mirror/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2026-03-26 11:22:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

s3: IBM COS: provide ibm_iam_endpoint as a configurable param for IBM IAM-based auth

Browse Source
This commit is contained in:
Bhagyashreek8
2026-03-12 15:34:16 +05:30
committed by GitHub
parent 5d6690eb20
commit 69ccbacf30
5 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/s3/ibm_signer.go
View File

@@ -16,11 +16,12 @@ type Authenticator interface {
}
// IbmIamSigner is a structure for signing requests using IBM IAM.
// Requeres APIKey and Resource InstanceID
// Requires APIKey and Resource InstanceID
type IbmIamSigner struct {
APIKey string
InstanceID string
Auth Authenticator
APIKey string
InstanceID string
IAMEndpoint string
Auth Authenticator
}
// SignHTTP signs requests using IBM IAM token.
@@ -29,7 +30,7 @@ func (signer *IbmIamSigner) SignHTTP(ctx context.Context, credentials aws.Creden
if signer.Auth != nil {
authenticator = signer.Auth
} else {
authenticator = &core.IamAuthenticator{ApiKey: signer.APIKey}
authenticator = &core.IamAuthenticator{ApiKey: signer.APIKey, URL: signer.IAMEndpoint}
}
token, err := authenticator.GetToken()
if err != nil {

8
backend/s3/ibm_signer_test.go
View File

@@ -23,14 +23,16 @@ func TestSignHTTP(t *testing.T) {
apiKey := "mock-api-key"
instanceID := "mock-instance-id"
token := "mock-iam-token"
iamEndpoint := "https://iamendpoint.com"
mockAuth := &MockAuthenticator{
Token: token,
Error: nil,
}
signer := &IbmIamSigner{
APIKey: apiKey,
InstanceID: instanceID,
Auth: mockAuth,
APIKey: apiKey,
InstanceID: instanceID,
IAMEndpoint: iamEndpoint,
Auth: mockAuth,
}
req, err := http.NewRequest("GET", "https://example.com", nil)
if err != nil {

1
backend/s3/provider/IBMCOS.yaml
View File

@@ -117,6 +117,7 @@ acl:
This acl is available on IBM Cloud (Infra) and On-Premise IBM COS.
ibm_api_key: true
ibm_resource_instance_id: true
ibm_iam_endpoint: true
bucket_acl: true
quirks:
list_version: 1

3
backend/s3/providers.go
View File

@@ -52,6 +52,7 @@ type Provider struct {
// other
IBMApiKey bool `yaml:"ibm_api_key,omitempty"`
IBMResourceInstanceID bool `yaml:"ibm_resource_instance_id,omitempty"`
IBMIAMEndpoint bool `yaml:"ibm_iam_endpoint,omitempty"`
// advanced
BucketACL bool `yaml:"bucket_acl,omitempty"`
@@ -224,6 +225,8 @@ func constructProviders(options fs.Options, providerMap map[string]*Provider) st
addBool(opt, p, p.IBMApiKey)
case "ibm_resource_instance_id":
addBool(opt, p, p.IBMResourceInstanceID)
case "ibm_iam_endpoint":
addBool(opt, p, p.IBMIAMEndpoint)
case "leave_parts_on_error":
addBool(opt, p, p.LeavePartsOnError)
case "sts_endpoint":

7
backend/s3/s3.go
View File

@@ -829,6 +829,10 @@ use |-vv| to see the debug level logs.
}, {
Name: "ibm_resource_instance_id",
Help: "IBM service instance id",
}, {
Name: "ibm_iam_endpoint",
Help: "IBM IAM Endpoint to use for authentication.\n\nLeave blank to use the default public endpoint.",
Advanced: true,
}, {
Name: "object_lock_mode",
Help: `Object Lock mode to apply when uploading or copying objects.
@@ -1107,6 +1111,7 @@ type Options struct {
DirectoryBucket bool `config:"directory_bucket"`
IBMAPIKey string `config:"ibm_api_key"`
IBMInstanceID string `config:"ibm_resource_instance_id"`
IBMIAMEndpoint string `config:"ibm_iam_endpoint"`
UseXID fs.Tristate `config:"use_x_id"`
SignAcceptEncoding fs.Tristate `config:"sign_accept_encoding"`
ObjectLockMode string `config:"object_lock_mode"`
@@ -1541,7 +1546,7 @@ func s3Connection(ctx context.Context, opt *Options, client *http.Client) (s3Cli
fs.Debugf(nil, "Using v2 auth")
if opt.Provider == "IBMCOS" && opt.IBMAPIKey != "" && opt.IBMInstanceID != "" {
options = append(options, func(s3Opt *s3.Options) {
s3Opt.HTTPSignerV4 = &IbmIamSigner{APIKey: opt.IBMAPIKey, InstanceID: opt.IBMInstanceID}
s3Opt.HTTPSignerV4 = &IbmIamSigner{APIKey: opt.IBMAPIKey, InstanceID: opt.IBMInstanceID, IAMEndpoint: opt.IBMIAMEndpoint}
})
} else {
options = append(options, func(s3Opt *s3.Options) {