Public accessible bucket requires a credentials secret #219
Description
Describe the bug
Using the ObjectBucket subscriber with public accessible buckets requires a credentials secret in place.
To Reproduce
- Create a public accessible bucket with a publicly accessible resource YAML file.s in it.
- Create a Channel referencing the above bucket - Without configuring the
spec.secretRefkey. - Create a Subscription referencing the above Channel.
- Deploy the application to the Hub cluster.
Expected behavior
The secret reference should not be mandatory for public accessible buckets,
this is not the case for neither the Git nor the HelmRepo subscriber types.
Environment ie: Kubernetes version:
OpenShift 4.7.36
Kubernetes 1.20
Additional context
As far as my short investigation,
this gets cut on the Hub at the dry-run stage before propagating the Subscription.
First failure occurs here:
if err := awshandler.InitObjectStoreConnection(endpoint, accessKeyID, secretAccessKey, region); err != nil {if no secret is configured, the region variable remains an empty string and fails InitObjectStoreConnection.
At this point, I tried to configure a partial secret, one containing only the Region key and not the AccessKeyID nor the SecretAccessKey keys.
That got me passed the above failure but then it failed again, I think it failed the next statement:
if err := awshandler.Exists(bucket); err != nil {But I'm not sure and I accedentily deleted my notes, anyway, adding the AccessKeyID and the SecretAccessKey keys, although not required for accessing the bucket, solves the issue.