[ARVADOS] updated: 1.3.0-1671-gfbbba2116

Git user git at public.curoverse.com
Tue Oct 1 18:52:45 UTC 2019


Summary of changes:
 ...configure-s3-object-storage.html.textile.liquid | 22 +++++++++++-----------
 services/keepstore/s3_volume.go                    |  3 +++
 2 files changed, 14 insertions(+), 11 deletions(-)

       via  fbbba2116c046a3c20a71ea0268501a1a5b802e5 (commit)
       via  6f62ef31c63c6f04f9cb3fc772b93bead5a58345 (commit)
      from  5612cb8542511ea96108604499b8b7e37e3804c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit fbbba2116c046a3c20a71ea0268501a1a5b802e5
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Tue Oct 1 14:52:03 2019 -0400

    15599: Reject configuration with both IAMRole and Access/SecretKey.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/services/keepstore/s3_volume.go b/services/keepstore/s3_volume.go
index e39d7b79b..220377af2 100644
--- a/services/keepstore/s3_volume.go
+++ b/services/keepstore/s3_volume.go
@@ -160,6 +160,9 @@ func (v *S3Volume) GetDeviceID() string {
 
 func (v *S3Volume) bootstrapIAMCredentials() error {
 	if v.AccessKey != "" || v.SecretKey != "" {
+		if v.IAMRole != "" {
+			return errors.New("invalid DriverParameters: AccessKey and SecretKey must be blank if IAMRole is specified")
+		}
 		return nil
 	}
 	ttl, err := v.updateIAMCredentials()

commit 6f62ef31c63c6f04f9cb3fc772b93bead5a58345
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Tue Oct 1 14:47:25 2019 -0400

    15599: Use default/automatic credentials for example config.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/doc/install/configure-s3-object-storage.html.textile.liquid b/doc/install/configure-s3-object-storage.html.textile.liquid
index d6366aa6a..b721dba9e 100644
--- a/doc/install/configure-s3-object-storage.html.textile.liquid
+++ b/doc/install/configure-s3-object-storage.html.textile.liquid
@@ -33,17 +33,17 @@ Volumes are configured in the @Volumes@ section of the cluster configuration fil
         Driver: S3
         DriverParameters:
           # IAM role name to use when retrieving credentials from
-          # instance metadata. This is optional (if omitted, the role
-          # name itself is retrieved from instance metadata) but it
-          # may protect you from using the wrong credentials in the
-          # event of an installation/configuration error.
-          IAMRole: s3access
-
-          # The credentials to use to access the bucket. Omit or leave
-          # blank to use the credentials provided by the instance's
-          # IAM role.
-          AccessKey: aaaaa
-          SecretKey: aaaaa
+          # instance metadata. It can be omitted, in which case the
+          # role name itself will be retrieved from instance metadata
+          # -- but setting it explicitly may protect you from using
+          # the wrong credentials in the event of an
+          # installation/configuration error.
+          IAMRole: ""
+
+          # If you are not using an IAM role for authentication,
+          # specify access credentials here instead.
+          AccessKey: ""
+          SecretKey: ""
 
           # Storage provider endpoint. For Amazon S3, use "" or
           # omit. For Google Cloud Storage, use

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list