Merge pull request #1647 from duzvik/aws-session-token

Change priority of AWS credential providers to accept AWS_SESSION_TOKEN
2018-03-04 20:54:56 +01:00 · 2018-03-04 20:54:56 +01:00 · da77f4a2e2
commit da77f4a2e2
parent 6edf28d1e1 6bb1bcce03
2 changed files with 9 additions and 1 deletions
--- a/changelog/0.8.3_2018-02-26/pull-1647
+++ b/changelog/0.8.3_2018-02-26/pull-1647
@ -0,0 +1,8 @@
+Enhancement: Change priority of AWS credential providers to accept AWS_SESSION_TOKEN
+
+Before, it was not possible to use s3 backend with AWS temporary security credentials(with AWS_SESSION_TOKEN).
+This change gives higher priority to credentials.EnvAWS credentials provider.
+
+https://github.com/restic/restic/issues/1477
+https://github.com/restic/restic/pull/1479
+https://github.com/restic/restic/pull/1647
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@ -48,6 +48,7 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 	// AWS env variables such as AWS_ACCESS_KEY_ID
 	// Minio env variables such as MINIO_ACCESS_KEY
 	creds := credentials.NewChainCredentials([]credentials.Provider{
+		&credentials.EnvAWS{},
 		&credentials.Static{
 			Value: credentials.Value{
 				AccessKeyID:     cfg.KeyID,
@ -59,7 +60,6 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 				Transport: http.DefaultTransport,
 			},
 		},
-		&credentials.EnvAWS{},
 		&credentials.EnvMinio{},
 	})
 	client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")