From 5863a6fa6bf7a36fc491d9f33f415f99a7762cea Mon Sep 17 00:00:00 2001 From: Ti Chi Robot Date: Mon, 5 Aug 2024 19:02:08 +0800 Subject: [PATCH] br: fix backup to aliyum OSS not support ak/sk as env (#54150) (#54994) close pingcap/tidb#45551 --- br/pkg/storage/s3.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/br/pkg/storage/s3.go b/br/pkg/storage/s3.go index f5ffdbf463601..3987512b2a0a2 100644 --- a/br/pkg/storage/s3.go +++ b/br/pkg/storage/s3.go @@ -289,10 +289,22 @@ func autoNewCred(qs *backuppb.S3) (cred *credentials.Credentials, err error) { func createOssRAMCred() (*credentials.Credentials, error) { cred, err := aliproviders.NewInstanceMetadataProvider().Retrieve() if err != nil { - return nil, errors.Annotate(err, "Alibaba RAM Provider Retrieve") + log.Warn("failed to get aliyun ram credential", zap.Error(err)) + return nil, nil + } + var aliCred, ok = cred.(*alicred.StsTokenCredential) + if !ok { + return nil, errors.Errorf("invalid credential type %T", cred) + } + newCred := credentials.NewChainCredentials([]credentials.Provider{ + &credentials.EnvProvider{}, + &credentials.SharedCredentialsProvider{}, + &credentials.StaticProvider{Value: credentials.Value{AccessKeyID: aliCred.AccessKeyId, SecretAccessKey: aliCred.AccessKeySecret, SessionToken: aliCred.AccessKeyStsToken, ProviderName: ""}}, + }) + if _, err := newCred.Get(); err != nil { + return nil, errors.Trace(err) } - ncred := cred.(*alicred.StsTokenCredential) - return credentials.NewStaticCredentials(ncred.AccessKeyId, ncred.AccessKeySecret, ncred.AccessKeyStsToken), nil + return newCred, nil } // NewS3Storage initialize a new s3 storage for metadata.