From f60b7811fdb601d6dea603e5c493340657912ac4 Mon Sep 17 00:00:00 2001
From: Sergey Shevchenko <sergeyshevchdevelop@gmail.com>
Date: Wed, 23 Mar 2022 13:46:09 +0400
Subject: [PATCH] Add ability to use IAM instead of keypair

Signed-off-by: Sergey Shevchenko <sergeyshevchdevelop@gmail.com>
---
 README.md |  6 ++++--
 main.go   | 31 +++++++++++++++++++++++--------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index fc5fc31..918a79f 100644
--- a/README.md
+++ b/README.md
@@ -24,14 +24,16 @@ The application can be configured with the following environment variables:
 
 - `ENDPOINT`: The endpoint of your S3 server (defaults to `s3.amazonaws.com`)
 - `REGION`: The region of your S3 server (defaults to `""`)
-- `ACCESS_KEY_ID`: Your S3 access key ID (required)
-- `SECRET_ACCESS_KEY`: Your S3 secret access key (required)
+- `ACCESS_KEY_ID`: Your S3 access key ID (required) (works only is `USE_IAM` is `false`)
+- `SECRET_ACCESS_KEY`: Your S3 secret access key (required) (works only is `USE_IAM` is `false`)
 - `USE_SSL`: Whether your S3 server uses SSL or not (defaults to `true`)
 - `SKIP_SSL_VERIFICATION`: Whether the HTTP client should skip SSL verification (defaults to `false`)
 - `PORT`: The port the s3manager app should listen on (defaults to `8080`)
 - `ALLOW_DELETE`: Enable buttons to delete objects (defaults to `true`)
 - `FORCE_DOWNLOAD`: Add response headers for object downloading instead of opening in a new tab (defaults to `true`)
 - `LIST_RECURSIVE`: List all objects in the bucket recursively (defaults to `false`)
+- `USE_IAM`: Use IAM role instead of key pair (defaults to `false`)
+- `IAM_ENDPOINT`: Endpoint for IAM role retrieving (Can be blank for AWS)
 
 ### Build and Run Locally
 
diff --git a/main.go b/main.go
index 4c0676d..994154f 100644
--- a/main.go
+++ b/main.go
@@ -22,19 +22,29 @@ import (
 var templateFS embed.FS
 
 func main() {
+	var (
+		accessKeyID, secretAccessKey, iamEndpoint string
+	)
+
 	viper.AutomaticEnv()
 
 	viper.SetDefault("ENDPOINT", "s3.amazonaws.com")
 	endpoint := viper.GetString("ENDPOINT")
 
-	accessKeyID := viper.GetString("ACCESS_KEY_ID")
-	if len(accessKeyID) == 0 {
-		log.Fatal("please provide ACCESS_KEY_ID")
-	}
+	useIam := viper.GetBool("USE_IAM")
 
-	secretAccessKey := viper.GetString("SECRET_ACCESS_KEY")
-	if len(secretAccessKey) == 0 {
-		log.Fatal("please provide SECRET_ACCESS_KEY")
+	if useIam {
+		iamEndpoint = viper.GetString("IAM_ENDPOINT")
+	} else {
+		accessKeyID = viper.GetString("ACCESS_KEY_ID")
+		if len(accessKeyID) == 0 {
+			log.Fatal("please provide ACCESS_KEY_ID")
+		}
+
+		secretAccessKey = viper.GetString("SECRET_ACCESS_KEY")
+		if len(secretAccessKey) == 0 {
+			log.Fatal("please provide SECRET_ACCESS_KEY")
+		}
 	}
 
 	region := viper.GetString("REGION")
@@ -64,9 +74,14 @@ func main() {
 
 	// Set up S3 client
 	opts := &minio.Options{
-		Creds:  credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
 		Secure: useSSL,
 	}
+	if useIam {
+		opts.Creds = credentials.NewIAM(iamEndpoint)
+	} else {
+		opts.Creds = credentials.NewStaticV4(accessKeyID, secretAccessKey, "")
+	}
+
 	if region != "" {
 		opts.Region = region
 	}