From 3da5f9088dc410c481315ece1f07a09fd172bc16 Mon Sep 17 00:00:00 2001 From: Richard Scothern Date: Mon, 11 Jul 2016 10:54:57 -0700 Subject: [PATCH] Allow EC2 IAM roles to be used when authorizing region endpoints Signed-off-by: Richard Scothern --- registry/storage/driver/s3-aws/s3.go | 36 ++++++++++------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go index 1240ec17..6fa28d4d 100644 --- a/registry/storage/driver/s3-aws/s3.go +++ b/registry/storage/driver/s3-aws/s3.go @@ -270,33 +270,21 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { // bucketName func New(params DriverParameters) (*Driver, error) { awsConfig := aws.NewConfig() - var creds *credentials.Credentials - if params.RegionEndpoint == "" { - creds = credentials.NewChainCredentials([]credentials.Provider{ - &credentials.StaticProvider{ - Value: credentials.Value{ - AccessKeyID: params.AccessKey, - SecretAccessKey: params.SecretKey, - }, - }, - &credentials.EnvProvider{}, - &credentials.SharedCredentialsProvider{}, - &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())}, - }) - - } else { - creds = credentials.NewChainCredentials([]credentials.Provider{ - &credentials.StaticProvider{ - Value: credentials.Value{ - AccessKeyID: params.AccessKey, - SecretAccessKey: params.SecretKey, - }, - }, - &credentials.EnvProvider{}, - }) + if params.RegionEndpoint != "" { awsConfig.WithS3ForcePathStyle(true) awsConfig.WithEndpoint(params.RegionEndpoint) } + creds := credentials.NewChainCredentials([]credentials.Provider{ + &credentials.StaticProvider{ + Value: credentials.Value{ + AccessKeyID: params.AccessKey, + SecretAccessKey: params.SecretKey, + }, + }, + &credentials.EnvProvider{}, + &credentials.SharedCredentialsProvider{}, + &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())}, + }) awsConfig.WithCredentials(creds) awsConfig.WithRegion(params.Region)