cleanup: deduplicate environment variable credential loading

Previously, `weed mini` logic duplicated the credential loading process by creating a temporary IAM config file from environment variables. `auth_credentials.go` also had fallback logic to load these variables. This change: 1. Updates `auth_credentials.go` to *always* check for and merge AWS environment variable credentials (`AWS_ACCESS_KEY_ID`, etc.) into the identity list. This ensures they are available regardless of whether other configurations (static file or filer) are loaded. 2. Removes the redundant file creation logic from `weed/command/mini.go`. 3. Updates `weed mini` user messages to accurately reflect that credentials are loaded from environment variables in-memory. This results in a cleaner implementation where `weed/s3api` manages all credential loading logic, and `weed mini` simply relies on it.
2026-01-08 20:35:37 -08:00
parent 7f1182472a
commit 1ea6b0c0d9
2 changed files with 84 additions and 82 deletions
--- a/weed/command/mini.go
+++ b/weed/command/mini.go
@@ -11,10 +11,8 @@ import (
 	"strings"
 	"time"

-	"github.com/seaweedfs/seaweedfs/weed/filer"
 	"github.com/seaweedfs/seaweedfs/weed/glog"
 	"github.com/seaweedfs/seaweedfs/weed/pb"
-	iam_pb "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
 	"github.com/seaweedfs/seaweedfs/weed/security"
 	stats_collect "github.com/seaweedfs/seaweedfs/weed/stats"
 	"github.com/seaweedfs/seaweedfs/weed/util"
@@ -916,37 +914,7 @@ func startS3Service() {
 	secretKey := os.Getenv("AWS_SECRET_ACCESS_KEY")

 	if accessKey != "" && secretKey != "" {
-		user := "mini"
-		iamCfg := &iam_pb.S3ApiConfiguration{}
-		ident := &iam_pb.Identity{Name: user}
-		ident.Credentials = append(ident.Credentials, &iam_pb.Credential{AccessKey: accessKey, SecretKey: secretKey})
-		ident.Actions = append(ident.Actions, "Admin")
-		iamCfg.Identities = append(iamCfg.Identities, ident)
-
-		iamPath := filepath.Join(*miniDataFolders, "iam_config.json")
-
-		// Check if IAM config file already exists
-		if _, err := os.Stat(iamPath); err == nil {
-			// File exists, skip writing to preserve existing configuration
-			glog.V(1).Infof("IAM config file already exists at %s, preserving existing configuration", iamPath)
-			*miniIamConfig = iamPath
-		} else if os.IsNotExist(err) {
-			// File does not exist, create and write new configuration
-			f, err := os.OpenFile(iamPath, os.O_CREATE|os.O_WRONLY, 0600)
-			if err != nil {
-				glog.Fatalf("failed to create IAM config file %s: %v", iamPath, err)
-			}
-			defer f.Close()
-			if err := filer.ProtoToText(f, iamCfg); err != nil {
-				glog.Fatalf("failed to write IAM config to %s: %v", iamPath, err)
-			}
-			*miniIamConfig = iamPath
-			createdInitialIAM = true // Mark that we created initial IAM config
-			glog.V(1).Infof("Created initial IAM config at %s", iamPath)
-		} else {
-			// Error checking file existence
-			glog.Fatalf("failed to check IAM config file existence at %s: %v", iamPath, err)
-		}
+		createdInitialIAM = true
 	}

 	miniS3Options.localFilerSocket = miniFilerOptions.localSocket
@@ -1153,9 +1121,7 @@ const credentialsInstructionTemplate = `
 `

 const credentialsCreatedMessage = `
-  Initial S3 credentials created:
-    user: mini
-    Note: credentials have been written to the IAM configuration file.
+  Initial S3 credentials loaded from environment variables.
 `

 // printWelcomeMessage prints the welcome message after all services are running