Validate bucket is in same region as cluster (#777)

deliahu · web-flow · commit 92ddc708b62a · 2020-01-21T17:14:30.000-08:00
diff --git a/pkg/lib/aws/errors.go b/pkg/lib/aws/errors.go
@@ -33,6 +33,7 @@ const (
 	ErrInvalidS3Path
 	ErrAuth
 	ErrBucketInaccessible
+	ErrBucketNotFound
 	ErrInstanceTypeLimitIsZero
 	ErrNoValidSpotPrices
 	ErrReadCredentials
@@ -45,6 +46,7 @@ var _errorKinds = []string{
 	"err_invalid_s3_path",
 	"err_auth",
 	"err_bucket_inaccessible",
+	"err_bucket_not_found",
 	"err_instance_type_limit_is_zero",
 	"err_no_valid_spot_prices",
 	"err_read_credentials",
@@ -157,6 +159,13 @@ func ErrorBucketInaccessible(bucket string) error {
 	})
 }
 
+func ErrorBucketNotFound(bucket string) error {
+	return errors.WithStack(Error{
+		Kind:    ErrBucketNotFound,
+		message: fmt.Sprintf("bucket \"%s\" not found", bucket),
+	})
+}
+
 func ErrorInstanceTypeLimitIsZero(instanceType string, region string) error {
 	return errors.WithStack(Error{
 		Kind:    ErrInstanceTypeLimitIsZero,
diff --git a/pkg/lib/aws/s3.go b/pkg/lib/aws/s3.go
@@ -433,7 +433,7 @@ func GetBucketRegion(bucket string) (string, error) {
 	sess := session.Must(session.NewSession()) // credentials are not necessary for this request, and will not be used
 	region, err := s3manager.GetBucketRegion(aws.BackgroundContext(), sess, bucket, endpoints.UsWest2RegionID)
 	if err != nil {
-		return "", ErrorBucketInaccessible(bucket)
+		return "", ErrorBucketNotFound(bucket)
 	}
 	return region, nil
 }
diff --git a/pkg/types/clusterconfig/clusterconfig.go b/pkg/types/clusterconfig/clusterconfig.go
@@ -26,6 +26,7 @@ import (
 	"github.com/cortexlabs/cortex/pkg/lib/aws"
 	cr "github.com/cortexlabs/cortex/pkg/lib/configreader"
 	"github.com/cortexlabs/cortex/pkg/lib/errors"
+	"github.com/cortexlabs/cortex/pkg/lib/hash"
 	"github.com/cortexlabs/cortex/pkg/lib/pointer"
 	"github.com/cortexlabs/cortex/pkg/lib/prompt"
 	"github.com/cortexlabs/cortex/pkg/lib/sets/strset"
@@ -406,12 +407,16 @@ func (cc *Config) Validate(awsClient *aws.Client) error {
 		return ErrorMinInstancesGreaterThanMax(*cc.MinInstances, *cc.MaxInstances)
 	}
 
+	bucketRegion, _ := aws.GetBucketRegion(*cc.Bucket)
+	if bucketRegion != "" && bucketRegion != *cc.Region { // if the bucket didn't exist, we will create it in the correct region, so there is no error
+		return ErrorS3RegionDiffersFromCluster(*cc.Bucket, bucketRegion, *cc.Region)
+	}
+
 	if _, ok := aws.InstanceMetadatas[*cc.Region][*cc.InstanceType]; !ok {
 		return errors.Wrap(ErrorInstanceTypeNotSupportedInRegion(*cc.InstanceType, *cc.Region), InstanceTypeKey)
 	}
 
-	err := awsClient.VerifyInstanceQuota(*cc.InstanceType)
-	if err != nil {
+	if err := awsClient.VerifyInstanceQuota(*cc.InstanceType); err != nil {
 		return errors.Wrap(err, InstanceTypeKey)
 	}
 
@@ -666,12 +671,13 @@ func RegionPrompt(clusterConfig *Config) error {
 func InstallPrompt(clusterConfig *Config, awsClient *aws.Client) error {
 	defaults := applyPromptDefaults(*clusterConfig)
 
-	_, hashedAccountID, err := awsClient.GetCachedAccountID()
+	accountID, _, err := awsClient.GetCachedAccountID()
 	if err != nil {
 		return err
 	}
+	bucketID := hash.String(accountID + *clusterConfig.Region)[:10]
 
-	defaultBucket := clusterConfig.ClusterName + "-" + hashedAccountID[:10]
+	defaultBucket := clusterConfig.ClusterName + "-" + bucketID
 	if len(defaultBucket) > 63 {
 		defaultBucket = defaultBucket[:63]
 	}
diff --git a/pkg/types/clusterconfig/errors.go b/pkg/types/clusterconfig/errors.go
@@ -45,6 +45,7 @@ const (
 	ErrConfigCannotBeChangedOnUpdate
 	ErrInvalidAvailabilityZone
 	ErrDidNotMatchStrictS3Regex
+	ErrS3RegionDiffersFromCluster
 	ErrInvalidInstanceType
 )
 
@@ -66,6 +67,7 @@ var _errorKinds = []string{
 	"err_config_cannot_be_changed_on_update",
 	"err_invalid_availability_zone",
 	"err_did_not_match_strict_s3_regex",
+	"err_s3_region_differs_from_cluster",
 	"err_invalid_instance_type",
 }
 
@@ -228,6 +230,13 @@ func ErrorDidNotMatchStrictS3Regex() error {
 	})
 }
 
+func ErrorS3RegionDiffersFromCluster(bucketName string, bucketRegion string, clusterRegion string) error {
+	return errors.WithStack(Error{
+		Kind:    ErrS3RegionDiffersFromCluster,
+		message: fmt.Sprintf("the %s bucket is in %s, but your cluster is in %s; either change the region of your cluster to %s, use a bucket that is in %s, or remove your bucket configuration to allow cortex to make the bucket for you", bucketName, bucketRegion, clusterRegion, bucketRegion, clusterRegion),
+	})
+}
+
 func ErrorInvalidInstanceType(instanceType string) error {
 	return errors.WithStack(Error{
 		Kind:    ErrInvalidInstanceType,

Original file line number	Diff line number	Diff line change
`@@ -433,7 +433,7 @@ func GetBucketRegion(bucket string) (string, error) {`
`433`	`433`	`sess := session.Must(session.NewSession()) // credentials are not necessary for this request, and will not be used`
`434`	`434`	`region, err := s3manager.GetBucketRegion(aws.BackgroundContext(), sess, bucket, endpoints.UsWest2RegionID)`
`435`	`435`	`if err != nil {`
`436`		`- return "", ErrorBucketInaccessible(bucket)`
	`436`	`+ return "", ErrorBucketNotFound(bucket)`
`437`	`437`	`}`
`438`	`438`	`return region, nil`
`439`	`439`	`}`