gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Explicitly disable signing for public buckets. (#8263)

Browse Source
This commit is contained in:
Chris Lu
2026-02-09 11:28:07 -08:00
committed by GitHub
parent 88b1768814
commit ccf35459be
2 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
weed/remote_storage/s3/s3_storage_client.go
View File

@@ -44,6 +44,9 @@ func (s s3RemoteStorageMaker) Make(conf *remote_pb.RemoteConf) (remote_storage.R
} }
if conf.S3AccessKey != "" && conf.S3SecretKey != "" { if conf.S3AccessKey != "" && conf.S3SecretKey != "" {
config.Credentials = credentials.NewStaticCredentials(conf.S3AccessKey, conf.S3SecretKey, "") config.Credentials = credentials.NewStaticCredentials(conf.S3AccessKey, conf.S3SecretKey, "")
} else if conf.S3AccessKey == "" && conf.S3SecretKey == "" {
// Explicitly disable signing for public buckets.
config.Credentials = credentials.AnonymousCredentials
} }
sess, err := session.NewSession(config) sess, err := session.NewSession(config)

57
weed/remote_storage/s3/s3_storage_client_test.go Normal file
View File

@@ -0,0 +1,57 @@
package s3
import (
"testing"
"github.com/aws/aws-sdk-go/aws/credentials"
awss3 "github.com/aws/aws-sdk-go/service/s3"
"github.com/seaweedfs/seaweedfs/weed/pb/remote_pb"
"github.com/stretchr/testify/require"
)
func TestS3MakeUsesAnonymousCredentialsWhenKeysAreEmpty(t *testing.T) {
maker := s3RemoteStorageMaker{}
conf := &remote_pb.RemoteConf{
Type: "s3",
S3Region: "us-east-1",
S3Endpoint: "http://localhost:8333",
S3ForcePathStyle: true,
}
remoteClient, err := maker.Make(conf)
require.NoError(t, err)
client, ok := remoteClient.(*s3RemoteStorageClient)
require.True(t, ok)
s3Client, ok := client.conn.(*awss3.S3)
require.True(t, ok)
require.Same(t, credentials.AnonymousCredentials, s3Client.Config.Credentials)
}
func TestS3MakeUsesStaticCredentialsWhenKeysAreProvided(t *testing.T) {
maker := s3RemoteStorageMaker{}
conf := &remote_pb.RemoteConf{
Type: "s3",
S3Region: "us-east-1",
S3Endpoint: "http://localhost:8333",
S3ForcePathStyle: true,
S3AccessKey: "test-access",
S3SecretKey: "test-secret",
}
remoteClient, err := maker.Make(conf)
require.NoError(t, err)
client, ok := remoteClient.(*s3RemoteStorageClient)
require.True(t, ok)
s3Client, ok := client.conn.(*awss3.S3)
require.True(t, ok)
require.NotSame(t, credentials.AnonymousCredentials, s3Client.Config.Credentials)
credValue, err := s3Client.Config.Credentials.Get()
require.NoError(t, err)
require.Equal(t, conf.S3AccessKey, credValue.AccessKeyID)
require.Equal(t, conf.S3SecretKey, credValue.SecretAccessKey)
}