From 01996141ad30d6cb1bfddd73b7adcaf7729f7a0f Mon Sep 17 00:00:00 2001 From: Michael Meidlinger Date: Sun, 16 Feb 2025 21:51:48 +0000 Subject: [PATCH 1/2] Allow boto to get S3 credentials for backups from environment variables if access key is blank (#2260) In case that no static AWS credentials are specified, we try to create the boto3 client without explicitly passing static credentials. This way, we can benedit from dynamic credentials in AWS environments (e.g. using EC2 instance roles) --- management/backup.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/management/backup.py b/management/backup.py index ac16eade..311db3c3 100755 --- a/management/backup.py +++ b/management/backup.py @@ -519,10 +519,13 @@ def list_target_files(config): # connect to the region & bucket try: - s3 = boto3.client('s3', \ - endpoint_url=f'https://{target.hostname}', \ - aws_access_key_id=config['target_user'], \ - aws_secret_access_key=config['target_pass']) + if config['target_user'] == "" and config['target_pass'] == "": + s3 = boto3.client('s3', endpoint_url=f'https://{target.hostname}') + else: + s3 = boto3.client('s3', \ + endpoint_url=f'https://{target.hostname}', \ + aws_access_key_id=config['target_user'], \ + aws_secret_access_key=config['target_pass']) bucket_objects = s3.list_objects_v2(Bucket=bucket, Prefix=path)['Contents'] backup_list = [(key['Key'][len(path):], key['Size']) for key in bucket_objects] except ClientError as e: From a81c18666f6bc2544900cf726b17bed96addc4ce Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 16 Feb 2025 23:01:51 +0100 Subject: [PATCH 2/2] Clear credentials and reset menu after receiving 403 (#2477) --- management/templates/index.html | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/management/templates/index.html b/management/templates/index.html index a468ffb9..42e7d636 100644 --- a/management/templates/index.html +++ b/management/templates/index.html @@ -392,7 +392,9 @@ function api(url, method, data, callback, callback_error, headers) { 403: function(xhr) { // Credentials are no longer valid. Try to login again. var p = current_panel; + clear_credentials(); show_panel('login'); + show_hide_menus(); switch_back_to_panel = p; } } @@ -402,16 +404,21 @@ function api(url, method, data, callback, callback_error, headers) { var current_panel = null; var switch_back_to_panel = null; -function do_logout() { - // Clear the session from the backend. - api("/logout", "POST"); - +function clear_credentials() { // Forget the token. api_credentials = null; if (typeof localStorage != 'undefined') localStorage.removeItem("miab-cp-credentials"); if (typeof sessionStorage != 'undefined') sessionStorage.removeItem("miab-cp-credentials"); +} + +function do_logout() { + // Clear the session from the backend. + api("/logout", "POST"); + + // Remove locally stored credentials + clear_credentials(); // Return to the start. show_panel('login');