change priority of admin credentials from env varaibles (#7032)
* change priority of admin credentials from env varaibles * address comment
This commit is contained in:
Chris Lu
@@ -131,33 +131,38 @@ func NewIdentityAccessManagementWithStore(option *S3ApiServerOption, explicitSto
|
||||
|
||||
iam.credentialManager = credentialManager
|
||||
|
||||
// First, load configurations from file or filer
|
||||
// Track whether any configuration was successfully loaded
|
||||
configLoaded := false
|
||||
|
||||
// First, try to load configurations from file or filer
|
||||
if option.Config != "" {
|
||||
glog.V(3).Infof("loading static config file %s", option.Config)
|
||||
if err := iam.loadS3ApiConfigurationFromFile(option.Config); err != nil {
|
||||
glog.Fatalf("fail to load config file %s: %v", option.Config, err)
|
||||
}
|
||||
configLoaded = true
|
||||
} else {
|
||||
glog.V(3).Infof("no static config file specified... loading config from credential manager")
|
||||
if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil {
|
||||
glog.Warningf("fail to load config: %v", err)
|
||||
} else {
|
||||
// Check if any identities were actually loaded from filer
|
||||
iam.m.RLock()
|
||||
if len(iam.identities) > 0 {
|
||||
configLoaded = true
|
||||
}
|
||||
iam.m.RUnlock()
|
||||
}
|
||||
}
|
||||
|
||||
// Then, add admin credentials from environment variables if available
|
||||
// This supplements the configuration by adding admin credentials from environment variables if they don't already exist.
|
||||
accessKeyId := os.Getenv("AWS_ACCESS_KEY_ID")
|
||||
secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
|
||||
// Only use environment variables as fallback if no configuration was loaded
|
||||
if !configLoaded {
|
||||
accessKeyId := os.Getenv("AWS_ACCESS_KEY_ID")
|
||||
secretAccessKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
|
||||
|
||||
if accessKeyId != "" && secretAccessKey != "" {
|
||||
glog.V(0).Infof("Adding S3 admin credentials from AWS environment variables")
|
||||
if accessKeyId != "" && secretAccessKey != "" {
|
||||
glog.V(0).Infof("No S3 configuration found, using AWS environment variables as fallback")
|
||||
|
||||
// Check if an identity with this access key already exists
|
||||
iam.m.RLock()
|
||||
_, accessKeyExists := iam.accessKeyIdent[accessKeyId]
|
||||
iam.m.RUnlock()
|
||||
|
||||
if !accessKeyExists {
|
||||
// Create environment variable identity name
|
||||
identityNameSuffix := accessKeyId
|
||||
if len(accessKeyId) > 8 {
|
||||
@@ -179,18 +184,16 @@ func NewIdentityAccessManagementWithStore(option *S3ApiServerOption, explicitSto
|
||||
},
|
||||
}
|
||||
|
||||
// Add to existing configuration
|
||||
// Set as the only configuration
|
||||
iam.m.Lock()
|
||||
iam.identities = append(iam.identities, envIdentity)
|
||||
iam.accessKeyIdent[accessKeyId] = envIdentity
|
||||
if !iam.isAuthEnabled {
|
||||
if len(iam.identities) == 0 {
|
||||
iam.identities = []*Identity{envIdentity}
|
||||
iam.accessKeyIdent = map[string]*Identity{accessKeyId: envIdentity}
|
||||
iam.isAuthEnabled = true
|
||||
}
|
||||
iam.m.Unlock()
|
||||
|
||||
glog.V(0).Infof("Added admin identity from AWS environment variables: %s", envIdentity.Name)
|
||||
} else {
|
||||
glog.V(0).Infof("Access key %s already exists, skipping environment variable credentials", accessKeyId)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user