Open ianb-mp opened 2 months ago
Using `nil` credentials when configuring an API client will achieve the same result. The AnonymousCredentials type allows you to configure the SDK's external config loading to not attempt to source credentials from the shared config or environment.
Is it possible to use the nil credential to do the same result?
This would break the current velero CLI downloadrequests as it relies on signedUrls currently.
Describe the problem/challenge you have
Using velero-plugin-for-aws, there is no way to disable signing of requests to S3. This causes a problem with scenarios where the S3 bucket does not need credentials i.e. bucket policy allows by IP address, or VPC endpoint.
Describe the solution you'd like
It would be good if a configuration option to disable signing of requests could be added. AFAIK, this should be possible with AWS SDK - see: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2@v1.26.1/aws#AnonymousCredentials
Anything else you would like to add:
Environment:
velero version
):kubectl version
):/etc/os-release
):Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.