This protects private data when used over the public Internet. Users
can opt-in to unencrypted HTTP if they need additional performance on
a local network. Fixes#282.
Using "mount -a" fails for already-mounted s3fs directories,
because s3fs mount arguments don't match the form in /etc/mtab.
Calling "mount -a" should quietly succeed when a directory is
already mounted.
To fix this, accept mount commands of the form:
s3fs s3fs /srv/object-store -o bucket=mybucket
or in /etc/fstab form:
s3fs /srv/object-store fuse.s3fs bucket=mybucket 0 0
This matches the form in /etc/mtab and allows "mount -a" to
work properly.
When using an instance with an IAM Role, transient credentials can be
found in http://169.254.169.254/latest/meta-data/ at
iam/security-credentials/role-name and s3fs tries to do this. However,
it is using the profile-name where role-name is needed. In many cases
the role and profile name are the same, but they are not always.
The simplest way to find the role name appears to be to GET
http://169.254.169.254/latest/meta-data/iam/security-credentials/
itself, which returns a listing of the role names for which temporary
credentials exist. (I think there will probably only be one, but we
probably want to split on newlines and take the first one here in case
that assumption is not valid). This is the approach the AWS SDK appears
to use (based on WireShark analysis).
Bug: https://github.com/s3fs-fuse/s3fs-fuse/issues/421
Signed-off-by: Nathaniel W. Turner <nate@houseofnate.net>
If user specifies iam_role=auto (or just iam_role), credentials will not
be loaded during early phase, so skip credential checks there.
Signed-off-by: Nathaniel W. Turner <nate@houseofnate.net>
For ListBucketResult on an empty directory, AWS S3 and S3Proxy 1.4
differ. AWS will match the directory name, S3Proxy does not.
Changing max-keys=1 to max-keys-2 works for both implementations.
append_objects_from_xml() will swallow the directory key. The log
level of this message is changed from ERROR to DBG.
Fixes#345
