Problem/Motivation
Without the CNAME alias (CNAME checkbox in the UI) enabled, actionable S3 asset URIs take the form https://[S3origin]/bucketname/objectpath, where bucketname is the value of Default Bucket Name as specified through the UI. With CNAME aliasing enabled, actionable S3 asset URIs take the form https://[CNAMEAlias]/bucketname/objectpath, disallowing CNAME aliasing that provides the effect of including the bucketname in the alias https://[CNAMEAlias]/objectpath, where CNAME alias is formatted per the Amazon S3 documentation.
The basis for using such a CNAME alias is described in the S3 documentation at http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingCustomURLs, which describes the scenario in which the bucketname and CNAME alias are intentionally made the same (say, images.example.net), with the alias target being declared as images.example.net.s3.amazonaws.com--that is, as [bucketname].[S3Origin], in which the value of [S3Origin] is appropriate to the region.
Proposed resolution
If using a CNAME alias merely as a synonym for S3 origin's FQDN is a valid use case AND using a CNAME alias all the way down to [S3Origin]/bucketname] is a valid use case, add in association with Enable CNAME a Use Bucket Name checkbox, the ON state of which enacts the first case, and the OFF state of enacts the second case. There is no workaround to the current code's hard inclusion of bucketname in asset URIs with CNAME aliasing enabled.
Comments
Comment #1
Elijah LynnComment #2
dpnewkirk CreditAttribution: dpnewkirk commentedComment #3
dpnewkirk CreditAttribution: dpnewkirk commentedComment #4
Elijah LynnHere is a patch that assumes the CNAME record is setup as Amazon suggests. This means if you decide to use CNAME it will no longer prepend the bucket name to the path and it will just be http://bucketname.s3.amazonaws.com/objectpath.
This breaks the ability to use per field buckets so I disabled that for now with a #access = FALSE.
Also, this passes all tests locally but I didn't write a test for it. Will be happy to write a test with a little guidance.
Comment #5
deviantintegral CreditAttribution: deviantintegral at Lullabot for NBCUniversal commentedThis looks like we now have an ignore start marker without and end marker?
Why do we need to re-create the URL object?
This looks like it's actually returning a string?
Comment #6
Elijah LynnGood catches! The reason why I called ::factory() again was because I just copied above from getCloudFrontUrl(). I didn't need to do that. Fixed all three.
Comment #7
Elijah LynnWhoops, ignore #6, forgot to use --relative.
Also, I can't make an interdiff right now, keep getting a weird error "1 out of 3 hunks FAILED -- saving rejects to file /tmp/user/1000/interdiff-1.H7wRIv.rej │-rw------- 1 root root 3.3K Jul 6 13:08 interdiff-2.st8hTK
interdiff: Error applying patch1 to reconstructed file "
Comment #8
Elijah LynnComment #9
Elijah LynnAn somehow I attached my earlier interdiff to #7, so ignore that too. I am on a roll today ;D!!
Comment #10
Elijah LynnNew patch that is on top of/includes #2514674: When using CNAME, make URI scheme configurable.
Comment #11
Elijah LynnComment #12
Elijah LynnWhoops, a couple of extra params in getCnameUrl() left over from a previous experiment in #10. Here is one without those unused params.
Comment #13
quicksketchIt's been ages here, but I think this needs a reroll now that I've merged #2514674: When using CNAME, make URI scheme configurable?
Comment #14
quicksketchI also think that we'll need new unit tests to cover this CNAME functionality.
Comment #15
Island Usurper CreditAttribution: Island Usurper commentedReapplied the patch to work on latest dev, and added a couple of minor tests. Not sure if they are enough, but the one in StreamWrapperTest.php fails without the patch, so I've added an extra patch that only applies that test. I suspect that all of the tests that check the host should also check the path for the expected values.
Note: the test-only patch doesn't use
'cname' => TRUE,
in the config because I was lazy and didn't want to recreate it, but it also doesn't make a difference that the test fails. However, with the way the fix works, settingcname
is necessary to get the test to pass.