coreos / etcd-operator

etcd operator creates/configures/manages etcd clusters atop Kubernetes
https://coreos.com/blog/introducing-the-etcd-operator.html
Apache License 2.0
1.75k stars 740 forks source link

backup s3 credential keys escaping is broken #2114

Open fdlk opened 5 years ago

fdlk commented 5 years ago

If your s3 credentials contain a # character, the backup and restore will fail because the credentials are truncated at the # sign.

E.g. if .aws/credentials contains

[default]
aws_access_key_id=KS5n4dV4ZhmjrvpZJmSP
aws_secret_access_key=mr2Xc^y#AWTZ92NWJ#m^NBABZ!js&M#hPqRmD4ps

This is a bug in aws go api < v1.15.59 which used to depend on go-ini/ini which contains https://github.com/go-ini/ini/issues/187

Bug is fixed in https://github.com/aws/aws-sdk-go/releases/tag/v1.15.59 when they introduced an internal ini parser.

A couple new bugs were introduced by that parser, e.g. https://github.com/aws/aws-sdk-go/issues/2281

Last one got fixed in v1.15.79.

Would suggest to upgrade aws dependency to at least 1.15.x or otherwise using environment variables instead of the aws ini file.