Merge pull request #466 from slingdata-io/v1.3.3.patch

improve s3 credential handling
slingdata-io · Dec 16, 2024 · 7f2ea7c · 7f2ea7c
2 parents 007e2bb + bb038c6
commit 7f2ea7c
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/core/dbio/filesys/fs_s3.go b/core/dbio/filesys/fs_s3.go
@@ -135,24 +135,38 @@ func (fs *S3FileSysClient) Connect() (err error) {
 		// LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
 	}
 
-	if _, err := credentials.NewEnvCredentials().Get(); err == nil {
-		// Use environment credentials (AWS SDK will automatically pick these up)
-		g.Debug("using default AWS environment credentials")
+	if cast.ToBool(fs.GetProp("USE_ENVIRONMENT")) {
+		goto useEnv
 	} else if profile := fs.GetProp("PROFILE"); profile != "" {
 		// Fall back to profile if specified
 		creds := credentials.NewSharedCredentials("", profile)
 		if _, err := creds.Get(); err != nil {
 			return g.Error(err, "Failed to load credentials for profile '%s'. Please check if profile exists in ~/.aws/credentials", profile)
 		}
 		awsConfig.Credentials = creds
+		goto skipUseEnv
 	} else if fs.GetProp("ACCESS_KEY_ID") != "" && fs.GetProp("SECRET_ACCESS_KEY") != "" {
 		awsConfig.Credentials = credentials.NewStaticCredentials(
 			fs.GetProp("ACCESS_KEY_ID"),
 			fs.GetProp("SECRET_ACCESS_KEY"),
 			fs.GetProp("SESSION_TOKEN"),
 		)
+		goto skipUseEnv
+	} else if val := fs.GetProp("USE_ENVIRONMENT"); val != "" && !cast.ToBool(val) {
+		goto skipUseEnv
 	}
 
+useEnv:
+	// Use environment credentials (AWS SDK will automatically pick these up)
+	g.Debug("using default AWS environment credentials")
+	_, err = credentials.NewEnvCredentials().Get()
+	if err != nil {
+		err = g.Error(err, "Could not AWS environment credentials.")
+		return
+	}
+
+skipUseEnv:
+
 	fs.session, err = session.NewSession(awsConfig)
 	if err != nil {
 		err = g.Error(err, "Could not create AWS session (did not provide ACCESS_KEY_ID/SECRET_ACCESS_KEY or default AWS profile).")