Rm aws keys verification to allow for iam roles

Remove the validation of aws credentials, since this was blocking the use of IAM roles for authentication.
2018-01-18 09:35:36 -02:00 · 2018-01-18 09:35:36 -02:00 · 3c795ed19c
parent 353adc52b0
commit 3c795ed19c
2 changed files with 9 additions and 3 deletions
--- a/aws.go
+++ b/aws.go
@ -28,8 +28,8 @@ type AWS struct {
 }

 func NewAWS(p *Plugin) AWS {
+
 	sessCfg := &aws.Config{
-		Credentials:      credentials.NewStaticCredentials(p.Key, p.Secret, ""),
 		S3ForcePathStyle: aws.Bool(p.PathStyle),
 		Region:           aws.String(p.Region),
 	}
@ -38,6 +38,12 @@ func NewAWS(p *Plugin) AWS {
 		sessCfg.Endpoint = &p.Endpoint
 		sessCfg.DisableSSL = aws.Bool(strings.HasPrefix(p.Endpoint, "http://"))
 	}
+
+	// allowing to use the instance role or provide a key and secret
+	if p.Key != "" && p.Secret != "" {
+		sessCfg.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
+	}
+
 	sess := session.New(sessCfg)

 	c := s3.New(sess)
--- a/plugin.go
+++ b/plugin.go
@ -43,7 +43,7 @@ type result struct {
 	err error
 }

-var MissingAwsValuesMessage = "Must set access_key, secret_key, and bucket"
+var MissingAwsValuesMessage = "Must set 'bucket'"

 func (p *Plugin) Exec() error {
 	err := p.sanitizeInputs()
@ -62,7 +62,7 @@ func (p *Plugin) Exec() error {
 }

 func (p *Plugin) sanitizeInputs() error {
-	if len(p.Key) == 0 || len(p.Secret) == 0 || len(p.Bucket) == 0 {
+	if len(p.Bucket) == 0 {
 		return errors.New(MissingAwsValuesMessage)
 	}