Skip to content

Dev#112

Merged
usnavy13 merged 3 commits into
mainfrom
dev
May 16, 2026
Merged

Dev#112
usnavy13 merged 3 commits into
mainfrom
dev

Conversation

@usnavy13
Copy link
Copy Markdown
Owner

@usnavy13 usnavy13 commented May 16, 2026

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

ynotoast and others added 3 commits May 14, 2026 18:01
@ynotoast
Support IAM role / default credential chain for S3 auth
bf97b64 
Make s3_access_key and s3_secret_key Optional[str] (default None).
When unset, boto3 falls through to its standard credential chain:
env vars, ~/.aws/credentials, EC2/ECS instance metadata (IAM role).

Extract S3Config.make_client() to centralise boto3 client construction.
Update all four call sites to use make_client() and remove now-redundant
direct boto3 imports. Fix test fixtures to patch make_client() directly.

Existing behaviour with explicit keys (Garage, MinIO, etc.) is unchanged.
@ynotoast
fix: address PR review — head_bucket and partial-creds validation
64474ae 
- Replace list_buckets() with head_bucket() in config_validator and
  health check; least-privilege IAM roles need only s3:ListBucket on
  the configured bucket, not s3:ListAllMyBuckets
- Raise ValueError in make_client() when exactly one of S3_ACCESS_KEY /
  S3_SECRET_KEY is set — partial static credentials are a misconfiguration
- Remove total_buckets from health check details (no longer available)
@usnavy13
Merge pull request #111 from ynotoast/fix/iam-role-s3-auth
9f5a3ba 
Support IAM role / default credential chain for S3 auth
@usnavy13 usnavy13 merged commit 16474a4 into main May 16, 2026
9 checks passed
djuillard pushed a commit to On-Behalf-AI/LibreCodeInterpreter that referenced this pull request Jun 3, 2026
merge: integrate origin/main into feat/runtime-only (S3 IAM role auth)
ef38b73 
Brings in 5 commits from origin/main (PR usnavy13#111/usnavy13#112 from usnavy13):
- bf97b64 Support IAM role / default credential chain for S3 auth
- 64474ae fix: address PR review — head_bucket and partial-creds validation

Touches src/config/{__init__.py,s3.py}, src/services/{file,health,state_archival}.py,
src/utils/config_validator.py, tests/{conftest.py,unit/test_file_service.py}.

No overlap with runtime-only changes — clean merge expected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@usnavy13 @ynotoast