From b358dd369b2cd01e354211d32455446e3e070c8b Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Wed, 16 May 2018 16:39:25 -0700 Subject: [PATCH] S3: rearrange credentials chain to be standard Signed-off-by: Steve Kriss --- internal/backend/s3/s3.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go index b8af5b0bf..8313e27ce 100644 --- a/internal/backend/s3/s3.go +++ b/internal/backend/s3/s3.go @@ -40,21 +40,24 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) { minio.MaxRetry = int(cfg.MaxRetries) } - // Chains all credential types, starting with - // Static credentials provided by user. - // IAM profile based credentials. (performs an HTTP - // call to a pre-defined endpoint, only valid inside - // configured ec2 instances) - // AWS env variables such as AWS_ACCESS_KEY_ID - // Minio env variables such as MINIO_ACCESS_KEY + // Chains all credential types, in the following order: + // - Static credentials provided by user + // - AWS env vars (i.e. AWS_ACCESS_KEY_ID) + // - Minio env vars (i.e. MINIO_ACCESS_KEY) + // - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials) + // - Minio creds file (i.e. MINIO_SHARED_CREDENTIALS_FILE or ~/.mc/config.json) + // - IAM profile based credentials. (performs an HTTP + // call to a pre-defined endpoint, only valid inside + // configured ec2 instances) creds := credentials.NewChainCredentials([]credentials.Provider{ - &credentials.EnvAWS{}, &credentials.Static{ Value: credentials.Value{ AccessKeyID: cfg.KeyID, SecretAccessKey: cfg.Secret, }, }, + &credentials.EnvAWS{}, + &credentials.EnvMinio{}, &credentials.FileAWSCredentials{}, &credentials.FileMinioClient{}, &credentials.IAM{ @@ -62,7 +65,6 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) { Transport: http.DefaultTransport, }, }, - &credentials.EnvMinio{}, }) client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "") if err != nil {