mirror of
https://github.com/rclone/rclone.git
synced 2025-01-10 16:28:30 +01:00
s3: fix role_arn, credential_source, ...
When the env_auth option is enabled, the AWS SDK's session constructor now loads configuration from ~/.aws/config and environment variables, and credentials per the selected (or default) AWS_PROFILE's settings. This is accomplished by **NOT** including any Credential provider in the aws.Config passed to the session constructor: If the Config.Credentials is non-nil, that will always be used and the user's configuration re role_arn, credential_source, source_profile, etc... from the shared config will be completely ignored. (The conditional creation and configuration of the stscreds Credential provider is complicated enough that it is not worth re-creating that logic.)
This commit is contained in:
parent
4ad08794c9
commit
fa0a1e7261
@ -804,8 +804,21 @@ func s3Connection(opt *Options) (*s3.S3, *session.Session, error) {
|
||||
WithHTTPClient(fshttp.NewClient(fs.Config)).
|
||||
WithS3ForcePathStyle(opt.ForcePathStyle)
|
||||
// awsConfig.WithLogLevel(aws.LogDebugWithSigning)
|
||||
ses := session.New()
|
||||
c := s3.New(ses, awsConfig)
|
||||
awsSessionOpts := session.Options{
|
||||
Config: *awsConfig,
|
||||
}
|
||||
if opt.EnvAuth && opt.AccessKeyID == "" && opt.SecretAccessKey == "" {
|
||||
// Enable loading config options from ~/.aws/config (selected by AWS_PROFILE env)
|
||||
awsSessionOpts.SharedConfigState = session.SharedConfigEnable
|
||||
// The session constructor (aws/session/mergeConfigSrcs) will only use the user's preferred credential source
|
||||
// (from the shared config file) if the passed-in Options.Config.Credentials is nil.
|
||||
awsSessionOpts.Config.Credentials = nil
|
||||
}
|
||||
ses, err := session.NewSessionWithOptions(awsSessionOpts)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
c := s3.New(ses)
|
||||
if opt.V2Auth || opt.Region == "other-v2-signature" {
|
||||
fs.Debugf(nil, "Using v2 auth")
|
||||
signer := func(req *request.Request) {
|
||||
|
Loading…
Reference in New Issue
Block a user