Storage / S3: Only pass key and secret if defined (#16942)

* Only pass key and secret if defined Otherwise, use machine config * Make conditions more readable * Opionated formatting tweaks Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
2026-04-25 03:00:53 -04:00 · 2023-01-06 17:59:26 +00:00
parent b0350d3ce0
commit d928275447
2 changed files with 38 additions and 6 deletions
--- a/packages/storage-driver-s3/src/index.test.ts
+++ b/packages/storage-driver-s3/src/index.test.ts
@@ -113,6 +113,32 @@ afterEach(() => {
 });

 describe('#constructor', () => {
+	test('Throws error if key defined but secret missing', () => {
+		try {
+			new DriverS3({ key: 'key', bucket: 'bucket' });
+		} catch (err: any) {
+			expect(err).toBeInstanceOf(Error);
+			expect(err.message).toBe('Both `key` and `secret` are required when defined');
+		}
+	});
+
+	test('Throws error if secret defined but key missing', () => {
+		try {
+			new DriverS3({ secret: 'secret', bucket: 'bucket' });
+		} catch (err: any) {
+			expect(err).toBeInstanceOf(Error);
+			expect(err.message).toBe('Both `key` and `secret` are required when defined');
+		}
+	});
+
+	test('Creates S3Client without key / secret (based on machine config)', () => {
+		const driver = new DriverS3({ bucket: 'bucket' });
+
+		expect(S3Client).toHaveBeenCalledWith({});
+
+		expect(driver['client']).toBeInstanceOf(S3Client);
+	});
+
 	test('Creates S3Client with key / secret configuration', () => {
 		expect(S3Client).toHaveBeenCalledWith({
 			credentials: {
--- a/packages/storage-driver-s3/src/index.ts
+++ b/packages/storage-driver-s3/src/index.ts
@@ -22,8 +22,8 @@ import type { Readable } from 'node:stream';

 export type DriverS3Config = {
 	root?: string;
-	key: string;
-	secret: string;
+	key?: string;
+	secret?: string;
 	bucket: string;
 	acl?: string;
 	serverSideEncryption?: string;
@@ -39,12 +39,18 @@ export class DriverS3 implements Driver {
 	private serverSideEncryption: string | undefined;

 	constructor(config: DriverS3Config) {
-		const s3ClientConfig: S3ClientConfig = {
-			credentials: {
+		const s3ClientConfig: S3ClientConfig = {};
+
+		if ((config.key && !config.secret) || (config.secret && !config.key)) {
+			throw new Error('Both `key` and `secret` are required when defined');
+		}
+
+		if (config.key && config.secret) {
+			s3ClientConfig.credentials = {
 				accessKeyId: config.key,
 				secretAccessKey: config.secret,
-			},
-		};
+			};
+		}

 		if (config.endpoint) {
 			const protocol = config.endpoint.startsWith('https://') ? 'https:' : 'http:';