s3 credentials: settle on (Access|Secret)KeyFile and (access|secret)_key_file names

Author: ahouene

backends/s3/credentials.go

@@ -16,21 +16,21 @@ type FileSecretsCredentials struct {
 
 	// Path to the field containing the access key,
 	// e.g. /etc/s3-secrets/access-key.
-	AccessKeyFilename string
+	AccessKeyFile string
 
 	// Path to the field containing the secret key,
 	// e.g. /etc/s3-secrets/secret-key.
-	SecretKeyFilename string
+	SecretKeyFile string
 }
 
 // Retrieve implements credentials.Provider.
 // It reads files pointed to by p.AccessKeyFilename and p.SecretKeyFilename.
 func (c *FileSecretsCredentials) Retrieve() (credentials.Value, error) {
-	keyId, err := os.ReadFile(c.AccessKeyFilename)
+	keyId, err := os.ReadFile(c.AccessKeyFile)
 	if err != nil {
 		return credentials.Value{}, err
 	}
-	secretKey, err := os.ReadFile(c.SecretKeyFilename)
+	secretKey, err := os.ReadFile(c.SecretKeyFile)
 	if err != nil {
 		return credentials.Value{}, err
 	}

backends/s3/credentials_test.go

@@ -19,8 +19,8 @@ func TestFileSecretsCredentials(t *testing.T) {
 
 	// Instanciate provider (what we're testing).
 	provider := &s3.FileSecretsCredentials{
-		AccessKeyFilename: filepath.Join(tempDir, "access-key"),
-		SecretKeyFilename: filepath.Join(tempDir, "secret-key"),
+		AccessKeyFile: filepath.Join(tempDir, "access-key"),
+		SecretKeyFile: filepath.Join(tempDir, "secret-key"),
 	}
 
 	// writeFiles creates or overwrites provider files
@@ -40,8 +40,8 @@ func TestFileSecretsCredentials(t *testing.T) {
 				t.Fatal(err)
 			}
 		}
-		writeContent(provider.AccessKeyFilename)
-		writeContent(provider.SecretKeyFilename)
+		writeContent(provider.AccessKeyFile)
+		writeContent(provider.SecretKeyFile)
 	}
 
 	ctx := context.Background()

backends/s3/s3.go

@@ -45,13 +45,15 @@ type Options struct {
 	AccessKey string `yaml:"access_key"`
 	SecretKey string `yaml:"secret_key"`
 
-	// Path to the field containing the access key,
+	// Path to the file containing the access key
+	// as an alternative to AccessKey and SecretKey,
 	// e.g. /etc/s3-secrets/access-key.
-	AccessKeyFilename string `json:"access_key_filename"`
+	AccessKeyFile string `yaml:"access_key_file"`
 
-	// Path to the field containing the secret key,
+	// Path to the field containing the secret key
+	// as an alternative to AccessKey and SecretKey,
 	// e.g. /etc/s3-secrets/secret-key.
-	SecretKeyFilename string `json:"secret_key_filename"`
+	SecretKeyFile string `yaml:"secret_key_file"`
 
 	// Region defaults to "us-east-1", which also works for Minio
 	Region string `yaml:"region"`
@@ -101,7 +103,7 @@ type Options struct {
 }
 
 func (o Options) Check() error {
-	hasSecretsCreds := o.AccessKeyFilename != "" && o.SecretKeyFilename != ""
+	hasSecretsCreds := o.AccessKeyFile != "" && o.SecretKeyFile != ""
 	hasStaticCreds := o.AccessKey != "" && o.SecretKey != ""
 	if !hasSecretsCreds && !hasStaticCreds {
 		return fmt.Errorf("s3 storage.options: credentials are required, fill either (access_key and secret_key) or (access_key_filename and secret_key_filename)")
@@ -350,10 +352,10 @@ func New(ctx context.Context, opt Options) (*Backend, error) {
 	}
 
 	creds := credentials.NewStaticV4(opt.AccessKey, opt.SecretKey, "")
-	if opt.AccessKeyFilename != "" {
+	if opt.AccessKeyFile != "" {
 		creds = credentials.New(&FileSecretsCredentials{
-			AccessKeyFilename: opt.AccessKeyFilename,
-			SecretKeyFilename: opt.SecretKeyFilename,
+			AccessKeyFile: opt.AccessKeyFile,
+			SecretKeyFile: opt.SecretKeyFile,
 		})
 	}