From d1abdba2f84882155bdef418770ac5d0f50ccdfc Mon Sep 17 00:00:00 2001
From: Bhautik Doshi <bhautik@gmail.com>
Date: Thu, 29 Dec 2016 02:15:19 -0800
Subject: [PATCH] Fix for #336 - Make S3 Key/Secret optional to allow support
 for "IAM role based access to s3 from EC2" (#337)

---
 .../domain/validators/registry-configuration.js    |  5 ++++-
 test/unit/registry-domain-validator.js             | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/registry/domain/validators/registry-configuration.js b/src/registry/domain/validators/registry-configuration.js
index 388b18e86..3b5d1b3db 100644
--- a/src/registry/domain/validators/registry-configuration.js
+++ b/src/registry/domain/validators/registry-configuration.js
@@ -63,7 +63,10 @@ module.exports = function(conf){
   }
 
   if(!conf.local){
-    if(!conf.s3 || !conf.s3.bucket || !conf.s3.key || !conf.s3.region || !conf.s3.secret){
+    // S3 settings should either specify both key/secret or 
+    // skip both when leveraging IAM Role based S3 access from EC2
+    if (!conf.s3 || !conf.s3.bucket || !conf.s3.region ||
+      (conf.s3.key && !conf.s3.secret) || (!conf.s3.key && conf.s3.secret)) {
       return returnError(strings.errors.registry.CONFIGURATION_S3_NOT_VALID);
     }
   }
diff --git a/test/unit/registry-domain-validator.js b/test/unit/registry-domain-validator.js
index 520649ed6..f152b902d 100644
--- a/test/unit/registry-domain-validator.js
+++ b/test/unit/registry-domain-validator.js
@@ -201,6 +201,20 @@ describe('registry : domain : validator', function(){
             expect(validate(conf).message).to.equal(errorMessage);
           });
         });
+        
+        describe('when s3 setting do not use key/secret - EC2 IAM Role use case', function() {
+          var conf = {
+            publishAuth: false,
+            s3: {
+              bucket: 'oc-registry',
+              region: 'us-west2'
+            }
+          };
+
+          it('should be valid', function() {
+            expect(validate(conf).isValid).to.be.true;
+          });
+        });
 
         describe('when s3 setting contains all properties', function(){
           var conf = { publishAuth: false, s3: baseS3Conf};