diff options
| author | Michael Owoc <130198442+mowoc-ocp@users.noreply.github.com> | 2024-11-22 15:12:06 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-22 20:12:06 +0000 |
| commit | 713364fc718d1d53840bd83ba6f6c307bd213fa8 (patch) | |
| tree | 7ac042cdf7743ed5152b326a24028aaba260a309 /routers/web/org/home.go | |
| parent | f2a995174101b9fa9409acb2b47b065262098b28 (diff) | |
| download | gitea-713364fc718d1d53840bd83ba6f6c307bd213fa8.tar.gz gitea-713364fc718d1d53840bd83ba6f6c307bd213fa8.zip | |
Support optional/configurable IAMEndpoint for Minio Client (#32581) (#32581)
Targeting issue #32271
This modification allows native Kubernetes + AWS (EKS) authentication
with the Minio client, to Amazon S3 using the IRSA role assigned to a
Service account by replacing the hard coded reference to the
`DefaultIAMRoleEndpoint` with an optional configurable endpoint.
Internally, Minio's `credentials.IAM` provider implements a discovery
flow for IAM Endpoints if it is not set.
For backwards compatibility:
- We have added a configuration mechanism for an `IamEndpoint` to retain
the unit test safety in `minio_test.go`.
- We believe existing clients will continue to function the same without
needing to provide a new config property since the internals of Minio
client also often resolve to the `http://169.254.169.254` default
endpoint that was being hard coded before
To test, we were able to build a docker image from source and, observe
it choosing the expected IAM endpoint, and see files uploaded via the
client.
Diffstat (limited to 'routers/web/org/home.go')
0 files changed, 0 insertions, 0 deletions