From c9a724829a202cfcb685eaaa7b4529e69acf3ff9 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Mon, 14 Dec 2020 12:46:03 -0500
Subject: [PATCH 1/4] Resolves #24699, Support ES2 and ECS instance providers
 for S3 buckets

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 lib/private/Files/ObjectStore/S3ConnectionTrait.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index 6b469860de..f23bcbc675 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -104,8 +104,7 @@ trait S3ConnectionTrait {
 		$provider = CredentialProvider::memoize(
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
-				CredentialProvider::env(),
-				CredentialProvider::instanceProfile()
+				CredentialProvider::defaultProvider()
 			)
 		);
 

From 5750d79181885d24654dda4ecf81bedeaa6aeb34 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Mon, 14 Dec 2020 16:20:30 -0500
Subject: [PATCH 2/4] Replace defaultProvider with explicit calls to exclude
 user home directory lookup

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 .../Files/ObjectStore/S3ConnectionTrait.php      | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index f23bcbc675..1a36683a30 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -32,6 +32,7 @@ namespace OC\Files\ObjectStore;
 
 use Aws\ClientResolver;
 use Aws\Credentials\CredentialProvider;
+use Aws\Credentials\EcsCredentialProvider;
 use Aws\Credentials\Credentials;
 use Aws\Exception\CredentialsException;
 use Aws\S3\Exception\S3Exception;
@@ -104,10 +105,23 @@ trait S3ConnectionTrait {
 		$provider = CredentialProvider::memoize(
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
-				CredentialProvider::defaultProvider()
+				CredentialProvider::env(),
+				CredentialProvider::instanceProfile()
 			)
 		);
 
+		// If running in an ECS environment, then also include the ECS task role in the chain
+		if (!empty(getenv(EcsCredentialProvider::ENV_URI))) {
+			$provider = CredentialProvider::memoize(
+				CredentialProvider::chain(
+					$this->paramCredentialProvider(),
+					CredentialProvider::env(),
+					CredentialProvider::ecsCredentials(),
+					CredentialProvider::instanceProfile()
+				)
+			);
+		}
+
 		$options = [
 			'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
 			'credentials' => $provider,

From b65b2bbf550f3947620de6e33d5ca505b7be6414 Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Tue, 15 Dec 2020 16:37:46 -0500
Subject: [PATCH 3/4] Add web identity provider to S3 connection chain

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 .../Files/ObjectStore/S3ConnectionTrait.php     | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index 1a36683a30..9261dd5d13 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -106,22 +106,13 @@ trait S3ConnectionTrait {
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
 				CredentialProvider::env(),
-				CredentialProvider::instanceProfile()
+				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider()
+				!empty(getenv(EcsCredentialProvider::ENV_URI))
+					? CredentialProvider::ecsCredentials()
+					: CredentialProvider::instanceProfile()
 			)
 		);
 
-		// If running in an ECS environment, then also include the ECS task role in the chain
-		if (!empty(getenv(EcsCredentialProvider::ENV_URI))) {
-			$provider = CredentialProvider::memoize(
-				CredentialProvider::chain(
-					$this->paramCredentialProvider(),
-					CredentialProvider::env(),
-					CredentialProvider::ecsCredentials(),
-					CredentialProvider::instanceProfile()
-				)
-			);
-		}
-
 		$options = [
 			'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
 			'credentials' => $provider,

From 74d90d01654171fbc085216180da378327d64b7b Mon Sep 17 00:00:00 2001
From: James Letendre <James.Letendre@gmail.com>
Date: Tue, 15 Dec 2020 19:06:06 -0500
Subject: [PATCH 4/4] Fix failing tests

Signed-off-by: James Letendre <james.letendre@gmail.com>
---
 lib/private/Files/ObjectStore/S3ConnectionTrait.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index 9261dd5d13..d88ef0ac8e 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -106,7 +106,7 @@ trait S3ConnectionTrait {
 			CredentialProvider::chain(
 				$this->paramCredentialProvider(),
 				CredentialProvider::env(),
-				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider()
+				CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(),
 				!empty(getenv(EcsCredentialProvider::ENV_URI))
 					? CredentialProvider::ecsCredentials()
 					: CredentialProvider::instanceProfile()