Fix S3 client to support IRSA credentials
Only pass explicit credentials to boto3 if they're actually set. This allows the default credential chain (including IRSA web identity tokens) to be used when no access key is configured.
This commit is contained in:
Mondo Diaz
@@ -242,15 +242,19 @@ class S3Storage:
|
||||
},
|
||||
)
|
||||
|
||||
self.client = boto3.client(
|
||||
"s3",
|
||||
endpoint_url=settings.s3_endpoint if settings.s3_endpoint else None,
|
||||
region_name=settings.s3_region,
|
||||
aws_access_key_id=settings.s3_access_key_id,
|
||||
aws_secret_access_key=settings.s3_secret_access_key,
|
||||
config=config,
|
||||
verify=settings.s3_verify_ssl, # SSL/TLS verification
|
||||
)
|
||||
# Build client kwargs - only include credentials if explicitly provided
|
||||
# This allows IRSA/IAM role credentials to be used when no explicit creds are set
|
||||
client_kwargs = {
|
||||
"endpoint_url": settings.s3_endpoint if settings.s3_endpoint else None,
|
||||
"region_name": settings.s3_region,
|
||||
"config": config,
|
||||
"verify": settings.s3_verify_ssl,
|
||||
}
|
||||
if settings.s3_access_key_id and settings.s3_secret_access_key:
|
||||
client_kwargs["aws_access_key_id"] = settings.s3_access_key_id
|
||||
client_kwargs["aws_secret_access_key"] = settings.s3_secret_access_key
|
||||
|
||||
self.client = boto3.client("s3", **client_kwargs)
|
||||
self.bucket = settings.s3_bucket
|
||||
# Store active multipart uploads for resumable support
|
||||
self._active_uploads: Dict[str, Dict[str, Any]] = {}
|
||||
|
||||
Reference in New Issue
Block a user