From 85aa77539b5dbbf74a56833f5d0d0b6815e612e1 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Mon, 14 Dec 2020 12:46:03 -0500
Subject: [PATCH 1/4] Resolves #24699, Support ES2 and ECS instance providers
 for S3 buckets

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 lib/private/Files/ObjectStore/S3ConnectionTrait.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index c98c8a04cdffa..158298e059f07 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -103,8 +103,7 @@ public function getConnection() {
 		$provider = CredentialProvider::memoize(
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
-				CredentialProvider::env(),
-				CredentialProvider::instanceProfile()
+				CredentialProvider::defaultProvider()
 			)
 		);
 

From 5b756a9fb077bf71edd744c5018772ac649e5374 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Mon, 14 Dec 2020 16:20:30 -0500
Subject: [PATCH 2/4] Replace defaultProvider with explicit calls to exclude
 user home directory lookup

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 .../Files/ObjectStore/S3ConnectionTrait.php      | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index 158298e059f07..eaa9e9a907430 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -31,6 +31,7 @@
 
 use Aws\ClientResolver;
 use Aws\Credentials\CredentialProvider;
+use Aws\Credentials\EcsCredentialProvider;
 use Aws\Credentials\Credentials;
 use Aws\Exception\CredentialsException;
 use Aws\S3\Exception\S3Exception;
@@ -103,10 +104,23 @@ public function getConnection() {
 		$provider = CredentialProvider::memoize(
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
-				CredentialProvider::defaultProvider()
+				CredentialProvider::env(),
+				CredentialProvider::instanceProfile()
 			)
 		);
 
+		// If running in an ECS environment, then also include the ECS task role in the chain
+		if (!empty(getenv(EcsCredentialProvider::ENV_URI))) {
+			$provider = CredentialProvider::memoize(
+				CredentialProvider::chain(
+					$this->paramCredentialProvider(),
+					CredentialProvider::env(),
+					CredentialProvider::ecsCredentials(),
+					CredentialProvider::instanceProfile()
+				)
+			);
+		}
+
 		$options = [
 			'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
 			'credentials' => $provider,

From ad95e51cbed523a0f1e3f65fa2a5dd22c8d025f0 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Tue, 15 Dec 2020 16:37:46 -0500
Subject: [PATCH 3/4] Add web identity provider to S3 connection chain

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 .../Files/ObjectStore/S3ConnectionTrait.php     | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index eaa9e9a907430..cbe2f4b20a658 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -105,22 +105,13 @@ public function getConnection() {
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
 				CredentialProvider::env(),
-				CredentialProvider::instanceProfile()
+				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider()
+				!empty(getenv(EcsCredentialProvider::ENV_URI))
+					? CredentialProvider::ecsCredentials()
+					: CredentialProvider::instanceProfile()
 			)
 		);
 
-		// If running in an ECS environment, then also include the ECS task role in the chain
-		if (!empty(getenv(EcsCredentialProvider::ENV_URI))) {
-			$provider = CredentialProvider::memoize(
-				CredentialProvider::chain(
-					$this->paramCredentialProvider(),
-					CredentialProvider::env(),
-					CredentialProvider::ecsCredentials(),
-					CredentialProvider::instanceProfile()
-				)
-			);
-		}
-
 		$options = [
 			'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
 			'credentials' => $provider,

From 45a02ee30cced137fad421e47d30e07b0d292015 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Tue, 15 Dec 2020 19:06:06 -0500
Subject: [PATCH 4/4] Fix failing tests

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 lib/private/Files/ObjectStore/S3ConnectionTrait.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index cbe2f4b20a658..525abbfe8b57b 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -105,7 +105,7 @@ public function getConnection() {
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
 				CredentialProvider::env(),
-				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider()
+				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(),
 				!empty(getenv(EcsCredentialProvider::ENV_URI))
 					? CredentialProvider::ecsCredentials()
 					: CredentialProvider::instanceProfile()