open-telemetry · 57Ajay · Mar 11, 2026
@@ -0,0 +1,9 @@
+change_type: bug_fix
+component: exporter/awss3
+note: Use AWS SDK S3 types for StorageClass and ACL validation instead of hardcoded lists
+issues: [46825]
+subtext: |
+  The hardcoded list of valid S3 storage classes was missing GLACIER_IR, REDUCED_REDUNDANCY, and EXPRESS_ONEZONE.
+  Replaced both StorageClass and ACL hardcoded validation maps with values from the AWS SDK s3types package
+  to prevent this from going out of date again in the future.
+change_logs: [user]
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"time"
 
+	s3types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/config/configcompression"
 	"go.opentelemetry.io/collector/config/configoptional"
@@ -104,23 +105,15 @@ type Config struct {
 
 func (c *Config) Validate() error {
 	var errs error
-	validStorageClasses := map[string]bool{
-		"STANDARD":            true,
-		"STANDARD_IA":         true,
-		"ONEZONE_IA":          true,
-		"INTELLIGENT_TIERING": true,
-		"GLACIER":             true,
-		"DEEP_ARCHIVE":        true,
+
+	validStorageClasses := make(map[s3types.StorageClass]bool)
+	for _, sc := range s3types.StorageClassStandard.Values() {
+		validStorageClasses[sc] = true
 	}
 
-	validACLs := map[string]bool{
-		"private":                   true,
-		"public-read":               true,
-		"public-read-write":         true,
-		"authenticated-read":        true,
-		"aws-exec-read":             true,
-		"bucket-owner-read":         true,
-		"bucket-owner-full-control": true,
+	validACLs := make(map[s3types.ObjectCannedACL]bool)
+	for _, acl := range s3types.ObjectCannedACLPrivate.Values() {
+		validACLs[acl] = true
 	}
 
 	validUniqueKeyFuncs := map[string]bool{
@@ -134,11 +127,11 @@ func (c *Config) Validate() error {
 		errs = multierr.Append(errs, errors.New("bucket or endpoint is required"))
 	}
 
-	if !validStorageClasses[c.S3Uploader.StorageClass] {
+	if !validStorageClasses[s3types.StorageClass(c.S3Uploader.StorageClass)] {
 		errs = multierr.Append(errs, errors.New("invalid StorageClass"))
 	}
 
-	if c.S3Uploader.ACL != "" && !validACLs[c.S3Uploader.ACL] {
+	if c.S3Uploader.ACL != "" && !validACLs[s3types.ObjectCannedACL(c.S3Uploader.ACL)] {
 		errs = multierr.Append(errs, errors.New("invalid ACL"))
 	}
 

@@ -320,6 +320,50 @@ func TestConfig_Validate(t *testing.T) {
 			}(),
 			errExpected: errors.New("region is required"),
 		},
+		{
+			name: "valid storage class GLACIER_IR",
+			config: func() *Config {
+				c := createDefaultConfig().(*Config)
+				c.S3Uploader.Region = "us-east-1"
+				c.S3Uploader.S3Bucket = "mybucket"
+				c.S3Uploader.StorageClass = "GLACIER_IR"
+				return c
+			}(),
+			errExpected: nil,
+		},
+		{
+			name: "valid storage class REDUCED_REDUNDANCY",
+			config: func() *Config {
+				c := createDefaultConfig().(*Config)
+				c.S3Uploader.Region = "us-east-1"
+				c.S3Uploader.S3Bucket = "mybucket"
+				c.S3Uploader.StorageClass = "REDUCED_REDUNDANCY"
+				return c
+			}(),
+			errExpected: nil,
+		},
+		{
+			name: "valid storage class EXPRESS_ONEZONE",
+			config: func() *Config {
+				c := createDefaultConfig().(*Config)
+				c.S3Uploader.Region = "us-east-1"
+				c.S3Uploader.S3Bucket = "mybucket"
+				c.S3Uploader.StorageClass = "EXPRESS_ONEZONE"
+				return c
+			}(),
+			errExpected: nil,
+		},
+		{
+			name: "invalid storage class FAKE_CLASS",
+			config: func() *Config {
+				c := createDefaultConfig().(*Config)
+				c.S3Uploader.Region = "us-east-1"
+				c.S3Uploader.S3Bucket = "mybucket"
+				c.S3Uploader.StorageClass = "FAKE_CLASS"
+				return c
+			}(),
+			errExpected: errors.New("invalid StorageClass"),
+		},
 	}
 
 	for _, tt := range tests {