Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

s3.go: Added options to use paths with S3 and the ability to disable SSL #3730

Merged
merged 4 commits into from
Jan 3, 2018
Merged

s3.go: Added options to use paths with S3 and the ability to disable SSL #3730

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a7ff829
s3.go: Added options to use paths with S3 and the ability to disable SSL
jpds Dec 22, 2017
f8a3a77
s3.go: Convert new string options to booleans for AWS config.
jpds Dec 22, 2017
fe7422c
s3 docs: Updated to match new string-based options.
jpds Dec 22, 2017
4ead2f5
s3.go: Corrections per PR review.
jpds Dec 26, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions physical/s3/s3.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/vault/helper/awsutil"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/helper/parseutil"
"github.com/hashicorp/vault/physical"
)

Expand Down Expand Up @@ -72,6 +73,22 @@ func NewS3Backend(conf map[string]string, logger log.Logger) (physical.Backend,
}
}
}
s3ForcePathStyleStr, ok := conf["s3_force_path_style"]
if !ok {
s3ForcePathStyleStr = "false"
}
s3ForcePathStyleBool, err := parseutil.ParseBool(s3ForcePathStyleStr)
if err != nil {
return nil, fmt.Errorf("invalid boolean set for s3_force_path_style: '%s'", s3ForcePathStyleStr)
}
disableSSLStr, ok := conf["disable_ssl"]
if !ok {
disableSSLStr = "false"
}
disableSSLBool, err := parseutil.ParseBool(disableSSLStr)
if err != nil {
return nil, fmt.Errorf("invalid boolean set for disable_ssl: '%s'", disableSSLStr)
}

credsConfig := &awsutil.CredentialsConfig{
AccessKey: accessKey,
Expand All @@ -91,8 +108,10 @@ func NewS3Backend(conf map[string]string, logger log.Logger) (physical.Backend,
HTTPClient: &http.Client{
Transport: pooledTransport,
},
Endpoint: aws.String(endpoint),
Region: aws.String(region),
Endpoint: aws.String(endpoint),
Region: aws.String(region),
S3ForcePathStyle: aws.Bool(s3ForcePathStyleBool),
DisableSSL: aws.Bool(disableSSLBool),
}))

_, err = s3conn.ListObjects(&s3.ListObjectsInput{Bucket: &bucket})
Expand Down
8 changes: 7 additions & 1 deletion website/source/docs/configuration/storage/s3.html.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,15 @@ cause Vault to attempt to retrieve credentials from the AWS metadata service.
- `session_token` `(string: "")` – Specifies the AWS session token. This can
also be provided via the environment variable `AWS_SESSION_TOKEN`.

- `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent
- `max_parallel` `(string: "128")` – Specifies the maximum number of concurrent
requests to S3.

- `s3_force_path_style` `(string: "false")` - Specifies whether to use host
bucket style domains with the configured endpoint.

- `disable_ssl` `(string: "false")` - Specifies if SSL should be used for the
endpoint connection (highly recommended not to disable for production).

## `s3` Examples

### Default Example
Expand Down