From d0f3483739a0140802374e6a9f5d0ab5972bd951 Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Wed, 2 Nov 2022 15:01:15 -0400
Subject: [PATCH] 19234: s3v2 + non-aws: default to us-east-1 signing settings.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 ...configure-s3-object-storage.html.textile.liquid |  5 +++--
 services/keepstore/s3aws_volume.go                 | 14 ++++++++++----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/doc/install/configure-s3-object-storage.html.textile.liquid b/doc/install/configure-s3-object-storage.html.textile.liquid
index e9866d5103..746c1d4023 100644
--- a/doc/install/configure-s3-object-storage.html.textile.liquid
+++ b/doc/install/configure-s3-object-storage.html.textile.liquid
@@ -46,8 +46,9 @@ Volumes are configured in the @Volumes@ section of the cluster configuration fil
           AccessKeyID: <span class="userinput">""</span>
           SecretAccessKey: <span class="userinput">""</span>
 
-          # Storage provider region. For Google Cloud Storage, use ""
-          # or omit.
+          # Storage provider region. If Endpoint is specified, the
+          # region determines the request signing method, and defaults
+          # to "us-east-1".
           Region: <span class="userinput">us-east-1</span>
 
           # Storage provider endpoint. For Amazon S3, use "" or
diff --git a/services/keepstore/s3aws_volume.go b/services/keepstore/s3aws_volume.go
index f7cff6d33e..d068dde074 100644
--- a/services/keepstore/s3aws_volume.go
+++ b/services/keepstore/s3aws_volume.go
@@ -184,19 +184,25 @@ func (v *S3AWSVolume) check(ec2metadataHostname string) error {
 			if v.Endpoint != "" && service == "s3" {
 				return aws.Endpoint{
 					URL:           v.Endpoint,
-					SigningRegion: v.Region,
+					SigningRegion: region,
 				}, nil
 			} else if service == "ec2metadata" && ec2metadataHostname != "" {
 				return aws.Endpoint{
 					URL: ec2metadataHostname,
 				}, nil
+			} else {
+				return defaultResolver.ResolveEndpoint(service, region)
 			}
-
-			return defaultResolver.ResolveEndpoint(service, region)
 		}
 		cfg.EndpointResolver = aws.EndpointResolverFunc(myCustomResolver)
 	}
-
+	if v.Region == "" {
+		// Endpoint is already specified (otherwise we would
+		// have errored out above), but Region is also
+		// required by the aws sdk, in order to determine
+		// SignatureVersions.
+		v.Region = "us-east-1"
+	}
 	cfg.Region = v.Region
 
 	// Zero timeouts mean "wait forever", which is a bad
-- 
2.30.2