pull request for issue #259 (#260)

warp3r · timvaillancourt · commit 2a95b860c658 · 2018-06-14T21:59:27.000+02:00
* fixes for S3 IAM role authentication

* fixes for S3 IAM role authentication
diff --git a/mongodb_consistent_backup/Upload/S3/S3.py b/mongodb_consistent_backup/Upload/S3/S3.py
@@ -27,8 +27,8 @@ def __init__(self, manager, config, timer, base_dir, backup_dir, **kwargs):
 
         self._pool = None
 
-        if None in (self.access_key, self.secret_key, self.region):
-            raise OperationError("Invalid or missing AWS S3 access key, secret key or region detected!")
+        if self.region is None:
+            raise OperationError("Invalid or missing AWS S3 region detected!")
 
         self._pool = S3UploadPool(
             self.bucket_name,
diff --git a/mongodb_consistent_backup/Upload/S3/S3Session.py b/mongodb_consistent_backup/Upload/S3/S3Session.py
@@ -46,15 +46,24 @@ def is_forbidden_error(self, e):
     def connect(self):
         if not self._conn:
             try:
-                logging.debug("Connecting to AWS S3 with Access Key: %s" % self.access_key)
-                self._conn = boto.s3.connect_to_region(
-                    self.region,
-                    aws_access_key_id=self.access_key,
-                    aws_secret_access_key=self.secret_key,
-                    is_secure=self.secure,
-                    calling_format=self.calling_format
-                )
-                logging.debug("Successfully connected to AWS S3 with Access Key: %s" % self.access_key)
+                if (self.access_key is not None and self.secret_key is not None):
+                    logging.debug("Connecting to AWS S3 with Access Key: %s" % self.access_key)
+                    self._conn = boto.s3.connect_to_region(
+                        self.region,
+                        aws_access_key_id=self.access_key,
+                        aws_secret_access_key=self.secret_key,
+                        is_secure=self.secure,
+                        calling_format=self.calling_format
+                    )
+                    logging.debug("Successfully connected to AWS S3 with Access Key: %s" % self.access_key)
+                else:
+                    logging.debug("Connecting to AWS S3 with IAM Role")
+                    self._conn = boto.s3.connect_to_region(
+                        self.region,
+                        is_secure=self.secure,
+                        calling_format=self.calling_format
+                    )
+                    logging.debug("Successfully connected to AWS S3 with IAM Role")
             except boto.exception.S3ResponseError, e:
                 if self.is_forbidden_error(e):
                     logging.error("Not authorized to connect to AWS S3 with Access Key: %s!" % self.access_key)
