[Cyberduck-trac] [Cyberduck] #8610: Support S3 authentication via IAM Role credentials

[Cyberduck]

#8610: Support S3 authentication via IAM Role credentials
-------------------------+-------------------------
 Reporter:  ebekker      |         Owner:  dkocher
     Type:  enhancement  |        Status:  assigned
 Priority:  normal       |     Milestone:  4.7
Component:  s3           |       Version:
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:               |
-------------------------+-------------------------

Comment (by ebekker):

 I was reviewing some of the relevant code to implement this request, and I
 thought of another way to add the functionality with minimal disruption to
 the existing UI or codebase as starting point.

 Instead of touching any of the UI elements at all, a special sentinel
 value, such as {{{%IAM_ROLE%}}}, that when provided for the "Access Token"
 of an S3 connection (i.e. the Username), triggers slightly different
 behavior in the S3 connection building.

 Looking at the latest version of the code base in trunk for S3Session.java
 (source/ch/cyberduck/core/s3/S3Session.java @ r17003), at line 114 where
 you handle switching between an anonymous connection (null AWSCredentials)
 or constucting a set of credentials based on user-provided Access Key +
 Secret Key, you could add a third option when
 {{{"%IAM_HOST%".equals(host.GetCredentials().GetUsername())}}} to
 construct an {{{AWSSessionCredentials}}} instance.

 The Access Key, Secret Key and Session Token would all be derived from the
 running context as described above.

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8610#comment:8>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows