(config *Config)
| 25 | ) |
| 26 | |
| 27 | func createSession(config *Config) (*session.Session, error) { |
| 28 | sessOpts := session.Options{} |
| 29 | if config.CACertFile != "" { |
| 30 | file, err := os.Open(config.CACertFile) |
| 31 | if err != nil { |
| 32 | return nil, err |
| 33 | } |
| 34 | defer utility.LoggedClose(file, "S3 CA cert file") |
| 35 | sessOpts.CustomCABundle = file |
| 36 | } |
| 37 | |
| 38 | sess, err := session.NewSessionWithOptions(sessOpts) |
| 39 | if err != nil { |
| 40 | return nil, fmt.Errorf("init new session: %w", err) |
| 41 | } |
| 42 | |
| 43 | err = configureSession(sess, config) |
| 44 | if err != nil { |
| 45 | return nil, fmt.Errorf("configure session: %w", err) |
| 46 | } |
| 47 | |
| 48 | if config.UseYCSessionToken != "" { |
| 49 | useYcSessionToken, err := strconv.ParseBool(config.UseYCSessionToken) |
| 50 | if err != nil { |
| 51 | return nil, fmt.Errorf("invalid YC session token: %w", err) |
| 52 | } |
| 53 | if useYcSessionToken { |
| 54 | // Yandex Cloud mimic metadata service, so we can use default AWS credentials, but set token to another header |
| 55 | cred := credentials.NewCredentials(defaults.RemoteCredProvider(*defaults.Config(), defaults.Handlers())) |
| 56 | sess.Config.WithCredentials(cred) |
| 57 | sess.Handlers.Send.PushFront(func(r *request.Request) { |
| 58 | token := r.HTTPRequest.Header.Get("X-Amz-Security-Token") |
| 59 | r.HTTPRequest.Header.Set("X-YaCloud-SubjectToken", token) |
| 60 | }) |
| 61 | } |
| 62 | } |
| 63 | |
| 64 | if config.EndpointSource != "" { |
| 65 | sess.Handlers.Validate.PushBack(func(request *request.Request) { |
| 66 | endpoint := requestEndpointFromSource(config.EndpointSource, config.EndpointPort) |
| 67 | if endpoint != nil { |
| 68 | tracelog.DebugLogger.Printf("using S3 endpoint %s", *endpoint) |
| 69 | host := strings.TrimPrefix(*sess.Config.Endpoint, "https://") |
| 70 | request.HTTPRequest.Host = host |
| 71 | request.HTTPRequest.URL.Host = *endpoint |
| 72 | request.HTTPRequest.URL.Scheme = "http" |
| 73 | } else { |
| 74 | tracelog.DebugLogger.Printf("using S3 endpoint %s", *sess.Config.Endpoint) |
| 75 | } |
| 76 | }) |
| 77 | } |
| 78 | |
| 79 | if config.RequestAdditionalHeaders != "" { |
| 80 | headers, err := decodeHeaders(config.RequestAdditionalHeaders) |
| 81 | if err != nil { |
| 82 | return nil, fmt.Errorf("decode additional headers for S3 requests: %w", err) |
| 83 | } |
| 84 |
no test coverage detected