From 2dcb327bc0523903d737eec24808228bf3fc5637 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Fri, 13 Sep 2024 12:45:31 +0100 Subject: [PATCH] s3: fix rclone ignoring static credentials when env_auth=true The SDKv2 conversion introduced a regression to do with setting credentials with env_auth=true. The rclone documentation explicitly states that env_auth only applies if secret_access_key and access_key_id are blank and users had been relying on that. However after the SDKv2 conversion we were ignoring static credentials if env_auth=true. This fixes the problem by ignoring env_auth=true if secret_access_key and access_key_id are both provided. This brings rclone back into line with the documentation and users expectations. Fixes #8067 --- backend/s3/s3.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/backend/s3/s3.go b/backend/s3/s3.go index e45a7b299..dac7d6375 100644 --- a/backend/s3/s3.go +++ b/backend/s3/s3.go @@ -3052,9 +3052,16 @@ func (s3logger) Logf(classification logging.Classification, format string, v ... func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Client *s3.Client, err error) { ci := fs.GetConfig(ctx) var awsConfig aws.Config + // Make the default static auth + v := aws.Credentials{ + AccessKeyID: opt.AccessKeyID, + SecretAccessKey: opt.SecretAccessKey, + SessionToken: opt.SessionToken, + } + awsConfig.Credentials = &credentials.StaticCredentialsProvider{Value: v} // Try to fill in the config from the environment if env_auth=true - if opt.EnvAuth { + if opt.EnvAuth && opt.AccessKeyID == "" && opt.SecretAccessKey == "" { configOpts := []func(*awsconfig.LoadOptions) error{} // Set the name of the profile if supplied if opt.Profile != "" { @@ -3079,13 +3086,7 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Cli case opt.SecretAccessKey == "": return nil, errors.New("secret_access_key not found") default: - // Make the static auth - v := aws.Credentials{ - AccessKeyID: opt.AccessKeyID, - SecretAccessKey: opt.SecretAccessKey, - SessionToken: opt.SessionToken, - } - awsConfig.Credentials = &credentials.StaticCredentialsProvider{Value: v} + // static credentials are already set } }