Clone
S├ębastien Requiem <sebastien.requiem@gmail.com>
committed
on 23 Aug 16
Merge pull request #690 from kiddouk:story/S3-repository-can-be-configured-to-authenticate-using-AWS-EC2-instance-metadata
S3 repository can… Show more
Merge pull request #690 from kiddouk:story/S3-repository-can-be-configured-to-authenticate-using-AWS-EC2-instance-metadata

S3 repository can authenticate using AWS EC2 instance metadata

* This is related to https://github.com/gradle/gradle/blob/c2dc9979706e6b3beca13f1de860834e9255fb1b/design-docs/finding-and-using-credentials.md#story-an-s3-repository-can-be-configured-to-authenticate-using-awss-ec2-instance-metadata

* Note that the AWS S3 Client implementation will now use the following

 credentials (in this specific order)

 - Environment (AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY,

   AWS_SESSION_TOKEN)

 - Java System Properties - aws.accessKeyId and aws.secretKey

 - Credential profiles file at the default

   location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

 - Instance Profile Credentials - delivered through the Amazon EC2

   metadata service

* The implementation assumes that only ONE authentication can be used

 per s3-resource at a time

* This patch enforces that each Authentication now declares

 `requiresCredentials` to be explicit

Integration tests:

Note that we cannot mock the instance meta data since it uses the ip

169.254.169.254 so we mock the system properties that the client

CredentialsProviderChain will look for.

Show less

master + 528 more