support missing role-arn and role-session-name (#4763)

2025-11-10 13:42:32 +03:00 · 2023-11-15 14:45:58 -08:00
parent 6c9cdc27bc
commit 4724c024c6
3 changed files with 17 additions and 3 deletions
--- a/cmd/alias-set.go
+++ b/cmd/alias-set.go
@@ -179,7 +179,7 @@ func setAlias(alias string, aliasCfgV10 aliasConfigV10) aliasMessage {
 // probeS3Signature - auto probe S3 server signature: issue a Stat call
 // using v4 signature then v2 in case of failure.
 func probeS3Signature(ctx context.Context, accessKey, secretKey, url string, peerCert *x509.Certificate) (string, *probe.Error) {
-	probeBucketName := randString(60, rand.NewSource(time.Now().UnixNano()), "probe-bucket-sign-")
+	probeBucketName := randString(60, rand.NewSource(time.Now().UnixNano()), "probe-bsign-")
 	// Test s3 connection for API auto probe
 	s3Config := &Config{
 		// S3 connection parameters
--- a/cmd/client-s3.go
+++ b/cmd/client-s3.go
@@ -26,6 +26,7 @@ import (
 	"fmt"
 	"hash/fnv"
 	"io"
+	"math/rand"
 	"net"
 	"net/http"
 	"net/url"
@@ -219,6 +220,12 @@ func getCredentialsChainForConfig(config *Config, transport http.RoundTripper) (
 		// set AWS_WEB_IDENTITY_TOKEN_FILE is MC_WEB_IDENTITY_TOKEN_FILE is set
 		if val := env.Get("MC_WEB_IDENTITY_TOKEN_FILE", ""); val != "" {
 			os.Setenv("AWS_WEB_IDENTITY_TOKEN_FILE", val)
+			if val := env.Get("MC_ROLE_ARN", ""); val != "" {
+				os.Setenv("AWS_ROLE_ARN", val)
+			}
+			if val := env.Get("MC_ROLE_SESSION_NAME", randString(32, rand.NewSource(time.Now().UnixNano()), "mc-session-name-")); val != "" {
+				os.Setenv("AWS_ROLE_SESSION_NAME", val)
+			}
 		}

 		stsEndpointURL, err := url.Parse(stsEndpoint)
@@ -312,7 +319,7 @@ func newFactory() func(config *Config) (Client, *probe.Error) {
 			options := minio.Options{
 				Creds:        creds,
 				Secure:       useTLS,
-				Region:       os.Getenv("MC_REGION"),
+				Region:       env.Get("MC_REGION", env.Get("AWS_REGION", "")),
 				BucketLookup: config.Lookup,
 				Transport:    transport,
 			}
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -84,6 +84,9 @@ func max(a, b int) int {

 // randString generates random names and prepends them with a known prefix.
 func randString(n int, src rand.Source, prefix string) string {
+	if n == 0 {
+		return prefix
+	}
 	b := make([]byte, n)
 	// A rand.Int63() generates 63 random bits, enough for letterIdxMax letters!
 	for i, cache, remain := n-1, src.Int63(), letterIdxMax; i >= 0; {
@@ -97,7 +100,11 @@ func randString(n int, src rand.Source, prefix string) string {
 		cache >>= letterIdxBits
 		remain--
 	}
-	return prefix + string(b[0:30-len(prefix)])
+	x := n / 2
+	if x == 0 {
+		x = 1
+	}
+	return prefix + string(b[0:x])
 }

 // printTLSCertInfo prints some fields of the certificates received from the server.