From 16a258ce69b0a6d2dd772cbac253e9fb4dd1ac15 Mon Sep 17 00:00:00 2001 From: Brian Bland Date: Mon, 12 Jan 2015 13:02:22 -0800 Subject: [PATCH] Enables s3 driver, limits permission check to scope of rootdirectory Signed-off-by: Brian Bland --- cmd/registry/main.go | 1 + storagedriver/s3/s3.go | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/registry/main.go b/cmd/registry/main.go index ff4830d2..436b8f77 100644 --- a/cmd/registry/main.go +++ b/cmd/registry/main.go @@ -18,6 +18,7 @@ import ( "github.com/docker/distribution/registry" _ "github.com/docker/distribution/storagedriver/filesystem" _ "github.com/docker/distribution/storagedriver/inmemory" + _ "github.com/docker/distribution/storagedriver/s3" ) func main() { diff --git a/storagedriver/s3/s3.go b/storagedriver/s3/s3.go index 99ae9fe6..69f34877 100644 --- a/storagedriver/s3/s3.go +++ b/storagedriver/s3/s3.go @@ -168,7 +168,9 @@ func New(params DriverParameters) (*Driver, error) { } } - if _, err := bucket.List("", "", "", 1); err != nil { + // Validate that the given credentials have at least read permissions in the + // given bucket scope. + if _, err := bucket.List(strings.TrimRight(params.RootDirectory, "/"), "", "", 1); err != nil { return nil, err }