diff --git a/.chloggen/fix-awss3exporter-storage-class-acl-validation.yaml b/.chloggen/fix-awss3exporter-storage-class-acl-validation.yaml new file mode 100644 index 0000000000000..664d48fd3ab0e --- /dev/null +++ b/.chloggen/fix-awss3exporter-storage-class-acl-validation.yaml @@ -0,0 +1,9 @@ +change_type: bug_fix +component: exporter/awss3 +note: Use AWS SDK S3 types for StorageClass and ACL validation instead of hardcoded lists +issues: [46825] +subtext: | + The hardcoded list of valid S3 storage classes was missing GLACIER_IR, REDUCED_REDUNDANCY, and EXPRESS_ONEZONE. + Replaced both StorageClass and ACL hardcoded validation maps with values from the AWS SDK s3types package + to prevent this from going out of date again in the future. +change_logs: [user] diff --git a/exporter/awss3exporter/config.go b/exporter/awss3exporter/config.go index 9b8ef31d43bda..36044161d80f9 100644 --- a/exporter/awss3exporter/config.go +++ b/exporter/awss3exporter/config.go @@ -7,6 +7,7 @@ import ( "errors" "time" + s3types "github.com/aws/aws-sdk-go-v2/service/s3/types" "go.opentelemetry.io/collector/component" "go.opentelemetry.io/collector/config/configcompression" "go.opentelemetry.io/collector/config/configoptional" @@ -104,23 +105,15 @@ type Config struct { func (c *Config) Validate() error { var errs error - validStorageClasses := map[string]bool{ - "STANDARD": true, - "STANDARD_IA": true, - "ONEZONE_IA": true, - "INTELLIGENT_TIERING": true, - "GLACIER": true, - "DEEP_ARCHIVE": true, + + validStorageClasses := make(map[s3types.StorageClass]bool) + for _, sc := range s3types.StorageClassStandard.Values() { + validStorageClasses[sc] = true } - validACLs := map[string]bool{ - "private": true, - "public-read": true, - "public-read-write": true, - "authenticated-read": true, - "aws-exec-read": true, - "bucket-owner-read": true, - "bucket-owner-full-control": true, + validACLs := make(map[s3types.ObjectCannedACL]bool) + for _, acl := range s3types.ObjectCannedACLPrivate.Values() { + validACLs[acl] = true } validUniqueKeyFuncs := map[string]bool{ @@ -134,11 +127,11 @@ func (c *Config) Validate() error { errs = multierr.Append(errs, errors.New("bucket or endpoint is required")) } - if !validStorageClasses[c.S3Uploader.StorageClass] { + if !validStorageClasses[s3types.StorageClass(c.S3Uploader.StorageClass)] { errs = multierr.Append(errs, errors.New("invalid StorageClass")) } - if c.S3Uploader.ACL != "" && !validACLs[c.S3Uploader.ACL] { + if c.S3Uploader.ACL != "" && !validACLs[s3types.ObjectCannedACL(c.S3Uploader.ACL)] { errs = multierr.Append(errs, errors.New("invalid ACL")) } diff --git a/exporter/awss3exporter/config_test.go b/exporter/awss3exporter/config_test.go index 50c1f2eb916e1..420b873ff5777 100644 --- a/exporter/awss3exporter/config_test.go +++ b/exporter/awss3exporter/config_test.go @@ -320,6 +320,50 @@ func TestConfig_Validate(t *testing.T) { }(), errExpected: errors.New("region is required"), }, + { + name: "valid storage class GLACIER_IR", + config: func() *Config { + c := createDefaultConfig().(*Config) + c.S3Uploader.Region = "us-east-1" + c.S3Uploader.S3Bucket = "mybucket" + c.S3Uploader.StorageClass = "GLACIER_IR" + return c + }(), + errExpected: nil, + }, + { + name: "valid storage class REDUCED_REDUNDANCY", + config: func() *Config { + c := createDefaultConfig().(*Config) + c.S3Uploader.Region = "us-east-1" + c.S3Uploader.S3Bucket = "mybucket" + c.S3Uploader.StorageClass = "REDUCED_REDUNDANCY" + return c + }(), + errExpected: nil, + }, + { + name: "valid storage class EXPRESS_ONEZONE", + config: func() *Config { + c := createDefaultConfig().(*Config) + c.S3Uploader.Region = "us-east-1" + c.S3Uploader.S3Bucket = "mybucket" + c.S3Uploader.StorageClass = "EXPRESS_ONEZONE" + return c + }(), + errExpected: nil, + }, + { + name: "invalid storage class FAKE_CLASS", + config: func() *Config { + c := createDefaultConfig().(*Config) + c.S3Uploader.Region = "us-east-1" + c.S3Uploader.S3Bucket = "mybucket" + c.S3Uploader.StorageClass = "FAKE_CLASS" + return c + }(), + errExpected: errors.New("invalid StorageClass"), + }, } for _, tt := range tests {