s3: allow anonymous access to public repositories - fixes #154

When setting up the remote, leave both the access key and secret key blank.
2024-12-01 10:31:57 +01:00 · 2015-09-29 09:58:03 +01:00 · 2015-09-29 09:58:03 +01:00 · 9f1daabb2c
commit 9f1daabb2c
parent 938dd24cc9
2 changed files with 50 additions and 7 deletions
--- a/docs/content/s3.md
+++ b/docs/content/s3.md
@ -133,6 +133,44 @@ created in.  If you attempt to access a bucket from the wrong region,
 you will get an error, `incorrect region, the bucket is not in 'XXX'
 region`.

+### Anonymous access to public buckets ###
+
+If you want to use rclone to access a public bucket, configure with a
+blank `access_key_id` and `secret_access_key`.  Eg
+
+```
+e) Edit existing remote
+n) New remote
+d) Delete remote
+q) Quit config
+e/n/d/q> n
+name> anons3
+What type of source is it?
+Choose a number from below
+ 1) amazon cloud drive
+ 2) drive
+ 3) dropbox
+ 4) google cloud storage
+ 5) local
+ 6) s3
+ 7) swift
+type> 6
+AWS Access Key ID - leave blank for anonymous access.
+access_key_id> 
+AWS Secret Access Key (password) - leave blank for anonymous access.
+secret_access_key> 
+Region to connect to.
+region> 1
+endpoint> 
+location_constraint> 
+```
+
+Then use it as normal with the name of the public bucket, eg
+
+    rclone lsd anons3:1000genomes
+
+You will be able to list and copy data but not upload it.
+
 ### Ceph ###

 Ceph is an object storage system which presents an Amazon S3 interface.
--- a/s3/s3.go
+++ b/s3/s3.go
@ -41,10 +41,10 @@ func init() {
 		// AWS endpoints: http://docs.amazonwebservices.com/general/latest/gr/rande.html#s3_region
 		Options: []fs.Option{{
 			Name: "access_key_id",
-			Help: "AWS Access Key ID.",
+			Help: "AWS Access Key ID - leave blank for anonymous access.",
 		}, {
 			Name: "secret_access_key",
-			Help: "AWS Secret Access Key (password). ",
+			Help: "AWS Secret Access Key (password) - leave blank for anonymous access.",
 		}, {
 			Name: "region",
 			Help: "Region to connect to.",
@ -193,14 +193,19 @@ func s3ParsePath(path string) (bucket, directory string, err error) {
 func s3Connection(name string) (*s3.S3, error) {
 	// Make the auth
 	accessKeyID := fs.ConfigFile.MustValue(name, "access_key_id")
-	if accessKeyID == "" {
-		return nil, errors.New("access_key_id not found")
-	}
 	secretAccessKey := fs.ConfigFile.MustValue(name, "secret_access_key")
-	if secretAccessKey == "" {
+	var auth *credentials.Credentials
+	switch {
+	case accessKeyID == "" && secretAccessKey == "":
+		fs.Debug(name, "Using anonymous access for S3")
+		auth = credentials.AnonymousCredentials
+	case accessKeyID == "":
+		return nil, errors.New("access_key_id not found")
+	case secretAccessKey == "":
 		return nil, errors.New("secret_access_key not found")
+	default:
+		auth = credentials.NewStaticCredentials(accessKeyID, secretAccessKey, "")
 	}
-	auth := credentials.NewStaticCredentials(accessKeyID, secretAccessKey, "")

 	endpoint := fs.ConfigFile.MustValue(name, "endpoint")
 	region := fs.ConfigFile.MustValue(name, "region")