From 37a467e0a5ba98344e315875e749199cd276c4d5 Mon Sep 17 00:00:00 2001
From: Satyam Singh <trueleo@protonmail.com>
Date: Tue, 25 Apr 2023 13:44:14 +0530
Subject: [PATCH 1/2] Use aws_profile to fetch credentials

---
 Cargo.lock               |  2 +-
 server/src/storage/s3.rs | 32 ++++++++++++++++++++++++++------
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 35a8565a8..d990e2755 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2970,7 +2970,7 @@ dependencies = [
 
 [[package]]
 name = "parseable"
-version = "0.4.0"
+version = "0.4.1"
 dependencies = [
  "actix-cors",
  "actix-web",
diff --git a/server/src/storage/s3.rs b/server/src/storage/s3.rs
index aa445de06..1febce21a 100644
--- a/server/src/storage/s3.rs
+++ b/server/src/storage/s3.rs
@@ -72,18 +72,28 @@ pub struct S3Config {
         long,
         env = "P_S3_ACCESS_KEY",
         value_name = "access-key",
-        required = true
+        required_unless_present = "profile_name"
     )]
-    pub access_key_id: String,
+    pub access_key_id: Option<String>,
 
     /// The secret key for AWS S3 or compatible object storage platform
     #[arg(
         long,
         env = "P_S3_SECRET_KEY",
         value_name = "secret-key",
-        required = true
+        required_unless_present = "profile_name"
     )]
-    pub secret_key: String,
+    pub secret_key: Option<String>,
+
+    // Use aws profile name to fetch credentials
+    #[arg(
+        long,
+        env = "P_S3_PROFILE_NAME",
+        value_name = "profile",
+        conflicts_with_all = ["access_key_id", "secret_key"],
+        required = false
+    )]
+    pub profile_name: Option<String>,
 
     /// The region for AWS S3 or compatible object storage platform
     #[arg(long, env = "P_S3_REGION", value_name = "region", required = true)]
@@ -135,11 +145,21 @@ impl S3Config {
             .with_region(&self.region)
             .with_endpoint(&self.endpoint_url)
             .with_bucket_name(&self.bucket_name)
-            .with_access_key_id(&self.access_key_id)
-            .with_secret_access_key(&self.secret_key)
             .with_virtual_hosted_style_request(!self.use_path_style)
             .with_allow_http(true);
 
+        if let Some((access_key, secret_key)) =
+            self.access_key_id.as_ref().zip(self.secret_key.as_ref())
+        {
+            builder = builder
+                .with_access_key_id(access_key)
+                .with_secret_access_key(secret_key);
+        }
+
+        if let Some(profile) = &self.profile_name {
+            builder = builder.with_profile(profile);
+        }
+
         if self.set_checksum {
             builder = builder.with_checksum_algorithm(Checksum::SHA256)
         }

From 36efc3d395cd60d99c8258640e823113da7ee12a Mon Sep 17 00:00:00 2001
From: Satyam Singh <trueleo@protonmail.com>
Date: Tue, 25 Apr 2023 14:21:50 +0530
Subject: [PATCH 2/2] Add imdsv1 and metadata endpoint option

---
 server/src/storage/s3.rs | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/server/src/storage/s3.rs b/server/src/storage/s3.rs
index 1febce21a..9c258dec0 100644
--- a/server/src/storage/s3.rs
+++ b/server/src/storage/s3.rs
@@ -88,7 +88,7 @@ pub struct S3Config {
     // Use aws profile name to fetch credentials
     #[arg(
         long,
-        env = "P_S3_PROFILE_NAME",
+        env = "P_AWS_PROFILE_NAME",
         value_name = "profile",
         conflicts_with_all = ["access_key_id", "secret_key"],
         required = false
@@ -129,6 +129,24 @@ pub struct S3Config {
         default_value = "false"
     )]
     pub skip_tls: bool,
+
+    /// Set client to fallback to imdsv1
+    #[arg(
+        long,
+        env = "P_AWS_IMDSV1_FALLBACK",
+        value_name = "bool",
+        default_value = "false"
+    )]
+    pub imdsv1_fallback: bool,
+
+    /// Set instance metadata endpoint to use.
+    #[arg(
+        long,
+        env = "P_AWS_METADATA_ENDPOINT",
+        value_name = "url",
+        required = false
+    )]
+    pub metadata_endpoint: Option<String>,
 }
 
 impl S3Config {
@@ -148,6 +166,10 @@ impl S3Config {
             .with_virtual_hosted_style_request(!self.use_path_style)
             .with_allow_http(true);
 
+        if self.set_checksum {
+            builder = builder.with_checksum_algorithm(Checksum::SHA256)
+        }
+
         if let Some((access_key, secret_key)) =
             self.access_key_id.as_ref().zip(self.secret_key.as_ref())
         {
@@ -160,8 +182,12 @@ impl S3Config {
             builder = builder.with_profile(profile);
         }
 
-        if self.set_checksum {
-            builder = builder.with_checksum_algorithm(Checksum::SHA256)
+        if self.imdsv1_fallback {
+            builder = builder.with_imdsv1_fallback()
+        }
+
+        if let Some(metadata_endpoint) = &self.metadata_endpoint {
+            builder = builder.with_metadata_endpoint(metadata_endpoint)
         }
 
         builder.with_client_options(client_options)