Merge pull request #1782 from skriss/add-s3-file-creds

Add S3 file creds and reorder creds chain
2018-05-18 21:52:54 +02:00 · 2018-05-18 21:52:54 +02:00 · 2dbdf381b2
parent a1a49ce211 0785fbd418
commit 2dbdf381b2
2 changed files with 20 additions and 9 deletions
--- a/changelog/unreleased/pull-1782
+++ b/changelog/unreleased/pull-1782
@ -0,0 +1,7 @@
+Enhancement: Use default AWS credentials chain for S3 backend
+
+Adds support for file credentials to the S3 backend (e.g. ~/.aws/credentials),
+and reorders the credentials chain for the S3 backend to match AWS's standard,
+which is static credentials, env vars, credentials file, and finally remote.
+
+https://github.com/restic/restic/pull/1782
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@ -40,27 +40,31 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 		minio.MaxRetry = int(cfg.MaxRetries)
 	}

-	// Chains all credential types, starting with
-	// Static credentials provided by user.
-	// IAM profile based credentials. (performs an HTTP
-	// call to a pre-defined endpoint, only valid inside
-	// configured ec2 instances)
-	// AWS env variables such as AWS_ACCESS_KEY_ID
-	// Minio env variables such as MINIO_ACCESS_KEY
+	// Chains all credential types, in the following order:
+	// 	- Static credentials provided by user
+	//	- AWS env vars (i.e. AWS_ACCESS_KEY_ID)
+	//  - Minio env vars (i.e. MINIO_ACCESS_KEY)
+	//  - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials)
+	//  - Minio creds file (i.e. MINIO_SHARED_CREDENTIALS_FILE or ~/.mc/config.json)
+	//  - IAM profile based credentials. (performs an HTTP
+	//    call to a pre-defined endpoint, only valid inside
+	//    configured ec2 instances)
 	creds := credentials.NewChainCredentials([]credentials.Provider{
-		&credentials.EnvAWS{},
 		&credentials.Static{
 			Value: credentials.Value{
 				AccessKeyID:     cfg.KeyID,
 				SecretAccessKey: cfg.Secret,
 			},
 		},
+		&credentials.EnvAWS{},
+		&credentials.EnvMinio{},
+		&credentials.FileAWSCredentials{},
+		&credentials.FileMinioClient{},
 		&credentials.IAM{
 			Client: &http.Client{
 				Transport: http.DefaultTransport,
 			},
 		},
-		&credentials.EnvMinio{},
 	})
 	client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
 	if err != nil {