Merge pull request #6 from hanazuki/s3compat

--endpoint-url and --force-path-style options

README.adoc

@@ -44,6 +44,12 @@ systemd-socket-activate -d -l 69 s3tftpd s3://bucket/prefix/
 *--accelerate*::
   Tells s3tftpd to use S3 Transfer Acceleration. The bucket must be enabled for acceleration.
 
+*--endpoint-url*=_URL_::
+  Tells s3tftpd to use the given URL instead of the default S3 endpoint. Used when accessing S3 thourgh interface endpoints or connecting to S3-compatible object storage.
+
+*--force-path-style*::
+  Tells s3tftpd to use the path-style URLs when accessing objects. Useful when connecting to S3-compatible object storage.
+
 *--single-port*::
   [experimantal] Tells s3tftpd to use a single port for all the connections. By default, s3tftpd responds each request with a random source port as defined by the protocol standard. But packets from random port is often blocked by firewalls or NAT gateways between the client and the server. When this flag is set, s3tftpd responds back with the same port as it listens for the incoming requests, so that the response packet is likely allowed by the firewalls.
 
@@ -60,6 +66,10 @@ systemd-socket-activate -d -l 69 s3tftpd s3://bucket/prefix/
 
 `s3tftpd` retrieves AWS credentials from the https://docs.aws.amazon.com/sdk-for-go/api/aws/session/#hdr-Environment_Variables[`AWS_*` environment variables], shared credentials file or EC2/ECS metadata service in this order. Because of the nature of TFTP `s3tftpd` has no mechanisms of client authentication. Access controls on the objects should be enforced using IAM Policies and S3 Bucket Policies and appropriate network-level access control should be performed.
 
+== S3-compatible object storage
+
+`s3tftpd` may work with some object storage with S3-compliant interface, such as https://min.io/[MinIO]. To use other object storage than Amazon S3, pass the custom endpoint URL to `--endpoint-url` option and, depending on the set up, specify `--force-path-style` to turn off virtual hosted-style requests.
+
 == Docker container
 
 Prebuilt container images are available at https://github.com/users/hanazuki/packages/container/package/s3tftpd[GitHub Container Registry]. Available tags are `latest` (the latest release), `testing` (master branch), and each versioned release.

debian/changelog

@@ -1,3 +1,9 @@
+s3tftpd (0.4.2) UNRELEASED; urgency=medium
+
+  * Add --endpoint-url and --force-path-style options to use custom object storage
+
+ -- Kasumi Hanazuki <[email protected]>  Tue, 07 Sep 2021 12:11:25 +0000
+
 s3tftpd (0.4.1) unstable; urgency=medium
 
   * Fix that --anticipate did not work

main.go

@@ -24,18 +24,20 @@ import (
 )
 
 type Args struct {
-	S3uri url.URL `arg required name:"S3URI" help:"s3:// URI that identifies the target bucket and optional key prefix"`
-
-	Region      string `name:"region" help:"AWS region where the bucket resides" placeholder:"REGION"`
-	Retries     int    `short:"r" name:"retries" default:"5" help:"Number of retransmissions before the server disconnect the session"`
-	Timeout     int    `short:"t" name:"timeout" default:"5000" help:"Timeout in milliseconds before the server retransmits a packet"`
-	BlockSize   int    `short:"b" name:"blocksize" default:"512" help:"Maximum permitted block size in octets"`
-	Anticipate  uint   `name:"anticipate" default:"0" help:"Size of anticipation window. Set 0 to disable sender anticipation (experimental)"`
-	NoDualStack bool   `name:"no-dualstack" help:"Disable S3 dualstack endpoint"`
-	Accelerate  bool   `name:"accelerate" help:"Enable S3 Transfer Acceleration"`
-	SinglePort  bool   `name:"single-port" help:"Serve all connections on a single UDP socket (experimental)"`
-	Verbosity   int    `short:"v" name:"verbosity" default:"7" help:"Verbosity level for logging (0..8)"`
-	DebugApi    bool   `name:"debug-api" env:"AWS_DEBUG" help:"Enable logging AWS API calls"`
+	S3uri url.URL `arg:"" required:"" name:"S3URI" help:"s3:// URI that identifies the target bucket and optional key prefix"`
+
+	Region         string `name:"region" help:"AWS region where the bucket resides" placeholder:"REGION"`
+	Retries        int    `short:"r" name:"retries" default:"5" help:"Number of retransmissions before the server disconnect the session"`
+	Timeout        int    `short:"t" name:"timeout" default:"5000" help:"Timeout in milliseconds before the server retransmits a packet"`
+	BlockSize      int    `short:"b" name:"blocksize" default:"512" help:"Maximum permitted block size in octets"`
+	Anticipate     uint   `name:"anticipate" default:"0" help:"Size of anticipation window. Set 0 to disable sender anticipation (experimental)"`
+	NoDualStack    bool   `name:"no-dualstack" help:"Disable S3 dualstack endpoint"`
+	Accelerate     bool   `name:"accelerate" help:"Enable S3 Transfer Acceleration"`
+	EndpointURL    string `name:"endpoint-url" help:"Use custom endpoint URL instead of default S3 endpoint"`
+	ForcePathStyle bool   `name:"force-path-style" help:"Use path-style URLs to access objects"`
+	SinglePort     bool   `name:"single-port" help:"Serve all connections on a single UDP socket (experimental)"`
+	Verbosity      int    `short:"v" name:"verbosity" default:"7" help:"Verbosity level for logging (0..8)"`
+	DebugApi       bool   `name:"debug-api" env:"AWS_DEBUG" help:"Enable logging AWS API calls"`
 }
 
 type Config struct {
@@ -50,12 +52,17 @@ func (c *Config) awsConfig() *aws.Config {
 	awsConfig := defaults.Get().Config.
 		WithUseDualStack(!c.NoDualStack).
 		WithS3UseAccelerate(c.Accelerate).
+		WithS3ForcePathStyle(c.ForcePathStyle).
 		WithLogLevel(c.awsLogLevel())
 
 	if c.Region != "" {
 		awsConfig = awsConfig.WithRegion(c.Region)
 	}
 
+	if c.EndpointURL != "" {
+		awsConfig = awsConfig.WithEndpoint(c.EndpointURL)
+	}
+
 	return awsConfig
 }