From f57329a37a47c0b06b25f04db91d4a1329bc54fa Mon Sep 17 00:00:00 2001 From: Jon Davies Date: Wed, 3 Jan 2018 17:11:00 +0000 Subject: [PATCH] s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) --- physical/s3/s3.go | 23 +++++++++++++++++-- .../docs/configuration/storage/s3.html.md | 8 ++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/physical/s3/s3.go b/physical/s3/s3.go index 7118e7da14bd..5adae1aca21f 100644 --- a/physical/s3/s3.go +++ b/physical/s3/s3.go @@ -22,6 +22,7 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/vault/helper/awsutil" "github.com/hashicorp/vault/helper/consts" + "github.com/hashicorp/vault/helper/parseutil" "github.com/hashicorp/vault/physical" ) @@ -72,6 +73,22 @@ func NewS3Backend(conf map[string]string, logger log.Logger) (physical.Backend, } } } + s3ForcePathStyleStr, ok := conf["s3_force_path_style"] + if !ok { + s3ForcePathStyleStr = "false" + } + s3ForcePathStyleBool, err := parseutil.ParseBool(s3ForcePathStyleStr) + if err != nil { + return nil, fmt.Errorf("invalid boolean set for s3_force_path_style: '%s'", s3ForcePathStyleStr) + } + disableSSLStr, ok := conf["disable_ssl"] + if !ok { + disableSSLStr = "false" + } + disableSSLBool, err := parseutil.ParseBool(disableSSLStr) + if err != nil { + return nil, fmt.Errorf("invalid boolean set for disable_ssl: '%s'", disableSSLStr) + } credsConfig := &awsutil.CredentialsConfig{ AccessKey: accessKey, @@ -91,8 +108,10 @@ func NewS3Backend(conf map[string]string, logger log.Logger) (physical.Backend, HTTPClient: &http.Client{ Transport: pooledTransport, }, - Endpoint: aws.String(endpoint), - Region: aws.String(region), + Endpoint: aws.String(endpoint), + Region: aws.String(region), + S3ForcePathStyle: aws.Bool(s3ForcePathStyleBool), + DisableSSL: aws.Bool(disableSSLBool), })) _, err = s3conn.ListObjects(&s3.ListObjectsInput{Bucket: &bucket}) diff --git a/website/source/docs/configuration/storage/s3.html.md b/website/source/docs/configuration/storage/s3.html.md index d18507e35af3..247b1fe973d1 100644 --- a/website/source/docs/configuration/storage/s3.html.md +++ b/website/source/docs/configuration/storage/s3.html.md @@ -58,9 +58,15 @@ cause Vault to attempt to retrieve credentials from the AWS metadata service. - `session_token` `(string: "")` – Specifies the AWS session token. This can also be provided via the environment variable `AWS_SESSION_TOKEN`. -- `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent +- `max_parallel` `(string: "128")` – Specifies the maximum number of concurrent requests to S3. +- `s3_force_path_style` `(string: "false")` - Specifies whether to use host + bucket style domains with the configured endpoint. + +- `disable_ssl` `(string: "false")` - Specifies if SSL should be used for the + endpoint connection (highly recommended not to disable for production). + ## `s3` Examples ### Default Example