Skip to content

Commit f916852

Browse files
peetwjmckenna
peetw
authored and
jmckenna
committed
Update S3 cache to read AWS_SESSION_TOKEN env var if present (#339)
* Update S3 cache to read AWS_SESSION_TOKEN env var if present * Increase line buffer size when reading S3 credentials file
1 parent 68159a4 commit f916852

File tree

1 file changed

+15
-5
lines changed

1 file changed

+15
-5
lines changed

lib/cache_rest.c

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ struct mapcache_cache_s3 {
108108
mapcache_cache_rest cache;
109109
char *id;
110110
char *secret;
111+
char *session_token;
111112
char *region;
112113
char *credentials_file;
113114
};
@@ -868,16 +869,18 @@ static void _mapcache_cache_s3_headers_add(mapcache_context *ctx, const char* me
868869
if((rv=apr_file_open(&f, s3->credentials_file,
869870
APR_FOPEN_READ|APR_FOPEN_BUFFERED|APR_FOPEN_BINARY,APR_OS_DEFAULT,
870871
ctx->pool)) == APR_SUCCESS) {
871-
char line[2048];
872-
if( (rv = apr_file_gets(line,2048,f))== APR_SUCCESS) {
872+
// Line length buffer increased to handle longer session tokens; see:
873+
// https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
874+
char line[4096];
875+
if( (rv = apr_file_gets(line,4096,f))== APR_SUCCESS) {
873876
_remove_lineends(line);
874877
aws_access_key_id = apr_pstrdup(ctx->pool,line);
875878
}
876-
if( (rv = apr_file_gets(line,2048,f))== APR_SUCCESS) {
879+
if( (rv = apr_file_gets(line,4096,f))== APR_SUCCESS) {
877880
_remove_lineends(line);
878881
aws_secret_access_key = apr_pstrdup(ctx->pool,line);
879882
}
880-
if( (rv = apr_file_gets(line,2048,f))== APR_SUCCESS) {
883+
if( (rv = apr_file_gets(line,4096,f))== APR_SUCCESS) {
881884
_remove_lineends(line);
882885
aws_security_token = apr_pstrdup(ctx->pool,line);
883886
}
@@ -894,7 +897,7 @@ static void _mapcache_cache_s3_headers_add(mapcache_context *ctx, const char* me
894897
} else {
895898
aws_access_key_id = s3->id;
896899
aws_secret_access_key = s3->secret;
897-
aws_security_token = NULL;
900+
aws_security_token = s3->session_token;
898901
}
899902

900903
if(!strcmp(method,"PUT")) {
@@ -1366,6 +1369,13 @@ static void _mapcache_cache_s3_configuration_parse_xml(mapcache_context *ctx, ez
13661369
ctx->set_error(ctx,400,"s3 cache (%s) is missing required <secret> child or AWS_SECRET_ACCESS_KEY environment", cache->name);
13671370
return;
13681371
}
1372+
if ((cur_node = ezxml_child(node,"session_token")) != NULL) {
1373+
s3->session_token = apr_pstrdup(ctx->pool, cur_node->txt);
1374+
} else if ( getenv("AWS_SESSION_TOKEN")) {
1375+
s3->session_token = apr_pstrdup(ctx->pool,getenv("AWS_SESSION_TOKEN"));
1376+
} else {
1377+
s3->session_token = NULL;
1378+
}
13691379
}
13701380
if ((cur_node = ezxml_child(node,"region")) != NULL) {
13711381
s3->region = apr_pstrdup(ctx->pool, cur_node->txt);

0 commit comments

Comments
 (0)