s3: fix rclone ignoring static credentials when env_auth=true

The SDKv2 conversion introduced a regression to do with setting
credentials with env_auth=true. The rclone documentation explicitly
states that env_auth only applies if secret_access_key and
access_key_id are blank and users had been relying on that.

However after the SDKv2 conversion we were ignoring static credentials
if env_auth=true.

This fixes the problem by ignoring env_auth=true if secret_access_key
and access_key_id are both provided. This brings rclone back into line
with the documentation and users expectations.

Fixes #8067
This commit is contained in:
Nick Craig-Wood 2024-09-13 12:45:31 +01:00
parent 75f5b06ff7
commit a88066aff3

View file

@ -3052,9 +3052,16 @@ func (s3logger) Logf(classification logging.Classification, format string, v ...
func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Client *s3.Client, err error) { func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Client *s3.Client, err error) {
ci := fs.GetConfig(ctx) ci := fs.GetConfig(ctx)
var awsConfig aws.Config var awsConfig aws.Config
// Make the default static auth
v := aws.Credentials{
AccessKeyID: opt.AccessKeyID,
SecretAccessKey: opt.SecretAccessKey,
SessionToken: opt.SessionToken,
}
awsConfig.Credentials = &credentials.StaticCredentialsProvider{Value: v}
// Try to fill in the config from the environment if env_auth=true // Try to fill in the config from the environment if env_auth=true
if opt.EnvAuth { if opt.EnvAuth && opt.AccessKeyID == "" && opt.SecretAccessKey == "" {
configOpts := []func(*awsconfig.LoadOptions) error{} configOpts := []func(*awsconfig.LoadOptions) error{}
// Set the name of the profile if supplied // Set the name of the profile if supplied
if opt.Profile != "" { if opt.Profile != "" {
@ -3079,13 +3086,7 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Cli
case opt.SecretAccessKey == "": case opt.SecretAccessKey == "":
return nil, errors.New("secret_access_key not found") return nil, errors.New("secret_access_key not found")
default: default:
// Make the static auth // static credentials are already set
v := aws.Credentials{
AccessKeyID: opt.AccessKeyID,
SecretAccessKey: opt.SecretAccessKey,
SessionToken: opt.SessionToken,
}
awsConfig.Credentials = &credentials.StaticCredentialsProvider{Value: v}
} }
} }