From 1c5fa521f015c615bec2e6c19d1bc59a3c41f78d Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Wed, 24 Sep 2014 23:41:42 -0230
Subject: [PATCH 1/6] adding support for x-amz-security-token to be sent when
 set in config or env

---
 src/http_connection.c | 6 ++++++
 src/main.c            | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/http_connection.c b/src/http_connection.c
index bf1cac8..46aae4e 100644
--- a/src/http_connection.c
+++ b/src/http_connection.c
@@ -670,6 +670,7 @@ gboolean http_connection_make_request (HttpConnection *con,
     gpointer ctx)
 {
     gchar *auth_str;
+    gchar *session_token;
     struct evhttp_request *req;
     gchar auth_key[300];
     time_t t;
@@ -690,6 +691,11 @@ gboolean http_connection_make_request (HttpConnection *con,
             return FALSE;
         }
 
+    session_token = conf_get_string (application_get_conf (con->app), "s3.session_token");
+    if (session_token) {
+        http_connection_add_output_header (con, "x-amz-security-token", session_token);
+    }
+
     // if this is the first request
     if (!parent_request_data) {
 
diff --git a/src/main.c b/src/main.c
index a564ce7..6e920af 100644
--- a/src/main.c
+++ b/src/main.c
@@ -284,7 +284,7 @@ static void sigusr1_cb (G_GNUC_UNUSED evutil_socket_t sig, G_GNUC_UNUSED short e
         LOG_err (APP_LOG, "Failed to parse configuration file: %s", _app->conf_path);
         conf_destroy(conf_new);
     } else {
-        const gchar *copy_entries[] = {"s3.host", "s3.port", "s3.versioning", "s3.access_key_id", "s3.secret_access_key", "s3.bucket_name", NULL};
+        const gchar *copy_entries[] = {"s3.host", "s3.port", "s3.versioning", "s3.access_key_id", "s3.secret_access_key", "s3.session_token", "s3.bucket_name", NULL};
         int i;
 
         _app->conf = conf_new;
@@ -850,6 +850,9 @@ int main (int argc, char *argv[])
             return -1;
         }
     }
+    if (getenv("AWS_SESSION_TOKEN")) {
+        conf_set_string (app->conf, "s3.security_token", getenv ("AWS_SESSION_TOKEN"));
+    }
 
     // check if both strings are set
     if (!conf_get_string (app->conf, "s3.access_key_id") || !conf_get_string (app->conf, "s3.secret_access_key")) {

From 4d522210ca7704fe1663400b207ec96b276e86ec Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Wed, 24 Sep 2014 23:59:32 -0230
Subject: [PATCH 2/6] correct wrong config key name

---
 src/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.c b/src/main.c
index 6e920af..f2d123a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -851,7 +851,7 @@ int main (int argc, char *argv[])
         }
     }
     if (getenv("AWS_SESSION_TOKEN")) {
-        conf_set_string (app->conf, "s3.security_token", getenv ("AWS_SESSION_TOKEN"));
+        conf_set_string (app->conf, "s3.session_token", getenv ("AWS_SESSION_TOKEN"));
     }
 
     // check if both strings are set

From f7c4dfaa051708a996c21a83cbe1fa24cc72e8dd Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Thu, 25 Sep 2014 00:18:51 -0230
Subject: [PATCH 3/6] correct checking for session token config

---
 src/http_connection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/http_connection.c b/src/http_connection.c
index 46aae4e..3894815 100644
--- a/src/http_connection.c
+++ b/src/http_connection.c
@@ -691,8 +691,8 @@ gboolean http_connection_make_request (HttpConnection *con,
             return FALSE;
         }
 
-    session_token = conf_get_string (application_get_conf (con->app), "s3.session_token");
-    if (session_token) {
+    if (conf_node_exists (application_get_conf (con->ap), "s3.session_token")) {
+        session_token = conf_get_string (application_get_conf (con->app), "s3.session_token");
         http_connection_add_output_header (con, "x-amz-security-token", session_token);
     }
 

From d9173af9c9a33e65ac0d5b9c254d5f579b7e2de1 Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Thu, 25 Sep 2014 00:21:17 -0230
Subject: [PATCH 4/6] correct variable name typo

---
 src/http_connection.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/http_connection.c b/src/http_connection.c
index 3894815..2bcd1c5 100644
--- a/src/http_connection.c
+++ b/src/http_connection.c
@@ -691,7 +691,7 @@ gboolean http_connection_make_request (HttpConnection *con,
             return FALSE;
         }
 
-    if (conf_node_exists (application_get_conf (con->ap), "s3.session_token")) {
+    if (conf_node_exists (application_get_conf (con->app), "s3.session_token")) {
         session_token = conf_get_string (application_get_conf (con->app), "s3.session_token");
         http_connection_add_output_header (con, "x-amz-security-token", session_token);
     }

From ef6ddabfb47a501eeea886f38ff4fbadacb13c23 Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Thu, 25 Sep 2014 00:34:59 -0230
Subject: [PATCH 5/6] Update README and default config xml

---
 README.md      | 5 +++++
 riofs.conf.xml | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 70e14e2..7f92c23 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,11 @@ riofs [options] [bucketname] [mountpoint]
 
 * Send a TERM signal to unmount filesystem and terminate running RioFS instance (example: ```killall riofs```)
 
+* To use with IAM roles:
+    - acquire the credentials from http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLENAME] 
+    - in addition to the AWS_ACCESS_KEY_ID, AWS_SECRET_KEY environment variables, also assign the token to AWS_SESSION_TOKEN
+    - alternatively use the session_token element in the xml configuration file
+
 ### Known limitations
 
 * Appending data to an existing file is not supported.
diff --git a/riofs.conf.xml b/riofs.conf.xml
index 53994c7..8b02033 100644
--- a/riofs.conf.xml
+++ b/riofs.conf.xml
@@ -50,6 +50,12 @@
     <access_key_id type="string">### AWS Access Key ID ###</access_key_id>
     <secret_access_key type="string">### AWS Secret Access Key ###</secret_access_key>
     -->
+
+    <!-- If using with IAM roles, use the AWS_SESSION_TOKEN environment variable or configuration file.
+         Uncomment the following line and replace ### strings with your data: -->
+    <!--
+    <session_token type="string">### Session Token ###</session_token>
+    -->
 </s3>
 
 <connection>

From 8cbf9a4e899aa42f04f9610f225a54b0338e5c20 Mon Sep 17 00:00:00 2001
From: Lloyd Cotten <lloyd@lloydcotten.com>
Date: Thu, 25 Sep 2014 00:37:50 -0230
Subject: [PATCH 6/6] Make line spacing better in README.md

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 7f92c23..f39ef14 100644
--- a/README.md
+++ b/README.md
@@ -69,8 +69,11 @@ riofs [options] [bucketname] [mountpoint]
 * Send a TERM signal to unmount filesystem and terminate running RioFS instance (example: ```killall riofs```)
 
 * To use with IAM roles:
+
     - acquire the credentials from http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLENAME] 
+
     - in addition to the AWS_ACCESS_KEY_ID, AWS_SECRET_KEY environment variables, also assign the token to AWS_SESSION_TOKEN
+
     - alternatively use the session_token element in the xml configuration file
 
 ### Known limitations