From ad9b0c7f873ce2f31429b9e774a8a6a3369986f0 Mon Sep 17 00:00:00 2001 From: Aditya Maru Date: Mon, 28 Dec 2020 19:28:24 -0500 Subject: [PATCH] cloudimpl: fix SHOW BACKUP when AUTH="" for s3 When the AUTH param for an s3 URI is left unset, it defaults to specified. This case was missed when checking if an operation such as show backup required a user with admin role. It is important to note that when AUTH is left empty for GS URIs it defaults to reading from the cluster settings or env variables and so we consider it implicit authentication. Fixes: #58190 Release note: None --- pkg/storage/cloudimpl/external_storage.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/storage/cloudimpl/external_storage.go b/pkg/storage/cloudimpl/external_storage.go index 05f7458feeaf..e8ac2e025619 100644 --- a/pkg/storage/cloudimpl/external_storage.go +++ b/pkg/storage/cloudimpl/external_storage.go @@ -376,7 +376,7 @@ func AccessIsWithExplicitAuth(path string) (bool, string, error) { switch uri.Scheme { case "s3": auth := uri.Query().Get(AuthParam) - hasExplicitAuth = auth == AuthParamSpecified + hasExplicitAuth = auth == AuthParamSpecified || auth == "" // If a custom endpoint has been specified in the S3 URI then this is no // longer an explicit AUTH.