KurlesHS/restic
1
0
Fork 0
forked from TrueCloudLab/restic
Code Pull requests Activity

Merge pull request #1782 from skriss/add-s3-file-creds

Browse source 
Add S3 file creds and reorder creds chain
This commit is contained in:
Alexander Neumann 2018-05-18 21:52:54 +02:00
commit 2dbdf381b2
2 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
changelog/unreleased/pull-1782 Normal file
View file

@ -0,0 +1,7 @@
Enhancement: Use default AWS credentials chain for S3 backend
Adds support for file credentials to the S3 backend (e.g. ~/.aws/credentials),
and reorders the credentials chain for the S3 backend to match AWS's standard,
which is static credentials, env vars, credentials file, and finally remote.
https://github.com/restic/restic/pull/1782

22
internal/backend/s3/s3.go
View file

@ -40,27 +40,31 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
minio.MaxRetry = int(cfg.MaxRetries) minio.MaxRetry = int(cfg.MaxRetries)
} }
// Chains all credential types, starting with // Chains all credential types, in the following order:
// Static credentials provided by user. // - Static credentials provided by user
// IAM profile based credentials. (performs an HTTP // - AWS env vars (i.e. AWS_ACCESS_KEY_ID)
// call to a pre-defined endpoint, only valid inside // - Minio env vars (i.e. MINIO_ACCESS_KEY)
// configured ec2 instances) // - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials)
// AWS env variables such as AWS_ACCESS_KEY_ID // - Minio creds file (i.e. MINIO_SHARED_CREDENTIALS_FILE or ~/.mc/config.json)
// Minio env variables such as MINIO_ACCESS_KEY // - IAM profile based credentials. (performs an HTTP
// call to a pre-defined endpoint, only valid inside
// configured ec2 instances)
creds := credentials.NewChainCredentials([]credentials.Provider{ creds := credentials.NewChainCredentials([]credentials.Provider{
&credentials.EnvAWS{},
&credentials.Static{ &credentials.Static{
Value: credentials.Value{ Value: credentials.Value{
AccessKeyID: cfg.KeyID, AccessKeyID: cfg.KeyID,
SecretAccessKey: cfg.Secret, SecretAccessKey: cfg.Secret,
}, },
}, },
&credentials.EnvAWS{},
&credentials.EnvMinio{},
&credentials.FileAWSCredentials{},
&credentials.FileMinioClient{},
&credentials.IAM{ &credentials.IAM{
Client: &http.Client{ Client: &http.Client{
Transport: http.DefaultTransport, Transport: http.DefaultTransport,
}, },
}, },
&credentials.EnvMinio{},
}) })
client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "") client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
if err != nil { if err != nil {