vbatts
/
registry
forked from mirrors/docker-distribution
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support ECS TaskRole in S3 storage driver 

Instead of constructing the list of credential providers manually, if we
use the default list we can take advantage of the AWS SDK checking the
environment and returning either the EC2RoleProvider or the generic HTTP
credentials provider, configured to use the ECS credentials endpoint.

Also, use the `defaults.Config()` function instead of `aws.NewConfig()`,
as this results in an initialised HTTP client which prevents a fatal
error when retrieving credentials from the ECS credentials endpoint.

Fixes #2960

Signed-off-by: Andrew Bulford <andrew.bulford@redmatter.com>
This commit is contained in:
Andrew Bulford 2019-08-05 09:13:03 +01:00
parent 62d0fd45e7
commit 9690d843fa
1 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
registry/storage/driver/s3-aws/s3.go
View File

@ -29,8 +29,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/defaults"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
@ -404,12 +403,8 @@ func New(params DriverParameters) (*Driver, error) {
return nil, fmt.Errorf("on Amazon S3 this storage driver can only be used with v4 authentication")
}
awsConfig := aws.NewConfig()
sess, err := session.NewSession()
if err != nil {
return nil, fmt.Errorf("failed to create new session: %v", err)
}
creds := credentials.NewChainCredentials([]credentials.Provider{
awsConfig := defaults.Config()
providers := []credentials.Provider{
&credentials.StaticProvider{
Value: credentials.Value{
AccessKeyID: params.AccessKey,
@ -417,10 +412,9 @@ func New(params DriverParameters) (*Driver, error) {
SessionToken: params.SessionToken,
},
},
&credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{},
&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess)},
})
}
providers = append(providers, defaults.CredProviders(awsConfig, defaults.Handlers())...)
creds := credentials.NewChainCredentials(providers)
if params.RegionEndpoint != "" {
awsConfig.WithS3ForcePathStyle(true)
@ -449,7 +443,7 @@ func New(params DriverParameters) (*Driver, error) {
}
}
sess, err = session.NewSession(awsConfig)
sess, err := session.NewSession(awsConfig)
if err != nil {
return nil, fmt.Errorf("failed to create new session with aws config: %v", err)
}