From e618ea83dd3e539b53d2e60b49336e27347b56f8 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Tue, 20 Apr 2021 16:21:54 +0100 Subject: [PATCH] s3: remove WebIdentityRoleProvider to fix crash on auth #5255 This code removes the code added in 15d19131bd6bc78e s3: use aws web identity role provider This code no longer works because it doesn't initialise the tokenFetcher - leading to a nil pointer crash. The proper way to initialise this is with the NewWebIdentityCredentials but it isn't clear where to get the other parameters: roleARN, roleSessionName, path. In the linked issue a user reports rclone working with EKS anyway, so perhaps this code is no longer needed. If it is needed, hopefully someone who knows AWS better will come along and fix it! See: https://forum.rclone.org/t/add-support-for-aws-sso/23569 --- backend/s3/s3.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/backend/s3/s3.go b/backend/s3/s3.go index 9bf053ca5..92bdb2ccb 100644 --- a/backend/s3/s3.go +++ b/backend/s3/s3.go @@ -26,7 +26,6 @@ import ( "github.com/aws/aws-sdk-go/aws/corehandlers" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" - "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/ec2metadata" "github.com/aws/aws-sdk-go/aws/endpoints" @@ -1511,11 +1510,6 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (*s3.S }), ExpiryWindow: 3 * time.Minute, }, - - // Pick up IAM role if we are in EKS - &stscreds.WebIdentityRoleProvider{ - ExpiryWindow: 3 * time.Minute, - }, } cred := credentials.NewChainCredentials(providers)