From 377fa021288348c813e83971eb5b611f2ff7c551 Mon Sep 17 00:00:00 2001
From: Pedro Juarez <pjuarezd@users.noreply.github.com>
Date: Tue, 14 Nov 2023 23:17:08 -0800
Subject: [PATCH] Get tenant configured region and set on STS Options (#1856)

Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
---
 pkg/controller/sts.go          | 3 ++-
 pkg/controller/sts_handlers.go | 9 ++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/controller/sts.go b/pkg/controller/sts.go
index 28575aeefbd..e5a48956700 100644
--- a/pkg/controller/sts.go
+++ b/pkg/controller/sts.go
@@ -314,7 +314,7 @@ func GetPolicy(ctx context.Context, adminClient *madmin.AdminClient, policyName
 }
 
 // AssumeRole invokes the AssumeRole method in the Minio Tenant
-func AssumeRole(ctx context.Context, c *Controller, tenant *miniov2.Tenant, sessionPolicy string, duration int) (*credentials.Value, error) {
+func AssumeRole(ctx context.Context, c *Controller, tenant *miniov2.Tenant, region string, sessionPolicy string, duration int) (*credentials.Value, error) {
 	client, accessKey, secretKey, err := getTenantClient(ctx, c, tenant)
 	if err != nil {
 		return nil, err
@@ -330,6 +330,7 @@ func AssumeRole(ctx context.Context, c *Controller, tenant *miniov2.Tenant, sess
 		SecretKey:       secretKey,
 		Policy:          sessionPolicy,
 		DurationSeconds: duration,
+		Location:        region,
 	}
 
 	stsAssumeRole := &credentials.STSAssumeRole{
diff --git a/pkg/controller/sts_handlers.go b/pkg/controller/sts_handlers.go
index 3a0c6d05087..494e405895d 100644
--- a/pkg/controller/sts_handlers.go
+++ b/pkg/controller/sts_handlers.go
@@ -178,6 +178,13 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r *
 		return
 	}
 
+	info, err := adminClient.ServerInfo(ctx)
+	if err != nil {
+		writeSTSErrorResponse(w, true, ErrSTSInternalError, fmt.Errorf("Error communicating with tenant '%s': %s", tenant.Name, err))
+		return
+	}
+	region := info.Region
+
 	// Session Policy
 	sessionPolicyStr := r.Form.Get(stsPolicy)
 	var compactedSessionPolicy string
@@ -252,7 +259,7 @@ func (c *Controller) AssumeRoleWithWebIdentityHandler(w http.ResponseWriter, r *
 		durationInSeconds = duration
 	}
 
-	stsCredentials, err := AssumeRole(ctx, c, &tenant, bfCompact, durationInSeconds)
+	stsCredentials, err := AssumeRole(ctx, c, &tenant, region, bfCompact, durationInSeconds)
 	if err != nil {
 		writeSTSErrorResponse(w, true, ErrSTSInternalError, err)
 		return