Describe the bug
My CI runs have a number of errors in the logs indicating:
2024-12-13T23:21:23.8756542Z 23:21:23.87 �[33m[WARN]�[0m Failed to read from remote cache (1 occurrences so far): failed to read pants_ci_cache/action-cache/24/03/24038b6a590014ebfe65e4e2c860fd89bdb44932ae9de388522776a7b9a78935: Unexpected (persistent) at read, context: { uri: https://ghe-actions-prod-qhqyjglk.s3.amazonaws.com/actions-69c8c8939b70/9bb02394953d4d45a28a6ccad6554933/28b64a3ef36b141086d40095c0eef846?AWSAccessKeyId=AKIAQ3EGVTWOBBE5CS57&Expires=1734135684&Signature=icOXbi0Y%2FMIoIvBUvVTtJwn3z5k%3D, response: Parts { status: 400, version: HTTP/1.1, headers: {"x-amz-request-id": "21TP2FZZWN6QPB02", "x-amz-id-2": "oEQXgcqlyaknVIamKBLcouhA+2IrySLl8LXOIkTPBJgqDO98sJCwB+ehDpbM38D48J0LSd04lvg=", "x-amz-region": "us-east-1", "content-type": "application/xml", "transfer-encoding": "chunked", "date": "Fri, 13 Dec 2024 23:21:23 GMT", "connection": "close", "server": "AmazonS3"} }, service: ghac, path: pants_ci_cache/action-cache/24/03/24038b6a590014ebfe65e4e2c860fd89bdb44932ae9de388522776a7b9a78935, range: 0- } => <?xml version="1.0" encoding="UTF-8"?>
2024-12-13T23:21:23.8763324Z <Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>21TP2FZZWN6QPB02</RequestId><HostId>oEQXgcqlyaknVIamKBLcouhA+2IrySLl8LXOIkTPBJgqDO98sJCwB+ehDpbM38D48J0LSd04lvg=</HostId></Error>
The stats output indicates that there were some successful reads, but the test output indicates that all tests were run (not pulled from cache). Also, remote_cache_total_time_saved_ms: 0, so the cache seems to be not working, despite a few successes recorded in the stats.
Pants version
2.22
OS
Linux
Additional info
Googling the error message led me to https://stackoverflow.com/questions/74293491/requests-specifying-server-side-encryption-with-aws-kms-managed-keys-require-aws which indicates that this could be solved (if the erroneous request originated in python/boto3) by just adding an explicit configuration line. I couldn't find as much info on Rust/openDAL, but I would expect the fix to be similar.
I did search into openDAL a bit, and found that it has a Ghac backend (which pants is using), and that this backend already makes some consideration for GHES backed by AWS S3, so it seems that the issue may be related to the particular configuration used by my org.
Searching openDAL source indicates that it has implemented AWSV4Signer (https://github.com/search?q=repo%3Aapache%2Fopendal+AWSV4Signer&type=code). It was not clear to me how to inject this signer into the GHAC backend.
Describe the bug
My CI runs have a number of errors in the logs indicating:
The stats output indicates that there were some successful reads, but the test output indicates that all tests were run (not pulled from cache). Also,
remote_cache_total_time_saved_ms: 0, so the cache seems to be not working, despite a few successes recorded in the stats.Pants version
2.22
OS
Linux
Additional info
Googling the error message led me to https://stackoverflow.com/questions/74293491/requests-specifying-server-side-encryption-with-aws-kms-managed-keys-require-aws which indicates that this could be solved (if the erroneous request originated in python/boto3) by just adding an explicit configuration line. I couldn't find as much info on Rust/openDAL, but I would expect the fix to be similar.
I did search into openDAL a bit, and found that it has a Ghac backend (which pants is using), and that this backend already makes some consideration for GHES backed by AWS S3, so it seems that the issue may be related to the particular configuration used by my org.
Searching openDAL source indicates that it has implemented
AWSV4Signer(https://github.com/search?q=repo%3Aapache%2Fopendal+AWSV4Signer&type=code). It was not clear to me how to inject this signer into the GHAC backend.