fix issue with aws session token provided inside ~/.aws/credentials file

This commit is contained in:
Michal Lula 2019-04-25 14:29:35 +02:00
parent 8e86ef1634
commit 0d4847596e
3 changed files with 5 additions and 11 deletions

View File

@ -1205,6 +1205,7 @@ bool S3fsCurl::SetAccessKeyWithSessionToken(const char* AccessKeyId, const char*
AWSAccessKeyId = AccessKeyId; AWSAccessKeyId = AccessKeyId;
AWSSecretAccessKey = SecretAccessKey; AWSSecretAccessKey = SecretAccessKey;
AWSAccessToken = SessionToken; AWSAccessToken = SessionToken;
S3fsCurl::is_use_session_token = true;
return true; return true;
} }
@ -1225,13 +1226,6 @@ bool S3fsCurl::SetIsIBMIAMAuth(bool flag)
return old; return old;
} }
bool S3fsCurl::SetIsUseSessionToken(bool flag)
{
bool old = S3fsCurl::is_use_session_token;
S3fsCurl::is_use_session_token = flag;
return old;
}
bool S3fsCurl::SetIsECS(bool flag) bool S3fsCurl::SetIsECS(bool flag)
{ {
bool old = S3fsCurl::is_ecs; bool old = S3fsCurl::is_ecs;

View File

@ -445,7 +445,6 @@ class S3fsCurl
static int SetMaxMultiRequest(int max); static int SetMaxMultiRequest(int max);
static int GetMaxMultiRequest(void) { return S3fsCurl::max_multireq; } static int GetMaxMultiRequest(void) { return S3fsCurl::max_multireq; }
static bool SetIsECS(bool flag); static bool SetIsECS(bool flag);
static bool SetIsUseSessionToken(bool flag);
static bool SetIsIBMIAMAuth(bool flag); static bool SetIsIBMIAMAuth(bool flag);
static size_t SetIAMFieldCount(size_t field_count); static size_t SetIAMFieldCount(size_t field_count);
static std::string SetIAMCredentialsURL(const char* url); static std::string SetIAMCredentialsURL(const char* url);

View File

@ -4132,6 +4132,10 @@ static int read_aws_credentials_file(const std::string &filename)
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (session_token.empty()) { if (session_token.empty()) {
if (is_use_session_token) {
S3FS_PRN_EXIT("AWS session token was expected but wasn't provided in aws/credentials file for profile: %s.", aws_profile.c_str());
return EXIT_FAILURE;
}
if(!S3fsCurl::SetAccessKey(accesskey.c_str(), secret.c_str())){ if(!S3fsCurl::SetAccessKey(accesskey.c_str(), secret.c_str())){
S3FS_PRN_EXIT("failed to set internal data for access key/secret key from aws credential file."); S3FS_PRN_EXIT("failed to set internal data for access key/secret key from aws credential file.");
return EXIT_FAILURE; return EXIT_FAILURE;
@ -4280,8 +4284,6 @@ static int get_access_keys()
S3FS_PRN_INFO2("access key from env variables"); S3FS_PRN_INFO2("access key from env variables");
if (AWSSESSIONTOKEN != NULL) { if (AWSSESSIONTOKEN != NULL) {
S3FS_PRN_INFO2("session token is available"); S3FS_PRN_INFO2("session token is available");
is_use_session_token = true;
S3fsCurl::SetIsUseSessionToken(true);
if (!S3fsCurl::SetAccessKeyWithSessionToken(AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN)) { if (!S3fsCurl::SetAccessKeyWithSessionToken(AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN)) {
S3FS_PRN_EXIT("session token is invalid."); S3FS_PRN_EXIT("session token is invalid.");
return EXIT_FAILURE; return EXIT_FAILURE;
@ -4719,7 +4721,6 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
return 0; return 0;
} }
if (0 == STR2NCMP(arg, "use_session_token")) { if (0 == STR2NCMP(arg, "use_session_token")) {
S3fsCurl::SetIsUseSessionToken(true);
is_use_session_token = true; is_use_session_token = true;
} }
if(0 == STR2NCMP(arg, "ibm_iam_endpoint=")){ if(0 == STR2NCMP(arg, "ibm_iam_endpoint=")){