s3Connection makes a connection to s3
(ctx context.Context, opt *Options, client *http.Client)
| 1449 | |
| 1450 | // s3Connection makes a connection to s3 |
| 1451 | func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Client *s3.Client, provider *Provider, err error) { |
| 1452 | ci := fs.GetConfig(ctx) |
| 1453 | var awsConfig aws.Config |
| 1454 | // Make the default static auth |
| 1455 | v := aws.Credentials{ |
| 1456 | AccessKeyID: opt.AccessKeyID, |
| 1457 | SecretAccessKey: opt.SecretAccessKey, |
| 1458 | SessionToken: opt.SessionToken, |
| 1459 | } |
| 1460 | awsConfig.Credentials = &credentials.StaticCredentialsProvider{Value: v} |
| 1461 | |
| 1462 | // Try to fill in the config from the environment if env_auth=true |
| 1463 | if opt.EnvAuth && opt.AccessKeyID == "" && opt.SecretAccessKey == "" { |
| 1464 | |
| 1465 | configOpts := []func(*awsconfig.LoadOptions) error{} |
| 1466 | // Set the name of the profile if supplied |
| 1467 | if opt.Profile != "" { |
| 1468 | configOpts = append(configOpts, awsconfig.WithSharedConfigProfile(opt.Profile)) |
| 1469 | } |
| 1470 | // Set the shared config file if supplied |
| 1471 | if opt.SharedCredentialsFile != "" { |
| 1472 | configOpts = append(configOpts, awsconfig.WithSharedConfigFiles([]string{opt.SharedCredentialsFile})) |
| 1473 | } |
| 1474 | awsConfig, err = awsconfig.LoadDefaultConfig(ctx, configOpts...) |
| 1475 | if err != nil { |
| 1476 | return nil, nil, fmt.Errorf("couldn't load configuration with env_auth=true: %w", err) |
| 1477 | } |
| 1478 | |
| 1479 | } else { |
| 1480 | switch { |
| 1481 | case opt.Provider == "IBMCOS" && opt.V2Auth: |
| 1482 | awsConfig.Credentials = &NoOpCredentialsProvider{} |
| 1483 | fs.Debugf(nil, "Using IBM IAM") |
| 1484 | case opt.AccessKeyID == "" && opt.SecretAccessKey == "": |
| 1485 | // if no access key/secret and iam is explicitly disabled then fall back to anon interaction |
| 1486 | awsConfig.Credentials = aws.AnonymousCredentials{} |
| 1487 | fs.Debugf(nil, "Using anonymous credentials - did you mean to set env_auth=true?") |
| 1488 | case opt.AccessKeyID == "": |
| 1489 | return nil, nil, errors.New("access_key_id not found") |
| 1490 | case opt.SecretAccessKey == "": |
| 1491 | return nil, nil, errors.New("secret_access_key not found") |
| 1492 | default: |
| 1493 | // static credentials are already set |
| 1494 | } |
| 1495 | } |
| 1496 | |
| 1497 | if opt.Region == "" { |
| 1498 | opt.Region = "us-east-1" |
| 1499 | } |
| 1500 | |
| 1501 | // Handle assume role if RoleARN is specified |
| 1502 | if opt.RoleARN != "" { |
| 1503 | fs.Debugf(nil, "Using assume role with ARN: %s", opt.RoleARN) |
| 1504 | |
| 1505 | // Set region for the config before creating STS client |
| 1506 | awsConfig.Region = opt.Region |
| 1507 | |
| 1508 | // Create STS client using the base credentials |
searching dependent graphs…