asgardius/s3manager-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ability to use IAM instead of keypair

Browse source 
Signed-off-by: Sergey Shevchenko <sergeyshevchdevelop@gmail.com>
This commit is contained in:
Sergey Shevchenko 2022-03-23 13:46:09 +04:00 committed by Lena Fuhrimann
parent c077332721
commit f60b7811fd
2 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -24,14 +24,16 @@ The application can be configured with the following environment variables:
- `ENDPOINT`: The endpoint of your S3 server (defaults to `s3.amazonaws.com`) - `ENDPOINT`: The endpoint of your S3 server (defaults to `s3.amazonaws.com`)
- `REGION`: The region of your S3 server (defaults to `""`) - `REGION`: The region of your S3 server (defaults to `""`)
- `ACCESS_KEY_ID`: Your S3 access key ID (required) - `ACCESS_KEY_ID`: Your S3 access key ID (required) (works only is `USE_IAM` is `false`)
- `SECRET_ACCESS_KEY`: Your S3 secret access key (required) - `SECRET_ACCESS_KEY`: Your S3 secret access key (required) (works only is `USE_IAM` is `false`)
- `USE_SSL`: Whether your S3 server uses SSL or not (defaults to `true`) - `USE_SSL`: Whether your S3 server uses SSL or not (defaults to `true`)
- `SKIP_SSL_VERIFICATION`: Whether the HTTP client should skip SSL verification (defaults to `false`) - `SKIP_SSL_VERIFICATION`: Whether the HTTP client should skip SSL verification (defaults to `false`)
- `PORT`: The port the s3manager app should listen on (defaults to `8080`) - `PORT`: The port the s3manager app should listen on (defaults to `8080`)
- `ALLOW_DELETE`: Enable buttons to delete objects (defaults to `true`) - `ALLOW_DELETE`: Enable buttons to delete objects (defaults to `true`)
- `FORCE_DOWNLOAD`: Add response headers for object downloading instead of opening in a new tab (defaults to `true`) - `FORCE_DOWNLOAD`: Add response headers for object downloading instead of opening in a new tab (defaults to `true`)
- `LIST_RECURSIVE`: List all objects in the bucket recursively (defaults to `false`) - `LIST_RECURSIVE`: List all objects in the bucket recursively (defaults to `false`)
- `USE_IAM`: Use IAM role instead of key pair (defaults to `false`)
- `IAM_ENDPOINT`: Endpoint for IAM role retrieving (Can be blank for AWS)
### Build and Run Locally ### Build and Run Locally

31
main.go
View file

@ -22,19 +22,29 @@ import (
var templateFS embed.FS var templateFS embed.FS
func main() { func main() {
var (
accessKeyID, secretAccessKey, iamEndpoint string
)
viper.AutomaticEnv() viper.AutomaticEnv()
viper.SetDefault("ENDPOINT", "s3.amazonaws.com") viper.SetDefault("ENDPOINT", "s3.amazonaws.com")
endpoint := viper.GetString("ENDPOINT") endpoint := viper.GetString("ENDPOINT")
accessKeyID := viper.GetString("ACCESS_KEY_ID") useIam := viper.GetBool("USE_IAM")
if len(accessKeyID) == 0 {
log.Fatal("please provide ACCESS_KEY_ID")
}
secretAccessKey := viper.GetString("SECRET_ACCESS_KEY") if useIam {
if len(secretAccessKey) == 0 { iamEndpoint = viper.GetString("IAM_ENDPOINT")
log.Fatal("please provide SECRET_ACCESS_KEY") } else {
accessKeyID = viper.GetString("ACCESS_KEY_ID")
if len(accessKeyID) == 0 {
log.Fatal("please provide ACCESS_KEY_ID")
}
secretAccessKey = viper.GetString("SECRET_ACCESS_KEY")
if len(secretAccessKey) == 0 {
log.Fatal("please provide SECRET_ACCESS_KEY")
}
} }
region := viper.GetString("REGION") region := viper.GetString("REGION")
@ -64,9 +74,14 @@ func main() {
// Set up S3 client // Set up S3 client
opts := &minio.Options{ opts := &minio.Options{
Creds: credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
Secure: useSSL, Secure: useSSL,
} }
if useIam {
opts.Creds = credentials.NewIAM(iamEndpoint)
} else {
opts.Creds = credentials.NewStaticV4(accessKeyID, secretAccessKey, "")
}
if region != "" { if region != "" {
opts.Region = region opts.Region = region
} }