diff --git a/docs/index.md b/docs/index.md index fdf929e6..88ba4454 100644 --- a/docs/index.md +++ b/docs/index.md @@ -17,10 +17,11 @@ provider minio { minio_secret_key = "..." // optional - minio_region = "..." - minio_api_version = "..." - minio_ssl = "..." - minio_insecure = "..." + minio_session_token = "..." + minio_region = "..." + minio_api_version = "..." + minio_ssl = "..." + minio_insecure = "..." } ``` @@ -79,6 +80,9 @@ The following arguments are supported in the `provider` block: - `minio_secret_key` - (Required) Minio Secret Key. It must be provided, but it can also be sourced from the `MINIO_SECRET_KEY` environment variable +- `minio_session_token` - (Optional) Minio Session Token. It can also be sourced from + the `MINIO_SESSION_TOKEN` environment variable + - `minio_region` - (Optional) Minio Region (`default: us-east-1`). - `minio_api_version` - (Optional) Minio API Version (type: string, options: `v2` or `v4`, default: `v4`). diff --git a/minio/check_config.go b/minio/check_config.go index 9d22b42c..ac493556 100644 --- a/minio/check_config.go +++ b/minio/check_config.go @@ -38,6 +38,7 @@ func NewConfig(d *schema.ResourceData) *S3MinioConfig { S3Region: d.Get("minio_region").(string), S3UserAccess: d.Get("minio_access_key").(string), S3UserSecret: d.Get("minio_secret_key").(string), + S3SessionToken: d.Get("minio_session_token").(string), S3APISignature: d.Get("minio_api_version").(string), S3SSL: d.Get("minio_ssl").(bool), S3SSLCACertFile: d.Get("minio_cert_file").(string), diff --git a/minio/new_client.go b/minio/new_client.go index 00f5a25c..cb2de4df 100644 --- a/minio/new_client.go +++ b/minio/new_client.go @@ -18,6 +18,7 @@ import ( func (config *S3MinioConfig) NewClient() (client interface{}, err error) { var minioClient *minio.Client + var minioCredentials *credentials.Credentials tr, err := config.customTransport() if err != nil { @@ -26,14 +27,16 @@ func (config *S3MinioConfig) NewClient() (client interface{}, err error) { } if config.S3APISignature == "v2" { + minioCredentials = credentials.NewStaticV2(config.S3UserAccess, config.S3UserSecret, config.S3SessionToken) minioClient, err = minio.New(config.S3HostPort, &minio.Options{ - Creds: credentials.NewStaticV2(config.S3UserAccess, config.S3UserSecret, ""), + Creds: minioCredentials, Secure: config.S3SSL, Transport: tr, }) } else if config.S3APISignature == "v4" { + minioCredentials = credentials.NewStaticV4(config.S3UserAccess, config.S3UserSecret, config.S3SessionToken) minioClient, err = minio.New(config.S3HostPort, &minio.Options{ - Creds: credentials.NewStaticV4(config.S3UserAccess, config.S3UserSecret, ""), + Creds: minioCredentials, Secure: config.S3SSL, Transport: tr, }) @@ -45,7 +48,10 @@ func (config *S3MinioConfig) NewClient() (client interface{}, err error) { return nil, err } - minioAdmin, err := madmin.New(config.S3HostPort, config.S3UserAccess, config.S3UserSecret, config.S3SSL) + minioAdmin, err := madmin.NewWithOptions(config.S3HostPort, &madmin.Options{ + Creds: minioCredentials, + Secure: config.S3SSL, + }) //minioAdmin.TraceOn(nil) if err != nil { log.Println("[FATAL] Error building admin client for S3 server.") diff --git a/minio/payload.go b/minio/payload.go index 762c4955..b74b3dd3 100644 --- a/minio/payload.go +++ b/minio/payload.go @@ -13,6 +13,7 @@ type S3MinioConfig struct { S3UserAccess string S3UserSecret string S3Region string + S3SessionToken string S3APISignature string S3SSL bool S3SSLCACertFile string diff --git a/minio/provider.go b/minio/provider.go index 082bd8c1..0a3f065e 100644 --- a/minio/provider.go +++ b/minio/provider.go @@ -41,6 +41,14 @@ func Provider() *schema.Provider { "MINIO_SECRET_KEY", }, nil), }, + "minio_session_token": { + Type: schema.TypeString, + Optional: true, + Description: "Minio Session Token", + DefaultFunc: schema.MultiEnvDefaultFunc([]string{ + "MINIO_SESSION_TOKEN", + }, ""), + }, "minio_api_version": { Type: schema.TypeString, Optional: true,