Allow IAM Session Tokens for S3 cache client credentials
What does this MR do?
When using access keys for authentication, we currently provide the Minio S3 Client Credentials a hardcoded empty string for Session Token.
This MR extends the configuration by offering an additional input for specifying an AWS IAM Session Token if needed.
Why was this MR needed?
- Specifying only Access Key ID and Secret Key is fine when using long-lived IAM credentials because only the Access Key ID and Secret Key are issued.
- When operating in an environment that uses temporary IAM credentials (usually issued through STS IAM Role Assumptions), a Session Token also needs to be provided.
What's the best way to test this MR?
- Issue temporary credentials for a role that has S3 Bucket permissions
aws sts assume-role --role-arn arn:aws:iam::123456789123:role/myAwesomeRole --role-session-name test --duration-seconds 900
- Configure the runner using the printed credentials (including the session token)
- Test a single build using the
run-single
command
- Test a single build using the
Before this change (only access key id and secret key supplied)
After this change (being able to specify a session token too)
What are the relevant issue numbers?
- None, because it is a pretty small fix. I can create one if it's really necessary.
Edited by Mike Heyns