Merge pull request #1345 from harshavardhana/creds

Refactor credentials management to support multiple mechanisms.

internal/backend/s3/s3.go

@@ -40,25 +40,32 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 		minio.MaxRetry = int(cfg.MaxRetries)
 	}
 
-	var client *minio.Client
+	// Chains all credential types, starting with
-	var err error
+	// Static credentials provided by user.
-
+	// IAM profile based credentials. (performs an HTTP
-	if cfg.KeyID == "" || cfg.Secret == "" {
+	// call to a pre-defined endpoint, only valid inside
-		debug.Log("key/secret not found, trying to get them from IAM")
+	// configured ec2 instances)
-		creds := credentials.NewIAM("")
+	// AWS env variables such as AWS_ACCESS_KEY_ID
-		client, err = minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
+	// Minio env variables such as MINIO_ACCESS_KEY
-
+	creds := credentials.NewChainCredentials([]credentials.Provider{
+		&credentials.Static{
+			Value: credentials.Value{
+				AccessKeyID:     cfg.KeyID,
+				SecretAccessKey: cfg.Secret,
+			},
+		},
+		&credentials.IAM{
+			Client: &http.Client{
+				Transport: http.DefaultTransport,
+			},
+		},
+		&credentials.EnvAWS{},
+		&credentials.EnvMinio{},
+	})
+	client, err := minio.NewWithCredentials(cfg.Endpoint, creds, !cfg.UseHTTP, "")
 	if err != nil {
 		return nil, errors.Wrap(err, "minio.NewWithCredentials")
 	}
-	} else {
-		debug.Log("key/secret found")
-		client, err = minio.New(cfg.Endpoint, cfg.KeyID, cfg.Secret, !cfg.UseHTTP)
-
-		if err != nil {
-			return nil, errors.Wrap(err, "minio.New")
-		}
-	}
 
 	sem, err := backend.NewSemaphore(cfg.Connections)
 	if err != nil {