source-controller icon indicating copy to clipboard operation
source-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Add support for custom STS endpoint for bucket/S3 source

Open bdalpe opened this issue 1 year ago • 1 comments

This would enable usage of MinIO STS auth

bdalpe avatar Apr 01 '24 19:04 bdalpe

We support OIDC auth for AWS, Azure and GCP, docs here: https://fluxcd.io/flux/components/source/buckets/#provider

Is this feature request for MinIO own implementation?

stefanprodan avatar Jul 03 '24 14:07 stefanprodan

The MinIO credentials package already supports a custom STS endpoint, so I think the request is to add it to the bucket.Spec and pass to the minio wrapper:

 	} else if bucket.Spec.Provider == sourcev1.AmazonBucketProvider {
-		opt.Creds = credentials.NewIAM("")
+		opt.Creds = credentials.NewIAM(bucket.Spec.STSEndpoint)
 	}

scmeli avatar Jul 10 '24 18:07 scmeli

@scmeli is correct, this request is to expose the STS endpoint configuration to accept custom values.

This is relevant for MinIO, but also for AWS especially when running in a VPC an interface endpoint for STS or wanting to use the regional STS endpoints.

bdalpe avatar Jul 16 '24 14:07 bdalpe