search

drone-plugins / drone-s3-sync

Drone plugin for syncing artifacts with an Amazon S3 Bucket
http://plugins.drone.io/drone-plugins/drone-s3-sync
Apache License 2.0
25 stars 32 forks source link

Plugin can't work if AWS keys are not set (use the given role) #35

Open omerxx opened 6 years ago

omerxx commented 6 years ago

Maybe just ignoring the fact that the credentials are empty is enough (Removing https://github.com/drone-plugins/drone-s3-sync/blob/master/plugin.go#L63)

But basically any plugin communicating with aws should have the ability to work with a role

tboerger commented 6 years ago

Pull requests that implement it similar to https://github.com/drone-plugins/drone-s3/blob/master/plugin.go#L90-L103 are welcome.

fernandrone commented 6 years ago

@tboerger I stumbled upon the same problem, so I'll probably make a PR with a fix tomorrow... however, that signed yaml is deprecated, right? I can't find anything about it on the current CLI documentation (http://docs.drone.io/cli-installation/)

Would just this be acceptable then?

    //Allowing to use the instance role or provide a key and secret
    if p.Key != "" && p.Secret != "" {
        conf.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
    }
    client := s3.New(session.New(), conf)

Or are there other security measures we should be taking?

fernandrone commented 6 years ago

For example, this: https://github.com/drone-plugins/drone-s3-sync/pull/38