From 3f23c7324e1003a2e6cff5be16b1c648dd232ab4 Mon Sep 17 00:00:00 2001
From: Frank Jogeleit <frank.jogeleit@web.de>
Date: Thu, 12 Oct 2023 21:14:37 +0200
Subject: [PATCH] Fix AWS target check

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---
 pkg/config/target_factory.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/config/target_factory.go b/pkg/config/target_factory.go
index cf8b3c71..f88c996a 100644
--- a/pkg/config/target_factory.go
+++ b/pkg/config/target_factory.go
@@ -598,7 +598,7 @@ func (f *TargetFactory) createS3Client(config, parent *S3) target.Client {
 	}
 
 	config.MapAWSParent(parent.AWSConfig)
-	if config.Endpoint == "" {
+	if config.Endpoint == "" && !hasAWSIdentity() {
 		return nil
 	}
 
@@ -902,11 +902,15 @@ func NewTargetFactory(secretClient secrets.Client) *TargetFactory {
 	return &TargetFactory{secretClient: secretClient}
 }
 
-func checkAWSConfig(name string, config AWSConfig, parent AWSConfig) error {
+func hasAWSIdentity() bool {
 	arn := os.Getenv("AWS_ROLE_ARN")
 	file := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
 
-	noEnvConfig := arn == "" && file == ""
+	return arn != "" && file != ""
+}
+
+func checkAWSConfig(name string, config AWSConfig, parent AWSConfig) error {
+	noEnvConfig := !hasAWSIdentity()
 
 	if noEnvConfig && (config.AccessKeyID == "" && parent.AccessKeyID == "") {
 		return fmt.Errorf("%s.AccessKeyID has not been declared", name)