feat: add iam, aws config file, minio config file configurable credentials for s3 blob storage

2025-04-05 22:17:39 +03:00 · 2022-09-14 18:48:20 +05:30 · 2022-09-14 18:48:20 +05:30 · 587f380935
commit 587f380935
parent 1463886fc2
3 changed files with 41 additions and 9 deletions
--- a/docs/reference/blob/s3.md
+++ b/docs/reference/blob/s3.md
@ -13,6 +13,7 @@ storage.blob.s3 {
    # optional
    region eu-central-1
    object_prefix maddy/
+    creds access_key
 }
 ```

@ -26,6 +27,7 @@ storage.imapsql local_mailboxes {
        secret_key "..."
        bucket maddy-messages
        region us-west-2
+        creds access_key
    }
 }
 ```
@ -69,3 +71,16 @@ in some manuals.
 String to add to all keys stored by maddy.

 Can be useful when S3 is used as a file system.
+
+**Syntax:** creds _string_ <br>
+**Default:** access_key
+
+Credentials to use for accessing the S3 Bucket.
+
+Credential Types:
+ - access_key: use AWS access key and secret access key 
+ - file_minio: use credentials for Minio present at ~/.mc/config.json
+ - file_aws: use credentials for AWS S3 present at ~/.aws/credentials
+ - iam: use AWS IAM instance profile for credentials.
+
+By default, access_key is used with the access key and secret access key present in the config.
--- a/go.sum
+++ b/go.sum
@ -158,18 +158,10 @@ github.com/foxcpp/go-imap-backend-tests v0.0.0-20220105184719-e80aa29a5e16 h1:qh
 github.com/foxcpp/go-imap-backend-tests v0.0.0-20220105184719-e80aa29a5e16/go.mod h1:OPP1AgKxMPo3aHX5pcEZLQhhh5sllFcB8aUN9f6a6X8=
 github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005 h1:pfoFtkTTQ473qStSN79jhCFBWqMQt/3DQ3NGuXvT+50=
 github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005/go.mod h1:34FwxnjC2N+EFs2wMtsHevrZLWRKRuVU8wEcHWKq/nE=
-github.com/foxcpp/go-imap-mess v0.0.0-20220625121252-2006ec40a870 h1:p2Lw5jR61pnlc3Jn1ETyV0A/EpdrwyR0A/sGTXS0EKs=
-github.com/foxcpp/go-imap-mess v0.0.0-20220625121252-2006ec40a870/go.mod h1:S/ELw0SONJ3ffk0ie7TYD6OxoIiyeMI22Fr3kwKUG8s=
 github.com/foxcpp/go-imap-mess v0.0.0-20220625145025-3c40e241d099 h1:e0r3qEQl1K/a3fXftbSGG78DGnmRG7hIhh0UzEW8UNs=
 github.com/foxcpp/go-imap-mess v0.0.0-20220625145025-3c40e241d099/go.mod h1:yESOLBW3uVSa7ncJYtDO1tnapt/xb9v1rrn8D5eXups=
 github.com/foxcpp/go-imap-namespace v0.0.0-20200802091432-08496dd8e0ed h1:1Jo7geyvunrPSjL6F6D9EcXoNApS5v3LQaro7aUNPnE=
 github.com/foxcpp/go-imap-namespace v0.0.0-20200802091432-08496dd8e0ed/go.mod h1:Shows1vmkBWO40ChOClaUe6DUnZrsP1UPAuoWzIUdgQ=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625121648-6e3bebef681a h1:feXUJIFGHuDWTla+GVVujs1NJrdHoy6tTCEOM+I8MuQ=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625121648-6e3bebef681a/go.mod h1:KtJKMct3aAjl2waDe4XVhUxm9sw/P4xQWY8EPeXKn4w=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625153806-70f09b5f83c9 h1:q7xhdvWYAXJunFGfB1qpRyfTIJyzROu3Iup3WByQQ/k=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625153806-70f09b5f83c9/go.mod h1:8uUTN2RRWZrETuA9pDvDr4SjV1hCvEYG2WOlXuupj+g=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625154604-220be7ba4d19 h1:28C6Xgt+b5EnBdjxEwp9mODIRSD0/sCksR4kPOJf8ho=
-github.com/foxcpp/go-imap-sql v0.5.1-0.20220625154604-220be7ba4d19/go.mod h1:8uUTN2RRWZrETuA9pDvDr4SjV1hCvEYG2WOlXuupj+g=
 github.com/foxcpp/go-imap-sql v0.5.1-0.20220627220518-df3b66a5b04f h1:Jz3h1e5ZYA+ANkVAb5kytcPYuew3lxWQyqHUEAPOQHo=
 github.com/foxcpp/go-imap-sql v0.5.1-0.20220627220518-df3b66a5b04f/go.mod h1:8uUTN2RRWZrETuA9pDvDr4SjV1hCvEYG2WOlXuupj+g=
 github.com/foxcpp/go-mockdns v0.0.0-20191216195825-5eabd8dbfe1f/go.mod h1:tPg4cp4nseejPd+UKxtCVQ2hUxNTZ7qQZJa7CLriIeo=
--- a/internal/storage/blob/s3/s3.go
+++ b/internal/storage/blob/s3/s3.go
@ -15,6 +15,14 @@ import (

 const modName = "storage.blob.s3"

+const (
+	credsTypeFileMinio = "file_minio"
+	credsTypeFileAWS   = "file_aws"
+	credsTypeAccessKey = "access_key"
+	credsTypeIAM       = "iam"
+	credsTypeDefault   = credsTypeAccessKey
+)
+
 type Store struct {
 	instName string
 	log      log.Logger
@ -42,6 +50,7 @@ func (s *Store) Init(cfg *config.Map) error {
 		secure          bool
 		accessKeyID     string
 		secretAccessKey string
+		credsType       string
 		location        string
 	)
 	cfg.String("endpoint", false, true, "", &s.endpoint)
@ -51,6 +60,7 @@ func (s *Store) Init(cfg *config.Map) error {
 	cfg.String("bucket", false, true, "", &s.bucketName)
 	cfg.String("region", false, false, "", &location)
 	cfg.String("object_prefix", false, false, "", &s.objectPrefix)
+	cfg.String("creds", false, false, credsTypeDefault, &credsType)

 	if _, err := cfg.Process(); err != nil {
 		return err
@ -59,8 +69,23 @@ func (s *Store) Init(cfg *config.Map) error {
 		return fmt.Errorf("%s: endpoint not set", modName)
 	}

+	var creds *credentials.Credentials
+
+	switch credsType {
+	case credsTypeFileMinio:
+		creds = credentials.NewFileMinioClient("", "")
+	case credsTypeFileAWS:
+		creds = credentials.NewFileAWSCredentials("", "")
+	case credsTypeIAM:
+		creds = credentials.NewIAM("")
+	case credsTypeAccessKey:
+		creds = credentials.NewStaticV4(accessKeyID, secretAccessKey, "")
+	default:
+		creds = credentials.NewStaticV4(accessKeyID, secretAccessKey, "")
+	}
+
 	cl, err := minio.New(s.endpoint, &minio.Options{
-		Creds:  credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
+		Creds:  creds,
 		Secure: secure,
 		Region: location,
 	})