15599: Reject configuration with both IAMRole and Access/SecretKey.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

diff --git a/services/keepstore/s3_volume.go b/services/keepstore/s3_volume.go
index e39d7b79b5eb5b1bf131c6d86105bda046298870..220377af280f2d64c682624ee69a67cfd6f3b636 100644 (file)
--- a/services/keepstore/s3_volume.go
+++ b/services/keepstore/s3_volume.go
@@ -160,6 +160,9 @@ func (v *S3Volume) GetDeviceID() string {
 
 func (v *S3Volume) bootstrapIAMCredentials() error {
        if v.AccessKey != "" || v.SecretKey != "" {
+               if v.IAMRole != "" {
+                       return errors.New("invalid DriverParameters: AccessKey and SecretKey must be blank if IAMRole is specified")
+               }
                return nil
        }
        ttl, err := v.updateIAMCredentials()