feat(reporter/s3): support minio

config/awsconf.go

@@ -10,12 +10,36 @@ import (
 
 // AWSConf is aws config
 type AWSConf struct {
-	// AWS profile to use
-	Profile string `json:"profile"`
+	// AWS S3 Endpoint to use
+	S3Endpoint string `json:"s3Endpoint"`
 
 	// AWS region to use
 	Region string `json:"region"`
 
+	// AWS profile to use
+	Profile string `json:"profile"`
+
+	// AWS config files to use
+	ConfigFiles []string `json:"configFiles"`
+
+	// AWS credential files to use
+	CredentialFiles []string `json:"credentialFiles"`
+
+	// use credential provider
+	CredentialProvider CredentialProviderType `json:"credentialProvider"`
+
+	// The access key ID that identifies the temporary security credentials. (credential provider type: static only)
+	AccessKeyID string `json:"accessKeyID"`
+
+	// The secret access key that can be used to sign requests. (credential provider type: static only)
+	SecretAccessKey string `json:"secretAccessKey"`
+
+	// The token that users must pass to the service API to use the temporary (credential provider type: static only)
+	SessionToken string `json:"sessionToken"`
+
+	// endpoint for credential provider (credential provider type: endpoint only)
+	CredentialEndpoint string `json:"credentialEndpoint"`
+
 	// S3 bucket name
 	S3Bucket string `json:"s3Bucket"`
 
@@ -25,16 +49,52 @@ type AWSConf struct {
 	// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
 	S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
 
+	// use s3 path style
+	S3UsePathStyle bool `json:"s3UsePathStyle"`
+
 	// report s3 enable
 	Enabled bool `toml:"-" json:"-"`
 }
 
+// CredentialProviderType is credential provider type
+type CredentialProviderType string
+
+const (
+	// CredentialProviderAnonymous is credential provider type: anonymous
+	CredentialProviderAnonymous CredentialProviderType = "anonymous"
+	// CredentialProviderEC2Metadata is credential provider type: ec2metadata
+	CredentialProviderEC2Metadata CredentialProviderType = "ec2metadata"
+	// CredentialProviderStatic is credential provider type: static
+	CredentialProviderStatic CredentialProviderType = "static"
+	// CredentialProviderEndpoint is credential provider type: endpoint
+	CredentialProviderEndpoint CredentialProviderType = "endpoint"
+)
+
 // Validate configuration
 func (c *AWSConf) Validate() (errs []error) {
 	if !c.Enabled {
 		return
 	}
 
+	switch c.CredentialProvider {
+	case CredentialProviderType(""):
+	case CredentialProviderAnonymous:
+	case CredentialProviderEC2Metadata:
+	case CredentialProviderStatic:
+		if c.AccessKeyID == "" {
+			errs = append(errs, fmt.Errorf("AccessKeyID is empty"))
+		}
+		if c.SecretAccessKey == "" {
+			errs = append(errs, fmt.Errorf("SecretAccessKey is empty"))
+		}
+	case CredentialProviderEndpoint:
+		if c.CredentialEndpoint == "" {
+			errs = append(errs, fmt.Errorf("CredentialEndpoint is empty"))
+		}
+	default:
+		errs = append(errs, fmt.Errorf("CredentialProvider: %s is not supported", c.CredentialProvider))
+	}
+
 	if c.S3Bucket == "" {
 		errs = append(errs, fmt.Errorf("S3Bucket is empty"))
 

reporter/s3.go

@@ -12,6 +12,9 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsConfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go-v2/credentials/endpointcreds"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"golang.org/x/xerrors"
@@ -33,17 +36,41 @@ type S3Writer struct {
 
 func (w S3Writer) getS3() (*s3.Client, error) {
 	var optFns []func(*awsConfig.LoadOptions) error
+	if w.S3Endpoint != "" {
+		optFns = append(optFns, awsConfig.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+			return aws.Endpoint{URL: w.S3Endpoint}, nil
+		})))
+	}
 	if w.Region != "" {
 		optFns = append(optFns, awsConfig.WithRegion(w.Region))
 	}
 	if w.Profile != "" {
 		optFns = append(optFns, awsConfig.WithSharedConfigProfile(w.Profile))
 	}
+	if len(w.ConfigFiles) > 0 {
+		optFns = append(optFns, awsConfig.WithSharedConfigFiles(w.ConfigFiles))
+	}
+	if len(w.CredentialFiles) > 0 {
+		optFns = append(optFns, awsConfig.WithSharedCredentialsFiles(w.CredentialFiles))
+	}
+	switch w.CredentialProvider {
+	case "":
+	case config.CredentialProviderAnonymous:
+		optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.AnonymousCredentials{}))
+	case config.CredentialProviderEC2Metadata:
+		optFns = append(optFns, awsConfig.WithCredentialsProvider(aws.NewCredentialsCache(ec2rolecreds.New())))
+	case config.CredentialProviderStatic:
+		optFns = append(optFns, awsConfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(w.AccessKeyID, w.SecretAccessKey, w.SessionToken)))
+	case config.CredentialProviderEndpoint:
+		optFns = append(optFns, awsConfig.WithCredentialsProvider(endpointcreds.New(w.CredentialEndpoint)))
+	default:
+		return nil, xerrors.Errorf("CredentialProvider: %s is not supported", w.CredentialProvider)
+	}
 	cfg, err := awsConfig.LoadDefaultConfig(context.TODO(), optFns...)
 	if err != nil {
 		return nil, xerrors.Errorf("Failed to load config. err: %w", err)
 	}
-	return s3.NewFromConfig(cfg), nil
+	return s3.NewFromConfig(cfg, func(o *s3.Options) { o.UsePathStyle = w.S3UsePathStyle }), nil
 }
 
 // Write results to S3

subcmds/discover.go

@@ -152,11 +152,20 @@ func printConfigToml(ips []string) (err error) {
 
 # https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
 #[aws]
-#profile                = "default"
+#s3Endpoint             = "http://localhost:9000"
 #region                 = "ap-northeast-1"
+#profile                = "default"
+#configFiles            = ["/home/vuls/.aws/config"]
+#credentialFiles        = ["/home/vuls/.aws/credentials"]
+#credentialProvider       = "ec2metadata"
+#accessKeyID            = "AKIAIOSFODNN7EXAMPLE"
+#secretAccessKey        = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+#sessionToken           = "AQoEXAMPLEH4aoAH0gNCAPy...truncated...zrkuWJOgQs8IZZaIv2BXIa2R4Olgk"
+#credentialEndpoint     = "http://localhost:8000"
 #s3Bucket               = "vuls"
 #s3ResultsDir           = "/path/to/result"
 #s3ServerSideEncryption = "AES256"
+#s3UsePathStyle         = false
 
 # https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
 #[azure]