Use credentials to GetBucketRegion

Signed-off-by: Tiger Kaovilai <[email protected]>
vmware-tanzu · Jul 25, 2024 · 156fb10 · 156fb10
1 parent 627b11d
commit 156fb10
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 25 deletions.
diff --git a/velero-plugin-for-aws/config.go b/velero-plugin-for-aws/config.go
@@ -31,11 +31,6 @@ func (cb *configBuilder) WithRegion(region string) *configBuilder {
 	return cb
 }
 
-func (cb *configBuilder) WithAnonymousCredentials() *configBuilder {
-	cb.opts = append(cb.opts, config.WithCredentialsProvider(aws.AnonymousCredentials{}))
-	return cb
-}
-
 func (cb *configBuilder) WithProfile(profile string) *configBuilder {
 	cb.opts = append(cb.opts, config.WithSharedConfigProfile(profile))
 	return cb

diff --git a/velero-plugin-for-aws/object_store.go b/velero-plugin-for-aws/object_store.go
@@ -137,41 +137,32 @@ func (o *ObjectStore) Init(config map[string]string) error {
 		}
 	}
 
+	cfg, err := newConfigBuilder(o.log).WithRegion(region).
+		WithProfile(credentialProfile).
+		WithCredentialsFile(credentialsFile).
+		WithTLSSettings(insecureSkipTLSVerify, caCert).Build()
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
 	// AWS (not an alternate S3-compatible API) and region not
 	// explicitly specified: determine the bucket's region
 	// GetBucketRegion will attempt to get the region for a bucket using the
 	// client's configured region to determine which AWS partition to perform the query on.
-	// The request will not be signed, and will not use your AWS credentials.
 	if s3URL == "" && region == "" {
-		regionCfg, err := newConfigBuilder(o.log).WithTLSSettings(insecureSkipTLSVerify, caCert).
-		// configures anonymous credentials
-		WithAnonymousCredentials().
-		// configures region for GetBucketRegion to query from
-		WithRegion("us-east-1").
-		Build()
+		regionClient, err := newS3Client(cfg, s3URL, s3ForcePathStyle)
 		if err != nil {
 			return errors.WithStack(err)
 		}
-		client, err := newS3Client(regionCfg, s3URL, s3ForcePathStyle)
-		if err != nil {
-			return errors.WithStack(err)
-		}
-		region, err = manager.GetBucketRegion(context.Background(), client, bucket)
+		region, err = manager.GetBucketRegion(context.Background(), regionClient, bucket, func(o *s3.Options) { o.Region = "us-east-1" })
 		if err != nil {
 			o.log.Errorf("Failed to determine bucket's region bucket: %s, error: %v", bucket, err)
 			return err
 		}
 		if region == "" {
 			return fmt.Errorf("unable to determine bucket's region, bucket: %s", bucket)
 		}
-	}
-
-	cfg, err := newConfigBuilder(o.log).WithRegion(region).
-		WithProfile(credentialProfile).
-		WithCredentialsFile(credentialsFile).
-		WithTLSSettings(insecureSkipTLSVerify, caCert).Build()
-	if err != nil {
-		return errors.WithStack(err)
+		cfg.Region = region
 	}
 
 	client, err := newS3Client(cfg, s3URL, s3ForcePathStyle)