-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM roles, supported in 0.7.3, appear to no longer work in master #1422
Comments
git bisect shows the breaking commit @ 042adeb. |
The problem appears to be that the credential chaining is not working as expected.
causes minio to try to access S3 with an empty AccessKeyID and SecretAccessKey, if those aren't defined. It never falls back to IAM. Happy to submit a PR that only includes the static credentials in the chain if they exist, but not sure if that's the correct approach. I welcome thoughts from folks who understand minio-go credential chaining better on whether that's appropriate. |
Thanks for the report. @harshavardhana would you mind having a quick look? If I remember correctly, IAM profiles were briefly removed from minio-go, is that correct? |
No @fd0 restic has IAM profiles supported , looks like a bug in chaining as mentioned by @TheWalkers |
The fix is simple enough @TheWalkers would you mind testing this for us? #1422 |
Thanks @harshavardhana, I can confirm that that fix resolves the problem. |
Output of
restic version
v0.7.3-237-g06bd606d
How did you run restic exactly?
/usr/local/bin/restic -r s3:s3.amazonaws.com/restic-test-repo -p /root/.restic_pass init
create backend at s3:s3.amazonaws.com/restic-test-repo failed: client.MakeBucket: Anonymous access is forbidden for this operation
Running 0.7.3 with the same command line options on the same instance:
/usr/local/bin/restic_0.7.3_linux_amd64 -r s3:s3.amazonaws.com/restic-test-repo -p /root/.restic_pass init
created restic backend ffc0ca4517 at s3:s3.amazonaws.com/restic-test-repo
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
What backend/server/service did you use?
AWS S3
Expected behavior
restic should use IAM roles if no credentials are provided.
Actual behavior
Steps to reproduce the behavior
Do you have any idea what may have caused this?
Do you have an idea how to solve the issue?
I will be reviewing commits after 0.7.3 to see if I can spot a likely culprit.
The text was updated successfully, but these errors were encountered: