Support ECS TaskRole in S3 storage driver
Instead of constructing the list of credential providers manually, if we use the default list we can take advantage of the AWS SDK checking the environment and returning either the EC2RoleProvider or the generic HTTP credentials provider, configured to use the ECS credentials endpoint. Also, use the `defaults.Config()` function instead of `aws.NewConfig()`, as this results in an initialised HTTP client which prevents a fatal error when retrieving credentials from the ECS credentials endpoint. Fixes #2960 Signed-off-by: Andrew Bulford <andrew.bulford@redmatter.com>
This commit is contained in:
Andrew Bulford
parent
62d0fd45e7
commit
9690d843fa
1 changed files with 7 additions and 13 deletions
|
|
@ -29,8 +29,7 @@ import (
|
|||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
||||
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
||||
"github.com/aws/aws-sdk-go/aws/defaults"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
|
|
@ -404,12 +403,8 @@ func New(params DriverParameters) (*Driver, error) {
|
|||
return nil, fmt.Errorf("on Amazon S3 this storage driver can only be used with v4 authentication")
|
||||
}
|
||||
|
||||
awsConfig := aws.NewConfig()
|
||||
sess, err := session.NewSession()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create new session: %v", err)
|
||||
}
|
||||
creds := credentials.NewChainCredentials([]credentials.Provider{
|
||||
awsConfig := defaults.Config()
|
||||
providers := []credentials.Provider{
|
||||
&credentials.StaticProvider{
|
||||
Value: credentials.Value{
|
||||
AccessKeyID: params.AccessKey,
|
||||
|
|
@ -417,10 +412,9 @@ func New(params DriverParameters) (*Driver, error) {
|
|||
SessionToken: params.SessionToken,
|
||||
},
|
||||
},
|
||||
&credentials.EnvProvider{},
|
||||
&credentials.SharedCredentialsProvider{},
|
||||
&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess)},
|
||||
})
|
||||
}
|
||||
providers = append(providers, defaults.CredProviders(awsConfig, defaults.Handlers())...)
|
||||
creds := credentials.NewChainCredentials(providers)
|
||||
|
||||
if params.RegionEndpoint != "" {
|
||||
awsConfig.WithS3ForcePathStyle(true)
|
||||
|
|
@ -449,7 +443,7 @@ func New(params DriverParameters) (*Driver, error) {
|
|||
}
|
||||
}
|
||||
|
||||
sess, err = session.NewSession(awsConfig)
|
||||
sess, err := session.NewSession(awsConfig)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create new session with aws config: %v", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue