Fix for #336 - Make S3 Key/Secret optional to allow support for "IAM …

…role based access to s3 from EC2" (#337)
opencomponents · Dec 29, 2016 · d1abdba · d1abdba
1 parent 05d4f6e
commit d1abdba
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/src/registry/domain/validators/registry-configuration.js b/src/registry/domain/validators/registry-configuration.js
@@ -63,7 +63,10 @@ module.exports = function(conf){
   }
 
   if(!conf.local){
-    if(!conf.s3 || !conf.s3.bucket || !conf.s3.key || !conf.s3.region || !conf.s3.secret){
+    // S3 settings should either specify both key/secret or 
+    // skip both when leveraging IAM Role based S3 access from EC2
+    if (!conf.s3 || !conf.s3.bucket || !conf.s3.region ||
+      (conf.s3.key && !conf.s3.secret) || (!conf.s3.key && conf.s3.secret)) {
       return returnError(strings.errors.registry.CONFIGURATION_S3_NOT_VALID);
     }
   }

diff --git a/test/unit/registry-domain-validator.js b/test/unit/registry-domain-validator.js
@@ -201,6 +201,20 @@ describe('registry : domain : validator', function(){
             expect(validate(conf).message).to.equal(errorMessage);
           });
         });
+
+        describe('when s3 setting do not use key/secret - EC2 IAM Role use case', function() {
+          var conf = {
+            publishAuth: false,
+            s3: {
+              bucket: 'oc-registry',
+              region: 'us-west2'
+            }
+          };
+
+          it('should be valid', function() {
+            expect(validate(conf).isValid).to.be.true;
+          });
+        });
 
         describe('when s3 setting contains all properties', function(){
           var conf = { publishAuth: false, s3: baseS3Conf};