From 2139c2acbfd41a40edbff3f54b91ac41dddcf64c Mon Sep 17 00:00:00 2001
From: Marc Fournier <marc.fournier@qoqa.com>
Date: Tue, 8 Feb 2022 14:21:31 +0100
Subject: [PATCH] BSQOQ-647: allow instance profiles authentication

By dropping the requirement to have `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` envvars set, we can let the more secure IAM instance-profile take over the authentication.

This can be used immediatly on the rancher platform, and NB that this will become a requirement on the kubernetes platform in a couple of weeks.
---
 attachment_s3/models/ir_attachment.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/attachment_s3/models/ir_attachment.py b/attachment_s3/models/ir_attachment.py
index b09d9f0..2fe7e83 100644
--- a/attachment_s3/models/ir_attachment.py
+++ b/attachment_s3/models/ir_attachment.py
@@ -58,10 +58,12 @@ class IrAttachment(models.Model):
         # replaces {db} by the database name to handle multi-tenancy
         bucket_name = bucket_name.format(db=self.env.cr.dbname)
         params = {
-            'aws_access_key_id': access_key,
-            'aws_secret_access_key': secret_key,
             'bucket_name': bucket_name,
         }
+        if access_key:
+            params['aws_access_key_id'] = access_key
+        if secret_key:
+            params['aws_secret_access_key'] = secret_key
         if host:
             params['endpoint_url'] = host
         if region_name:
@@ -89,8 +91,6 @@ class IrAttachment(models.Model):
         #  keyword argument 'bucket_name'
         bucket_name = params.pop("bucket_name")
         if not (
-            params["aws_access_key_id"] and
-            params["aws_secret_access_key"] and
             bucket_name
         ):
             msg = _('If you want to read from the %s S3 bucket, the following '