Merge pull request #3532 from garrmcnu/s3-credentials-config

s3: Add warning if key ID or secret is empty
This commit is contained in:
MichaelEischer 2021-10-09 19:32:32 +02:00 committed by GitHub
commit 58e8b34633
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 0 deletions

View file

@ -0,0 +1,7 @@
Enhancement: Add warning for S3 if partial credentials are provided
Check if both the AWS key ID and secret environment variables are set
before connecting to the remote server and report an error if not.
https://github.com/restic/restic/issues/2388
https://github.com/restic/restic/pull/3532

View file

@ -554,6 +554,12 @@ func parseConfig(loc location.Location, opts options.Options) (interface{}, erro
cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY") cfg.Secret = os.Getenv("AWS_SECRET_ACCESS_KEY")
} }
if cfg.KeyID == "" && cfg.Secret != "" {
return nil, errors.Fatalf("unable to open S3 backend: Key ID ($AWS_ACCESS_KEY_ID) is empty")
} else if cfg.KeyID != "" && cfg.Secret == "" {
return nil, errors.Fatalf("unable to open S3 backend: Secret ($AWS_SECRET_ACCESS_KEY) is empty")
}
if cfg.Region == "" { if cfg.Region == "" {
cfg.Region = os.Getenv("AWS_DEFAULT_REGION") cfg.Region = os.Getenv("AWS_DEFAULT_REGION")
} }

View file

@ -69,6 +69,15 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro
}, },
}) })
c, err := creds.Get()
if err != nil {
return nil, errors.Wrap(err, "creds.Get")
}
if c.SignerType == credentials.SignatureAnonymous {
debug.Log("using anonymous access for %#v", cfg.Endpoint)
}
options := &minio.Options{ options := &minio.Options{
Creds: creds, Creds: creds,
Secure: !cfg.UseHTTP, Secure: !cfg.UseHTTP,