TheArchive/restic
1
0
Fork 0
mirror of https://github.com/restic/restic.git synced 2025-10-09 06:01:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5162 from MichaelEischer/promote-feature-gates

Browse Source 
Stabilize `explicit-s3-anonymous-auth` and `safe-forget-keep-tags` feature flags
This commit is contained in:
Michael Eischer
2025-01-13 22:03:06 +01:00
committed by GitHub
parent bd4ce8aac1 098db935f7
commit 14d02df8bb
4 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/backend/s3/s3.go
View File

@@ -129,12 +129,7 @@ func getCredentials(cfg Config, tr http.RoundTripper) (*credentials.Credentials,
// Fail if no credentials were found to prevent repeated attempts to (unsuccessfully) retrieve new credentials.
// The first attempt still has to timeout which slows down restic usage considerably. Thus, migrate towards forcing
// users to explicitly decide between authenticated and anonymous access.
if feature.Flag.Enabled(feature.ExplicitS3AnonymousAuth) {
return nil, fmt.Errorf("no credentials found. Use `-o s3.unsafe-anonymous-auth=true` for anonymous authentication")
}
debug.Log("using anonymous access for %#v", cfg.Endpoint)
creds = credentials.New(&credentials.Static{})
return nil, fmt.Errorf("no credentials found. Use `-o s3.unsafe-anonymous-auth=true` for anonymous authentication")
}
roleArn := os.Getenv("RESTIC_AWS_ASSUME_ROLE_ARN")

4
internal/feature/registry.go
View File

@@ -15,7 +15,7 @@ func init() {
Flag.SetFlags(map[FlagName]FlagDesc{
BackendErrorRedesign: {Type: Beta, Description: "enforce timeouts for stuck HTTP requests and use new backend error handling design."},
DeviceIDForHardlinks: {Type: Alpha, Description: "store deviceID only for hardlinks to reduce metadata changes for example when using btrfs subvolumes. Will be removed in a future restic version after repository format 3 is available"},
ExplicitS3AnonymousAuth: {Type: Beta, Description: "forbid anonymous S3 authentication unless `-o s3.unsafe-anonymous-auth=true` is set"},
SafeForgetKeepTags: {Type: Beta, Description: "prevent deleting all snapshots if the tag passed to `forget --keep-tags tagname` does not exist"},
ExplicitS3AnonymousAuth: {Type: Stable, Description: "forbid anonymous S3 authentication unless `-o s3.unsafe-anonymous-auth=true` is set"},
SafeForgetKeepTags: {Type: Stable, Description: "prevent deleting all snapshots if the tag passed to `forget --keep-tags tagname` does not exist"},
})
}