Add support for custom AWS STS endpoint for bucket/S3 source

Question

Add support for custom AWS STS endpoint for bucket/S3 source

bdalpe opened this issue 6 months ago · 3 comments

bdalpe commented 6 months ago

This would enable usage of MinIO STS auth

Answer 1 · 2024-07-03T14:26:40.000Z

We support OIDC auth for AWS, Azure and GCP, docs here: https://fluxcd.io/flux/components/source/buckets/#provider

Is this feature request for MinIO own implementation?

Answer 2 · 2024-07-10T18:52:13.000Z

The MinIO credentials package already supports a custom STS endpoint, so I think the request is to add it to the bucket.Spec and pass to the minio wrapper:

 	} else if bucket.Spec.Provider == sourcev1.AmazonBucketProvider {
-		opt.Creds = credentials.NewIAM("")
+		opt.Creds = credentials.NewIAM(bucket.Spec.STSEndpoint)
 	}

Answer 3 · 2024-07-16T14:13:35.000Z

@scmeli is correct, this request is to expose the STS endpoint configuration to accept custom values.

This is relevant for MinIO, but also for AWS especially when running in a VPC an interface endpoint for STS or wanting to use the regional STS endpoints.