When using an instance with an IAM Role, transient credentials can be
found in http://169.254.169.254/latest/meta-data/ at
iam/security-credentials/role-name and s3fs tries to do this. However,
it is using the profile-name where role-name is needed. In many cases
the role and profile name are the same, but they are not always.
The simplest way to find the role name appears to be to GET
http://169.254.169.254/latest/meta-data/iam/security-credentials/
itself, which returns a listing of the role names for which temporary
credentials exist. (I think there will probably only be one, but we
probably want to split on newlines and take the first one here in case
that assumption is not valid). This is the approach the AWS SDK appears
to use (based on WireShark analysis).
Bug: https://github.com/s3fs-fuse/s3fs-fuse/issues/421
Signed-off-by: Nathaniel W. Turner <nate@houseofnate.net>
If user specifies iam_role=auto (or just iam_role), credentials will not
be loaded during early phase, so skip credential checks there.
Signed-off-by: Nathaniel W. Turner <nate@houseofnate.net>
For ListBucketResult on an empty directory, AWS S3 and S3Proxy 1.4
differ. AWS will match the directory name, S3Proxy does not.
Changing max-keys=1 to max-keys-2 works for both implementations.
append_objects_from_xml() will swallow the directory key. The log
level of this message is changed from ERROR to DBG.
Fixes#345
These system calls take an extra 'position' parameter on OS X. A
non-zero position value is only valid for resource forks (the Darwin
VFS layer will reject anything else with EINVAL); this patch simply
adds and ignores the parameter on Apple platforms.
Allows building against OSXFUSE.
change the minimum version of fuse required. Change the
checkers to use a variable for the minimum fuse version
instead of it being hardcoded in four different places.
src/s3fs.cpp: Use __APPLE__ define around fuse code that
is offensive to osxfuse. Not including the code doesn't
seem to matter.
Buckets with mixed-case names can't be accessed with the virtual-hosted
style API due to DNS limitations. S3FS has an option for
pathrequeststyle which is used for the URL, but it was not applied when
building the endpoint passed through the Host header. Fix this, and
relax the validation on bucket names when using this style.
See: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
