Merge pull request #1827 from docker/ec2-creds

Allow EC2 IAM roles to be used when authorizing region endpoints
2016-07-11 13:05:41 -07:00 · 2016-07-11 13:05:41 -07:00 · 2052f29be6
commit 2052f29be6
parent b7d43c862f 3da5f9088d
1 changed files with 12 additions and 24 deletions
--- a/registry/storage/driver/s3-aws/s3.go
+++ b/registry/storage/driver/s3-aws/s3.go
@ -270,9 +270,11 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
 // bucketName
 func New(params DriverParameters) (*Driver, error) {
 	awsConfig := aws.NewConfig()
-	var creds *credentials.Credentials
+	if params.RegionEndpoint != "" {
-	if params.RegionEndpoint == "" {
+		awsConfig.WithS3ForcePathStyle(true)
-		creds = credentials.NewChainCredentials([]credentials.Provider{
+		awsConfig.WithEndpoint(params.RegionEndpoint)
 	}
 	creds := credentials.NewChainCredentials([]credentials.Provider{
 		&credentials.StaticProvider{
 			Value: credentials.Value{
 				AccessKeyID:     params.AccessKey,
@ -284,20 +286,6 @@ func New(params DriverParameters) (*Driver, error) {
 		&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())},
 	})
 	} else {
 		creds = credentials.NewChainCredentials([]credentials.Provider{
 			&credentials.StaticProvider{
 				Value: credentials.Value{
 					AccessKeyID:     params.AccessKey,
 					SecretAccessKey: params.SecretKey,
 				},
 			},
 			&credentials.EnvProvider{},
 		})
 		awsConfig.WithS3ForcePathStyle(true)
 		awsConfig.WithEndpoint(params.RegionEndpoint)
 	}
 	awsConfig.WithCredentials(creds)
 	awsConfig.WithRegion(params.Region)
 	awsConfig.WithDisableSSL(!params.Secure)