[Cyberduck-trac] [Cyberduck] #8610: Support S3 authentication via IAM Role credentials
Cyberduck
trac at trac.cyberduck.io
Wed Feb 25 11:26:58 UTC 2015
#8610: Support S3 authentication via IAM Role credentials
-------------------------+-------------------------
Reporter: ebekker | Owner: dkocher
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.7
Component: s3 | Version:
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: |
-------------------------+-------------------------
Comment (by ebekker):
I was reviewing some of the relevant code to implement this request, and I
thought of another way to add the functionality with minimal disruption to
the existing UI or codebase as starting point.
Instead of touching any of the UI elements at all, a special sentinel
value, such as {{{%IAM_ROLE%}}}, that when provided for the "Access Token"
of an S3 connection (i.e. the Username), triggers slightly different
behavior in the S3 connection building.
Looking at the latest version of the code base in trunk for S3Session.java
(source/ch/cyberduck/core/s3/S3Session.java @ r17003), at line 114 where
you handle switching between an anonymous connection (null AWSCredentials)
or constucting a set of credentials based on user-provided Access Key +
Secret Key, you could add a third option when
{{{"%IAM_HOST%".equals(host.GetCredentials().GetUsername())}}} to
construct an {{{AWSSessionCredentials}}} instance.
The Access Key, Secret Key and Session Token would all be derived from the
running context as described above.
--
Ticket URL: <https://trac.cyberduck.io/ticket/8610#comment:8>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list