s3: Add warning if key ID or secret is empty

Also add debug message if no credential types are available.

Closes #2388
This commit is contained in:
Garry McNulty 2021-09-30 19:45:31 +01:00
parent 24088f8307
commit 708d7a2574
3 changed files with 22 additions and 0 deletions

View file

@ -0,0 +1,7 @@
Enhancement: Add warning for S3 if partial credentials are provided
Check if both the AWS key ID and secret environment variables are set
before connecting to the remote server and report an error if not.
https://github.com/restic/restic/issues/2388
https://github.com/restic/restic/pull/3532

View file

@ -554,6 +554,12 @@ func parseConfig(loc location.Location, opts options.Options) (interface{}, erro
cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY") cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY")
} }
if cfg.KeyID == "" && cfg.Secret != "" {
return nil, errors.Fatalf("unable to open S3 backend: Key ID ($AWS_ACCESS_KEY_ID) is empty")
} else if cfg.KeyID != "" && cfg.Secret == "" {
return nil, errors.Fatalf("unable to open S3 backend: Secret ($AWS_SECRET_ACCESS_KEY) is empty")
}
if cfg.Region == "" { if cfg.Region == "" {
cfg.Region = os.Getenv("AWS_DEFAULT_REGION") cfg.Region = os.Getenv("AWS_DEFAULT_REGION")
} }

View file

@ -69,6 +69,15 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro
}, },
}) })
c, err := creds.Get()
if err != nil {
return nil, errors.Wrap(err, "creds.Get")
}
if c.SignerType == credentials.SignatureAnonymous {
debug.Log("using anonymous access for %#v", cfg.Endpoint)
}
options := &minio.Options{ options := &minio.Options{
Creds: creds, Creds: creds,
Secure: !cfg.UseHTTP, Secure: !cfg.UseHTTP,