@@ -264,25 +264,34 @@ impl S3Config {
264264 builder = builder. with_checksum_algorithm ( Checksum :: SHA256 )
265265 }
266266
267+ assert ! (
268+ self . access_key_id. is_some( ) == self . secret_key. is_some( ) ,
269+ "P_S3_ACCESS_KEY and P_S3_SECRET_KEY must be set together"
270+ ) ;
271+
267272 if let Some ( ( access_key, secret_key) ) =
268273 self . access_key_id . as_ref ( ) . zip ( self . secret_key . as_ref ( ) )
269274 {
270275 builder = builder
271276 . with_access_key_id ( access_key)
272277 . with_secret_access_key ( secret_key) ;
273- }
278+ } else {
279+ let token_file = std:: env:: var ( AWS_WEB_IDENTITY_TOKEN_FILE ) . ok ( ) ;
280+ let role_arn = std:: env:: var ( AWS_ROLE_ARN ) . ok ( ) ;
274281
275- if self . access_key_id . is_none ( ) && self . secret_key . is_none ( ) {
276- if let Ok ( token_file) = std :: env :: var ( AWS_WEB_IDENTITY_TOKEN_FILE ) {
277- builder = builder . with_config ( AmazonS3ConfigKey :: WebIdentityTokenFile , token_file ) ;
278- }
282+ assert ! (
283+ token_file. is_some ( ) == role_arn . is_some ( ) ,
284+ "{AWS_WEB_IDENTITY_TOKEN_FILE} and {AWS_ROLE_ARN} must be set together"
285+ ) ;
279286
280- if let Ok ( role_arn) = std:: env:: var ( AWS_ROLE_ARN ) {
281- builder = builder. with_config ( AmazonS3ConfigKey :: RoleArn , role_arn) ;
282- }
287+ if let Some ( ( token_file, role_arn) ) = token_file. zip ( role_arn) {
288+ builder = builder
289+ . with_config ( AmazonS3ConfigKey :: WebIdentityTokenFile , token_file)
290+ . with_config ( AmazonS3ConfigKey :: RoleArn , role_arn) ;
283291
284- if let Ok ( session_name) = std:: env:: var ( AWS_ROLE_SESSION_NAME ) {
285- builder = builder. with_config ( AmazonS3ConfigKey :: RoleSessionName , session_name) ;
292+ if let Ok ( session_name) = std:: env:: var ( AWS_ROLE_SESSION_NAME ) {
293+ builder = builder. with_config ( AmazonS3ConfigKey :: RoleSessionName , session_name) ;
294+ }
286295 }
287296 }
288297
0 commit comments