grafana · ekristen · Sep 22, 2023 · Sep 22, 2023 · Oct 4, 2023 · Oct 12, 2023
@@ -805,10 +805,6 @@ storage:
             # See the [S3 documentation on object tagging](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) for more detail.
             [tags: <map[string]string>]
 
-            # If enabled, it will use the default authentication methods of
-            # the AWS SDK for go based on known environment variables and known AWS config files.
-            [native_aws_auth_enabled: <boolean> | default = false]
-
         # azure configuration. Will be used only if value of backend is "azure"
         # EXPERIMENTAL
         azure:

@@ -25,13 +25,12 @@ type Config struct {
 	HedgeRequestsAt   time.Duration  `yaml:"hedge_requests_at"`
 	HedgeRequestsUpTo int            `yaml:"hedge_requests_up_to"`
 	// SignatureV2 configures the object storage to use V2 signing instead of V4
-	SignatureV2          bool              `yaml:"signature_v2"`
-	ForcePathStyle       bool              `yaml:"forcepathstyle"`
-	BucketLookupType     int               `yaml:"bucket_lookup_type"`
-	Tags                 map[string]string `yaml:"tags"`
-	StorageClass         string            `yaml:"storage_class"`
-	Metadata             map[string]string `yaml:"metadata"`
-	NativeAWSAuthEnabled bool              `yaml:"native_aws_auth_enabled"`
+	SignatureV2      bool              `yaml:"signature_v2"`
+	ForcePathStyle   bool              `yaml:"forcepathstyle"`
+	BucketLookupType int               `yaml:"bucket_lookup_type"`
+	Tags             map[string]string `yaml:"tags"`
+	StorageClass     string            `yaml:"storage_class"`
+	Metadata         map[string]string `yaml:"metadata"`
 }
 
 func (cfg *Config) RegisterFlagsAndApplyDefaults(prefix string, f *flag.FlagSet) {

@@ -429,34 +429,28 @@ func createCore(cfg *Config, hedge bool) (*minio.Core, error) {
 		return p
 	}
 
-	var chain []credentials.Provider
-
-	if cfg.NativeAWSAuthEnabled {
-		chain = []credentials.Provider{
-			wrapCredentialsProvider(NewAWSSDKAuth(cfg.Region)),
-		}
-	} else if cfg.AccessKey != "" {
-		chain = []credentials.Provider{
-			wrapCredentialsProvider(&credentials.Static{
-				Value: credentials.Value{
-					AccessKeyID:     cfg.AccessKey,
-					SecretAccessKey: cfg.SecretKey.String(),
-					SessionToken:    cfg.SessionToken.String(),
-				},
-			}),
-		}
-	} else {
-		chain = []credentials.Provider{
-			wrapCredentialsProvider(&credentials.EnvAWS{}),
-			wrapCredentialsProvider(&credentials.EnvMinio{}),
-			wrapCredentialsProvider(&credentials.FileAWSCredentials{}),
-			wrapCredentialsProvider(&credentials.FileMinioClient{}),
-			wrapCredentialsProvider(&credentials.IAM{
-				Client: &http.Client{
-					Transport: http.DefaultTransport,
-				},
-			}),
-		}
+	chain := []credentials.Provider{
+		wrapCredentialsProvider(&credentials.EnvAWS{}),
+		wrapCredentialsProvider(&credentials.Static{
+			Value: credentials.Value{
+				AccessKeyID:     cfg.AccessKey,
+				SecretAccessKey: cfg.SecretKey.String(),
+			},
+		}),
+		wrapCredentialsProvider(&credentials.EnvMinio{}),
+		wrapCredentialsProvider(&credentials.FileAWSCredentials{}),
+		wrapCredentialsProvider(&credentials.FileMinioClient{}),
+		wrapCredentialsProvider(&credentials.IAM{
+			Client: &http.Client{
+				Transport: http.DefaultTransport,
+			},
+		}),
+	}
+
+	creds := credentials.NewChainCredentials(chain)
+
+	if _, err := creds.Get(); err != nil {
+		return nil, errors.Wrap(err, "creds.Get")
 	}
 
 	customTransport, err := minio.DefaultTransport(!cfg.Insecure)
@@ -488,7 +482,7 @@ func createCore(cfg *Config, hedge bool) (*minio.Core, error) {
 	opts := &minio.Options{
 		Region:    cfg.Region,
 		Secure:    !cfg.Insecure,
-		Creds:     credentials.NewChainCredentials(chain),
+		Creds:     creds,
 		Transport: transport,
 	}