source.dussan.org Git - gitea.git/commit

author	Michael Owoc <130198442+mowoc-ocp@users.noreply.github.com>
	Fri, 22 Nov 2024 20:12:06 +0000 (15:12 -0500)
committer	GitHub <noreply@github.com>
	Fri, 22 Nov 2024 20:12:06 +0000 (20:12 +0000)
commit	713364fc718d1d53840bd83ba6f6c307bd213fa8
tree	7ac042cdf7743ed5152b326a24028aaba260a309	tree \| snapshot
parent	f2a995174101b9fa9409acb2b47b065262098b28	commit \| diff

Support optional/configurable IAMEndpoint for Minio Client (#32581) (#32581)

Targeting issue #32271

This modification allows native Kubernetes + AWS (EKS) authentication
with the Minio client, to Amazon S3 using the IRSA role assigned to a
Service account by replacing the hard coded reference to the
`DefaultIAMRoleEndpoint` with an optional configurable endpoint.

Internally, Minio's `credentials.IAM` provider implements a discovery
flow for IAM Endpoints if it is not set.

For backwards compatibility:
- We have added a configuration mechanism for an `IamEndpoint` to retain
the unit test safety in `minio_test.go`.
- We believe existing clients will continue to function the same without
needing to provide a new config property since the internals of Minio
client also often resolve to the `http://169.254.169.254` default
endpoint that was being hard coded before

To test, we were able to build a docker image from source and, observe
it choosing the expected IAM endpoint, and see files uploaded via the
client.

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

RSS Atom

custom/conf/app.example.ini		diff \| blob \| history
modules/setting/storage.go		diff \| blob \| history
modules/setting/storage_test.go		diff \| blob \| history
modules/storage/minio.go		diff \| blob \| history
modules/storage/minio_test.go		diff \| blob \| history