mirror of
https://github.com/offen/docker-volume-backup.git
synced 2024-11-22 13:20:29 +01:00
Merge pull request #26 from offen/instance-profile
Allow s3 authentication via IAM role
This commit is contained in:
commit
d7ccdd79fc
@ -134,6 +134,13 @@ You can populate below template according to your requirements and use it as you
|
|||||||
# AWS_ACCESS_KEY_ID="<xxx>"
|
# AWS_ACCESS_KEY_ID="<xxx>"
|
||||||
# AWS_SECRET_ACCESS_KEY="<xxx>"
|
# AWS_SECRET_ACCESS_KEY="<xxx>"
|
||||||
|
|
||||||
|
# Instead of providing static credentials, you can also use IAM instance profiles
|
||||||
|
# or similar to provide authentication. Some possible configuration options on AWS:
|
||||||
|
# - EC2: http://169.254.169.254
|
||||||
|
# - ECS: http://169.254.170.2
|
||||||
|
|
||||||
|
# AWS_IAM_ROLE_ENDPOINT="http://169.254.169.254"
|
||||||
|
|
||||||
# This is the FQDN of your storage server, e.g. `storage.example.com`.
|
# This is the FQDN of your storage server, e.g. `storage.example.com`.
|
||||||
# Do not set this when working against AWS S3 (the default value is
|
# Do not set this when working against AWS S3 (the default value is
|
||||||
# `s3.amazonaws.com`). If you need to set a specific (non-https) protocol, you
|
# `s3.amazonaws.com`). If you need to set a specific (non-https) protocol, you
|
||||||
|
@ -100,6 +100,7 @@ type config struct {
|
|||||||
AwsEndpointInsecure bool `split_words:"true"`
|
AwsEndpointInsecure bool `split_words:"true"`
|
||||||
AwsAccessKeyID string `envconfig:"AWS_ACCESS_KEY_ID"`
|
AwsAccessKeyID string `envconfig:"AWS_ACCESS_KEY_ID"`
|
||||||
AwsSecretAccessKey string `split_words:"true"`
|
AwsSecretAccessKey string `split_words:"true"`
|
||||||
|
AwsIamRoleEndpoint string `split_words:"true"`
|
||||||
GpgPassphrase string `split_words:"true"`
|
GpgPassphrase string `split_words:"true"`
|
||||||
EmailNotificationRecipient string `split_words:"true"`
|
EmailNotificationRecipient string `split_words:"true"`
|
||||||
EmailNotificationSender string `split_words:"true" default:"noreply@nohost"`
|
EmailNotificationSender string `split_words:"true" default:"noreply@nohost"`
|
||||||
@ -145,12 +146,21 @@ func newScript() (*script, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.c.AwsS3BucketName != "" {
|
if s.c.AwsS3BucketName != "" {
|
||||||
mc, err := minio.New(s.c.AwsEndpoint, &minio.Options{
|
var creds *credentials.Credentials
|
||||||
Creds: credentials.NewStaticV4(
|
if s.c.AwsAccessKeyID != "" && s.c.AwsSecretAccessKey != "" {
|
||||||
|
creds = credentials.NewStaticV4(
|
||||||
s.c.AwsAccessKeyID,
|
s.c.AwsAccessKeyID,
|
||||||
s.c.AwsSecretAccessKey,
|
s.c.AwsSecretAccessKey,
|
||||||
"",
|
"",
|
||||||
),
|
)
|
||||||
|
} else if s.c.AwsIamRoleEndpoint != "" {
|
||||||
|
creds = credentials.NewIAM(s.c.AwsIamRoleEndpoint)
|
||||||
|
} else {
|
||||||
|
return nil, errors.New("newScript: AWS_S3_BUCKET_NAME is defined, but no credentials were provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
mc, err := minio.New(s.c.AwsEndpoint, &minio.Options{
|
||||||
|
Creds: creds,
|
||||||
Secure: !s.c.AwsEndpointInsecure && s.c.AwsEndpointProto == "https",
|
Secure: !s.c.AwsEndpointInsecure && s.c.AwsEndpointProto == "https",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user