feat(reporter/s3): support minio (#1930)

* feat(reporter/s3): support minio * feat(reporter/s3): disable config/credential: file and some providers
future-architect · May 28, 2024 · db2c502 · db2c502
1 parent 337eb0b
commit db2c502
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 4 deletions.
diff --git a/config/awsconf.go b/config/awsconf.go
@@ -10,12 +10,18 @@ import (
 
 // AWSConf is aws config
 type AWSConf struct {
-	// AWS profile to use
-	Profile string `json:"profile"`
+	// AWS S3 Endpoint to use
+	S3Endpoint string `json:"s3Endpoint"`
 
 	// AWS region to use
 	Region string `json:"region"`
 
+	// AWS profile to use
+	Profile string `json:"profile"`
+
+	// use credential provider
+	CredentialProvider CredentialProviderType `json:"credentialProvider"`
+
 	// S3 bucket name
 	S3Bucket string `json:"s3Bucket"`
 
@@ -25,16 +31,34 @@ type AWSConf struct {
 	// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
 	S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
 
+	// use s3 path style
+	S3UsePathStyle bool `json:"s3UsePathStyle"`
+
 	// report s3 enable
 	Enabled bool `toml:"-" json:"-"`
 }
 
+// CredentialProviderType is credential provider type
+type CredentialProviderType string
+
+const (
+	// CredentialProviderAnonymous is credential provider type: anonymous
+	CredentialProviderAnonymous CredentialProviderType = "anonymous"
+)
+
 // Validate configuration
 func (c *AWSConf) Validate() (errs []error) {
 	if !c.Enabled {
 		return
 	}
 
+	switch c.CredentialProvider {
+	case CredentialProviderType(""):
+	case CredentialProviderAnonymous:
+	default:
+		errs = append(errs, fmt.Errorf("CredentialProvider: %s is not supported", c.CredentialProvider))
+	}
+
 	if c.S3Bucket == "" {
 		errs = append(errs, fmt.Errorf("S3Bucket is empty"))
 

diff --git a/reporter/s3.go b/reporter/s3.go
@@ -33,17 +33,29 @@ type S3Writer struct {
 
 func (w S3Writer) getS3() (*s3.Client, error) {
 	var optFns []func(*awsConfig.LoadOptions) error
+	if w.S3Endpoint != "" {
+		optFns = append(optFns, awsConfig.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+			return aws.Endpoint{URL: w.S3Endpoint}, nil
+		})))
+	}
 	if w.Region != "" {
 		optFns = append(optFns, awsConfig.WithRegion(w.Region))
 	}
 	if w.Profile != "" {
 		optFns = append(optFns, awsConfig.WithSharedConfigProfile(w.Profile))
 	}
+	switch w.CredentialProvider {
+	case "":
+	case config.CredentialProviderAnonymous:
+		optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.AnonymousCredentials{}))
+	default:
+		return nil, xerrors.Errorf("CredentialProvider: %s is not supported", w.CredentialProvider)
+	}
 	cfg, err := awsConfig.LoadDefaultConfig(context.TODO(), optFns...)
 	if err != nil {
 		return nil, xerrors.Errorf("Failed to load config. err: %w", err)
 	}
-	return s3.NewFromConfig(cfg), nil
+	return s3.NewFromConfig(cfg, func(o *s3.Options) { o.UsePathStyle = w.S3UsePathStyle }), nil
 }
 
 // Write results to S3

diff --git a/subcmds/discover.go b/subcmds/discover.go
@@ -152,11 +152,14 @@ func printConfigToml(ips []string) (err error) {
 
 # https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
 #[aws]
-#profile                = "default"
+#s3Endpoint             = "http://localhost:9000"
 #region                 = "ap-northeast-1"
+#profile                = "default"
+#credentialProvider     = "anonymous"
 #s3Bucket               = "vuls"
 #s3ResultsDir           = "/path/to/result"
 #s3ServerSideEncryption = "AES256"
+#s3UsePathStyle         = false
 
 # https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
 #[azure]