Skip to content

fix(backend): Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation #12512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hbelmiro wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(backend): Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation #12512

hbelmiro wants to merge 1 commit into from
+448 −50

Conversation

@hbelmiro
Copy link
Contributor

@hbelmiro hbelmiro commented Dec 3, 2025
edited
Loading

Problem

The API server required OBJECTSTORECONFIG_ACCESSKEY and OBJECTSTORECONFIG_SECRETACCESSKEY to be non-empty, which broke AWS IRSA (IAM Roles for Service Accounts) authentication where credentials are obtained from the environment.

Solution

  • Make AccessKey and SecretAccessKey optional in validation
  • When credentials are empty, use the AWS SDK's default credential chain (supports IRSA, environment variables, instance profiles)
  • Replace minio-go with AWS SDK v2 for bucket operations (consistent SDK usage)
  • Only suppress BucketAlreadyOwnedByYou errors; BucketAlreadyExists now surfaces as a warning to help detect misconfiguration

Changes

  • validateRequiredConfig: No longer requires credentials; only validates both are set or both empty
  • loadAWSConfig: Uses default credential chain when credentials are empty
  • ensureBucketExists: Refactored to use AWS SDK v2 instead of minio-go
  • isBucketAlreadyOwnedByUs: Only suppresses BucketAlreadyOwnedByYou (concurrent creation race), surfaces BucketAlreadyExists as warning

Fixes:

Checklist:

@google-oss-prow
Copy link

google-oss-prow bot commented Dec 3, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@google-oss-prow
Copy link

google-oss-prow bot commented Dec 3, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign james-jwu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hbelmiro
Refactor S3 bucket management by replacing MinIO client code with AWS…
4b0885d 
… SDK v2, adding retry logic, and improving configuration validation and unit tests.

Signed-off-by: Helber Belmiro <[email protected]>
@google-oss-prow google-oss-prow bot added size/L and removed size/XL labels Dec 3, 2025
@hbelmiro hbelmiro changed the title WIP - Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation Dec 3, 2025
@hbelmiro hbelmiro changed the title Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation fix(backend): Refactor S3 bucket management by replacing MinIO client code with AWS SDK v2 and improving configuration validation Dec 3, 2025
@hbelmiro hbelmiro marked this pull request as ready for review December 3, 2025 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alyssacgoins alyssacgoins Awaiting requested review from alyssacgoins

@gmfrasca gmfrasca Awaiting requested review from gmfrasca

@HumairAK HumairAK Awaiting requested review from HumairAK

@rimolive rimolive Awaiting requested review from rimolive

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hbelmiro