2",
+	"s3-us-west-1.amazonaws.com":      "us-west-1",
+	"s3.ca-central-1.amazonaws.com":   "ca-central-1",
+	"s3-eu-west-1.amazonaws.com":      "eu-west-1",
+	"s3-eu-west-2.amazonaws.com":      "eu-west-2",
+	"s3-eu-central-1.amazonaws.com":   "eu-central-1",
+	"s3-ap-south-1.amazonaws.com":     "ap-south-1",
+	"s3-ap-southeast-1.amazonaws.com": "ap-southeast-1",
+	"s3-ap-southeast-2.amazonaws.com": "ap-southeast-2",
+	"s3-ap-northeast-1.amazonaws.com": "ap-northeast-1",
+	"s3-ap-northeast-2.amazonaws.com": "ap-northeast-2",
+	"s3-sa-east-1.amazonaws.com":      "sa-east-1",
+	"s3-us-gov-west-1.amazonaws.com":  "us-gov-west-1",
+	"s3.cn-north-1.amazonaws.com.cn":  "cn-north-1",
+}
+
 func GetSiteURL() string {
 	return siteURL
 }
@@ -689,3 +709,57 @@ func IsLeader() bool {
 		return true
 	}
 }
+
+func ValidateAmazonS3Endpoint(endpoint string) bool {
+	_, valid := AWS_S3_ENDPOINT_MAP[endpoint]
+
+	return valid
+}
+
+func ValidateAmazonS3Region(region string) bool {
+	for _, awsRegion := range AWS_S3_ENDPOINT_MAP {
+		if awsRegion == region {
+			return true
+		}
+	}
+
+	return false
+}
+
+func ValidateAmazonS3Bucket(cfg *model.Config) (bool, string, *model.AppError) {
+	if *cfg.FileSettings.AmazonS3Bucket == "" {
+		return false, "", model.NewAppError("ValidateAmazonS3Bucket", "utils.config.bucket_empty.app_error", nil, "", http.StatusBadRequest)
+	}
+
+	endpoint := *cfg.FileSettings.AmazonS3Endpoint
+	bucket := *cfg.FileSettings.AmazonS3Bucket
+	accessKey := cfg.FileSettings.AmazonS3AccessKeyId
+	secretKey := cfg.FileSettings.AmazonS3SecretAccessKey
+	secure := *cfg.FileSettings.AmazonS3SSL
+
+	s3Clnt, err := s3.New(endpoint, accessKey, secretKey, secure)
+	if err != nil {
+		return false, "", model.NewAppError("ValidateAmazonS3Bucket", "utils.config.bad_connection_to_s3_or_minio.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	bucketLocation, err := s3Clnt.GetBucketLocation(bucket)
+	if err != nil {
+		bucketLocation = *cfg.FileSettings.AmazonS3Region
+
+		exists, err := s3Clnt.BucketExists(bucket)
+		if err != nil {
+			return false, "", model.NewAppError("ValidateAmazonS3Bucket", "utils.config.error_checking_bucket_exist.app_error", nil, err.Error(), http.StatusBadRequest)
+		}
+
+		if !exists {
+			err := s3Clnt.MakeBucket(bucket, bucketLocation)
+			if err != nil {
+				l4g.Error(T("utils.config.create_amazon_bucket_error"), bucket)
+				return false, "", model.NewAppError("ValidateAmazonS3Bucket", "utils.config.error_creating_bucket.app_error", nil, err.Error(), http.StatusBadRequest)
+			}
+			l4g.Warn(T("utils.config.create_amazon_bucket"), bucket)
+		}
+	}
+
+	return true, bucketLocation, nil
+}
diff --git a/utils/file.go b/utils/file.go
index 19fa335c4..d8926cfaa 100644
--- a/utils/file.go
+++ b/utils/file.go
@@ -48,13 +48,13 @@ func s3New(endpoint, accessKey, secretKey string, secure bool, signV2 bool, regi
 
 func TestFileConnection() *model.AppError {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		region := *Cfg.FileSettings.AmazonS3Region
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
@@ -91,17 +91,17 @@ func TestFileConnection() *model.AppError {
 
 func ReadFile(path string) ([]byte, *model.AppError) {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
+		region := *Cfg.FileSettings.AmazonS3Region
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
 			return nil, model.NewLocAppError("ReadFile", "api.file.read_file.s3.app_error", nil, err.Error())
 		}
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 		minioObject, err := s3Clnt.GetObject(bucket, path)
 		defer minioObject.Close()
 		if err != nil {
@@ -125,12 +125,12 @@ func ReadFile(path string) ([]byte, *model.AppError) {
 
 func MoveFile(oldPath, newPath string) *model.AppError {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
+		region := *Cfg.FileSettings.AmazonS3Region
 		encrypt := false
 		if *Cfg.FileSettings.AmazonS3SSE && IsLicensed() && *License().Features.Compliance {
 			encrypt = true
@@ -139,7 +139,7 @@ func MoveFile(oldPath, newPath string) *model.AppError {
 		if err != nil {
 			return model.NewLocAppError("moveFile", "api.file.write_file.s3.app_error", nil, err.Error())
 		}
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 
 		source := s3.NewSourceInfo(bucket, oldPath, nil)
 		destination, err := s3.NewDestinationInfo(bucket, newPath, nil, CopyMetadata(encrypt))
@@ -169,12 +169,12 @@ func MoveFile(oldPath, newPath string) *model.AppError {
 
 func WriteFile(f []byte, path string) *model.AppError {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
+		region := *Cfg.FileSettings.AmazonS3Region
 		encrypt := false
 		if *Cfg.FileSettings.AmazonS3SSE && IsLicensed() && *License().Features.Compliance {
 			encrypt = true
@@ -185,7 +185,7 @@ func WriteFile(f []byte, path string) *model.AppError {
 			return model.NewLocAppError("WriteFile", "api.file.write_file.s3.app_error", nil, err.Error())
 		}
 
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 		ext := filepath.Ext(path)
 		metaData := S3Metadata(encrypt, "binary/octet-stream")
 		if model.IsFileExtImage(ext) {
@@ -222,19 +222,19 @@ func writeFileLocally(f []byte, path string) *model.AppError {
 
 func RemoveFile(path string) *model.AppError {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
+		region := *Cfg.FileSettings.AmazonS3Region
 
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
 			return model.NewLocAppError("RemoveFile", "utils.file.remove_file.s3.app_error", nil, err.Error())
 		}
 
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 		if err := s3Clnt.RemoveObject(bucket, path); err != nil {
 			return model.NewLocAppError("RemoveFile", "utils.file.remove_file.s3.app_error", nil, err.Error())
 		}
@@ -271,12 +271,12 @@ func getPathsFromObjectInfos(in <-chan s3.ObjectInfo) <-chan string {
 
 func RemoveDirectory(path string) *model.AppError {
 	if *Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
-		endpoint := Cfg.FileSettings.AmazonS3Endpoint
+		endpoint := *Cfg.FileSettings.AmazonS3Endpoint
 		accessKey := Cfg.FileSettings.AmazonS3AccessKeyId
 		secretKey := Cfg.FileSettings.AmazonS3SecretAccessKey
 		secure := *Cfg.FileSettings.AmazonS3SSL
 		signV2 := *Cfg.FileSettings.AmazonS3SignV2
-		region := Cfg.FileSettings.AmazonS3Region
+		region := *Cfg.FileSettings.AmazonS3Region
 
 		s3Clnt, err := s3New(endpoint, accessKey, secretKey, secure, signV2, region)
 		if err != nil {
@@ -285,7 +285,7 @@ func RemoveDirectory(path string) *model.AppError {
 
 		doneCh := make(chan struct{})
 
-		bucket := Cfg.FileSettings.AmazonS3Bucket
+		bucket := *Cfg.FileSettings.AmazonS3Bucket
 		for err := range s3Clnt.RemoveObjects(bucket, getPathsFromObjectInfos(s3Clnt.ListObjects(bucket, path, true, doneCh))) {
 			if err.Err != nil {
 				doneCh <- struct{}{}