oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support AWS envs creds for non-aws endpoints in S3 gateway (#7156)

Browse Source 
We made a change previously in #7111 which moved support
for AWS envs only for AWS S3 endpoint. Some users requested
that this be added back to Non-AWS endpoints as well as
they require separate credentials for backend authentication
from security point of view.
master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent fad59da29d
commit 64b5701971
1 changed files with 12 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      cmd/gateway/s3/gateway-s3.go

17
cmd/gateway/s3/gateway-s3.go
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Minio Cloud Storage, (C) 2017, 2018 Minio, Inc. * Minio Cloud Storage, (C) 2017, 2018, 2019 Minio, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -177,8 +177,13 @@ func isAmazonS3Endpoint(urlStr string) bool {
return s3utils.IsAmazonEndpoint(*u) return s3utils.IsAmazonEndpoint(*u)
} }
// - Static credentials provided by user (i.e. MINIO_ACCESS_KEY) // Chains all credential types, in the following order:
var defaultMinioProviders = []credentials.Provider{ // - AWS env vars (i.e. AWS_ACCESS_KEY_ID)
// - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials)
// - Static credentials provided by user (i.e. MINIO_ACCESS_KEY)
var defaultProviders = []credentials.Provider{
&credentials.EnvAWS{},
&credentials.FileAWSCredentials{},
&credentials.EnvMinio{}, &credentials.EnvMinio{},
} }
@ -196,6 +201,7 @@ var defaultAWSCredProviders = []credentials.Provider{
Transport: minio.NewCustomHTTPTransport(), Transport: minio.NewCustomHTTPTransport(),
}, },
}, },
&credentials.EnvMinio{},
} }
// newS3 - Initializes a new client by auto probing S3 server signature. // newS3 - Initializes a new client by auto probing S3 server signature.
@ -213,9 +219,10 @@ func newS3(urlStr string) (*miniogo.Core, error) {
var creds *credentials.Credentials var creds *credentials.Credentials
if isAmazonS3Endpoint(urlStr) { if isAmazonS3Endpoint(urlStr) {
// If we see an Amazon S3 endpoint, then we use more ways to fetch backend credentials. // If we see an Amazon S3 endpoint, then we use more ways to fetch backend credentials.
creds = credentials.NewChainCredentials(append(defaultAWSCredProviders, defaultMinioProviders...)) // Specifically IAM style rotating credentials are only supported with AWS S3 endpoint.
creds = credentials.NewChainCredentials(defaultAWSCredProviders)
} else { } else {
creds = credentials.NewChainCredentials(defaultMinioProviders) creds = credentials.NewChainCredentials(defaultProviders)
} }
clnt, err := miniogo.NewWithCredentials(endpoint, creds, secure, "") clnt, err := miniogo.NewWithCredentials(endpoint, creds, secure, "")

Write Preview
Loading…
Cancel
Save