TrueCloudLab/restic
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Refactor credentials management to support multiple mechanisms.

Browse source 
This PR adds the ability of chaining the credentials provider,
such that restic as a tool attempts to honor credentials from
multiple different ways.

Currently supported mechanisms are

 - static (user-provided)
 - IAM profile (only valid inside configured ec2 instances)
 - Standard AWS envs (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
 - Standard Minio envs (MINIO_ACCESS_KEY, MINIO_SECRET_KEY)

Refer https://github.com/restic/restic/issues/1341
This commit is contained in:
Harshavardhana 2017-10-09 12:48:42 -07:00
parent 8ceb22fe8a
commit 042adeb5d0
1 changed files with 25 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
internal/backend/s3/s3.go
View file

@ -40,24 +40,31 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
minio.MaxRetry = int(cfg.MaxRetries) minio.MaxRetry = int(cfg.MaxRetries)
} }
var client *minio.Client // Chains all credential types, starting with
var err error // Static credentials provided by user.
// IAM profile based credentials. (performs an HTTP
if cfg.KeyID == "" || cfg.Secret == "" { // call to a pre-defined endpoint, only valid inside
debug.Log("key/secret not found, trying to get them from IAM") // configured ec2 instances)
creds := credentials.NewIAM("") // AWS env variables such as AWS_ACCESS_KEY_ID
client, err = minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "") // Minio env variables such as MINIO_ACCESS_KEY
creds := credentials.NewChainCredentials([]credentials.Provider{
if err != nil { &credentials.Static{
return nil, errors.Wrap(err, "minio.NewWithCredentials") Value: credentials.Value{
} AccessKeyID: cfg.KeyID,
} else { SecretAccessKey: cfg.Secret,
debug.Log("key/secret found") },
client, err = minio.New(cfg.Endpoint, cfg.KeyID, cfg.Secret, !cfg.UseHTTP) },
&credentials.IAM{
if err != nil { Client: &http.Client{
return nil, errors.Wrap(err, "minio.New") Transport: http.DefaultTransport,
} },
},
&credentials.EnvAWS{},
&credentials.EnvMinio{},
})
client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
if err != nil {
return nil, errors.Wrap(err, "minio.NewWithCredentials")
} }
sem, err := backend.NewSemaphore(cfg.Connections) sem, err := backend.NewSemaphore(cfg.Connections)