Presigned URL is always HTTPS even for local storage

[obabichev]

Describe the bug

I created a local instance of minio for development purposes. Part of docker-compose script:

services:
  minio:
    image: minio/minio:RELEASE.2023-05-27T05-56-19Z
    ports:
      - "9000:9000"
      - "9001:9001"
    ...

After that I'm trying to generate presigned put request for uploading files (kotlin app runs without docker, so minio is reachable on localhost:9000). The following script generates a presigned put request:

package com.obabichev.plugins

import aws.sdk.kotlin.runtime.auth.credentials.StaticCredentialsProvider
import aws.sdk.kotlin.services.s3.S3Client
import aws.sdk.kotlin.services.s3.model.PutObjectRequest
import aws.sdk.kotlin.services.s3.presigners.presignPutObject
import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
import aws.smithy.kotlin.runtime.http.request.HttpRequest
import aws.smithy.kotlin.runtime.net.Url
import kotlin.time.Duration.Companion.minutes


private const val S3_KEY = "TEST_USER"
private const val S3_SECRET = "TEST_PASSWORD"
private const val S3_REGION = "eu-central-1"

private const val S3_BUCKET = "test"


private val client = S3Client {
    credentialsProvider = StaticCredentialsProvider(
        Credentials(S3_KEY, S3_SECRET)
    )
    endpointUrl = Url.parse("http://localhost:9000")
    region = S3_REGION
}

suspend fun createSignedUploadLink(storageKey: String): HttpRequest {
    val request = PutObjectRequest {
        bucket = S3_BUCKET
        key = storageKey
    }
    return client.presignPutObject(request, duration = 30.minutes)
}

Result of executing such code looks like "https://test.localhost:9000/user/9fc85f47-56c9-4a61-8a75-afb060bae081/file/8f20a936-4cd0-48f1-b479-bb774ac60b14?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=CEPH_USER%2F20230605%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20230605T110308Z&X-Amz-Expires=1800&X-Amz-Signature=6e484514dcdc1bde85ca9a30a6cab1b11393f096f3f6dc2cdbac62be312512c1&X-Amz-SignedHeaders=host&x-id=PutObject"

The problem is that the generated link is always https, and chaning to http breaks the signature. I configured client with http links, and I do not see other options to specify scheme...

Expected behavior

Generated link has HTTP scheme.

Current behavior

Generated link has HTTPS scheme.

Steps to Reproduce

Execute the script from the description

Possible Solution

No response

Context

No response

AWS Kotlin SDK version used

aws.sdk.kotlin:s3:0.26.1-beta

Platform (JVM/JS/Native)

JVM

Operating System and version

osx 12.0.1

[ianbotsf]

Thanks for the bug report @obabichev. I've confirmed the issue and I cannot think of a reason why we need to coerce presigned URLs to HTTPS. I checked the AWS SDK for Java v2 and they respect the URL scheme of whatever custom endpoint is used. This should be a straightforward fix.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[ianbotsf]

The fix for this has been pushed to mainline and should go out in the next release, tentatively scheduled for tomorrow.