From 1e42f4f3006ae0a5eb3690872c9ed79d7dc80cb3 Mon Sep 17 00:00:00 2001
From: "denis.uzvik" <denis@uzvik.kiev.ua>
Date: Thu, 12 Jul 2018 16:18:19 +0300
Subject: [PATCH] S3 backend: accept AWS_SESSION_TOKEN

---
 Gopkg.lock                     | 177 ++++++++++++++++++++++++++++++---
 changelog/unreleased/pull-1882 |   8 ++
 internal/backend/s3/s3.go      |   2 +-
 3 files changed, 171 insertions(+), 16 deletions(-)
 create mode 100644 changelog/unreleased/pull-1882

diff --git a/Gopkg.lock b/Gopkg.lock
index b2faafb4f..4f6ce221f 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -4,7 +4,11 @@
 [[projects]]
   branch = "master"
   name = "bazil.org/fuse"
-  packages = [".","fs","fuseutil"]
+  packages = [
+    ".",
+    "fs",
+    "fuseutil"
+  ]
   revision = "371fbbdaa8987b715bdd21d6adc4c9b20155f748"
 
 [[projects]]
@@ -15,13 +19,21 @@
 
 [[projects]]
   name = "github.com/Azure/azure-sdk-for-go"
-  packages = ["storage","version"]
+  packages = [
+    "storage",
+    "version"
+  ]
   revision = "56332fec5b308fbb6615fa1af6117394cdba186d"
   version = "v15.0.0"
 
 [[projects]]
   name = "github.com/Azure/go-autorest"
-  packages = ["autorest","autorest/adal","autorest/azure","autorest/date"]
+  packages = [
+    "autorest",
+    "autorest/adal",
+    "autorest/azure",
+    "autorest/date"
+  ]
   revision = "ed4b7f5bf1ec0c9ede1fda2681d96771282f2862"
   version = "v10.4.0"
 
@@ -69,7 +81,12 @@
 
 [[projects]]
   name = "github.com/google/go-cmp"
-  packages = ["cmp","cmp/internal/diff","cmp/internal/function","cmp/internal/value"]
+  packages = [
+    "cmp",
+    "cmp/internal/diff",
+    "cmp/internal/function",
+    "cmp/internal/value"
+  ]
   revision = "8099a9787ce5dc5984ed879a3bda47dc730a8e97"
   version = "v0.1.0"
 
@@ -93,7 +110,14 @@
 
 [[projects]]
   name = "github.com/kurin/blazer"
-  packages = ["b2","base","internal/b2assets","internal/b2types","internal/blog","x/window"]
+  packages = [
+    "b2",
+    "base",
+    "internal/b2assets",
+    "internal/b2types",
+    "internal/blog",
+    "x/window"
+  ]
   revision = "318e9768bf9a0fe52a64b9f8fe74f4f5caef6452"
   version = "v0.4.4"
 
@@ -111,7 +135,15 @@
 
 [[projects]]
   name = "github.com/minio/minio-go"
-  packages = [".","pkg/credentials","pkg/encrypt","pkg/policy","pkg/s3signer","pkg/s3utils","pkg/set"]
+  packages = [
+    ".",
+    "pkg/credentials",
+    "pkg/encrypt",
+    "pkg/policy",
+    "pkg/s3signer",
+    "pkg/s3utils",
+    "pkg/set"
+  ]
   revision = "66252c2a3c15f7b90cc8493d497a04ac3b6e3606"
   version = "5.0.0"
 
@@ -157,6 +189,52 @@
   revision = "db83917be3b88cc307464b7d8a221c173e34a0db"
   version = "v0.2.0"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/restic/restic"
+  packages = [
+    "internal/archiver",
+    "internal/backend",
+    "internal/backend/azure",
+    "internal/backend/b2",
+    "internal/backend/gs",
+    "internal/backend/local",
+    "internal/backend/location",
+    "internal/backend/mem",
+    "internal/backend/rclone",
+    "internal/backend/rest",
+    "internal/backend/s3",
+    "internal/backend/sftp",
+    "internal/backend/swift",
+    "internal/backend/test",
+    "internal/cache",
+    "internal/checker",
+    "internal/crypto",
+    "internal/debug",
+    "internal/errors",
+    "internal/filter",
+    "internal/fs",
+    "internal/fuse",
+    "internal/hashing",
+    "internal/index",
+    "internal/limiter",
+    "internal/list",
+    "internal/migrations",
+    "internal/mock",
+    "internal/options",
+    "internal/pack",
+    "internal/repository",
+    "internal/restic",
+    "internal/restorer",
+    "internal/test",
+    "internal/textfile",
+    "internal/ui",
+    "internal/ui/termstatus",
+    "internal/walker",
+    "internal/worker"
+  ]
+  revision = "bd742ddb692ffeaf5ac24eefdff0c0ba3e7c17fb"
+
 [[projects]]
   name = "github.com/russross/blackfriday"
   packages = ["."]
@@ -177,7 +255,10 @@
 
 [[projects]]
   name = "github.com/spf13/cobra"
-  packages = [".","doc"]
+  packages = [
+    ".",
+    "doc"
+  ]
   revision = "a1f051bc3eba734da4772d60e2d677f47cf93ef4"
   version = "v0.0.2"
 
@@ -190,19 +271,44 @@
 [[projects]]
   branch = "master"
   name = "golang.org/x/crypto"
-  packages = ["argon2","blake2b","curve25519","ed25519","ed25519/internal/edwards25519","internal/chacha20","pbkdf2","poly1305","scrypt","ssh","ssh/terminal"]
+  packages = [
+    "argon2",
+    "blake2b",
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "internal/chacha20",
+    "pbkdf2",
+    "poly1305",
+    "scrypt",
+    "ssh",
+    "ssh/terminal"
+  ]
   revision = "4ec37c66abab2c7e02ae775328b2ff001c3f025a"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/net"
-  packages = ["context","context/ctxhttp","http2","http2/hpack","idna","lex/httplex"]
+  packages = [
+    "context",
+    "context/ctxhttp",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "lex/httplex"
+  ]
   revision = "6078986fec03a1dcc236c34816c71b0e05018fda"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/oauth2"
-  packages = [".","google","internal","jws","jwt"]
+  packages = [
+    ".",
+    "google",
+    "internal",
+    "jws",
+    "jwt"
+  ]
   revision = "fdc9e635145ae97e6c2cb777c48305600cf515cb"
 
 [[projects]]
@@ -214,24 +320,65 @@
 [[projects]]
   branch = "master"
   name = "golang.org/x/sys"
-  packages = ["cpu","unix","windows"]
+  packages = [
+    "cpu",
+    "unix",
+    "windows"
+  ]
   revision = "7db1c3b1a98089d0071c84f646ff5c96aad43682"
 
 [[projects]]
   name = "golang.org/x/text"
-  packages = ["collate","collate/build","encoding","encoding/internal","encoding/internal/identifier","encoding/unicode","internal/colltab","internal/gen","internal/tag","internal/triegen","internal/ucd","internal/utf8internal","language","runes","secure/bidirule","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable"]
+  packages = [
+    "collate",
+    "collate/build",
+    "encoding",
+    "encoding/internal",
+    "encoding/internal/identifier",
+    "encoding/unicode",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "internal/utf8internal",
+    "language",
+    "runes",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable"
+  ]
   revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
   version = "v0.3.0"
 
 [[projects]]
   branch = "master"
   name = "google.golang.org/api"
-  packages = ["gensupport","googleapi","googleapi/internal/uritemplates","storage/v1"]
+  packages = [
+    "gensupport",
+    "googleapi",
+    "googleapi/internal/uritemplates",
+    "storage/v1"
+  ]
   revision = "dbbc13f71100fa6ece308335445fca6bb0dd5c2f"
 
 [[projects]]
   name = "google.golang.org/appengine"
-  packages = [".","internal","internal/app_identity","internal/base","internal/datastore","internal/log","internal/modules","internal/remote_api","internal/urlfetch","urlfetch"]
+  packages = [
+    ".",
+    "internal",
+    "internal/app_identity",
+    "internal/base",
+    "internal/datastore",
+    "internal/log",
+    "internal/modules",
+    "internal/remote_api",
+    "internal/urlfetch",
+    "urlfetch"
+  ]
   revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a"
   version = "v1.0.0"
 
@@ -250,6 +397,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "a5de339cba7570216b212439b90e1e6c384c94be8342fe7755b7cb66aa0a3440"
+  inputs-digest = "cfab88aa746c1535f17c59e8db9ee2ca6908b840f71d7331de84c722221348d0"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/changelog/unreleased/pull-1882 b/changelog/unreleased/pull-1882
new file mode 100644
index 000000000..c1a7aad02
--- /dev/null
+++ b/changelog/unreleased/pull-1882
@@ -0,0 +1,8 @@
+Enhancement: S3 backend: accept AWS_SESSION_TOKEN
+
+Before, it was not possible to use s3 backend with AWS temporary security credentials(with AWS_SESSION_TOKEN).
+This change gives higher priority to credentials.EnvAWS credentials provider.
+
+https://github.com/restic/restic/issues/1477
+https://github.com/restic/restic/pull/1479
+https://github.com/restic/restic/pull/1647
diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go
index 8cd3456aa..70a052868 100644
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@@ -50,13 +50,13 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 	//    call to a pre-defined endpoint, only valid inside
 	//    configured ec2 instances)
 	creds := credentials.NewChainCredentials([]credentials.Provider{
+		&credentials.EnvAWS{},
 		&credentials.Static{
 			Value: credentials.Value{
 				AccessKeyID:     cfg.KeyID,
 				SecretAccessKey: cfg.Secret,
 			},
 		},
-		&credentials.EnvAWS{},
 		&credentials.EnvMinio{},
 		&credentials.FileAWSCredentials{},
 		&credentials.FileMinioClient{},