Add support for clients without credentials

Genbox · Genbox · commit c6d9e31ae2ea · 2025-02-20T11:41:14.000+01:00
Supports public buckets
diff --git a/Src/ProviderTests/Buckets/MiscTests.cs b/Src/ProviderTests/Buckets/MiscTests.cs
@@ -0,0 +1,87 @@
+﻿using Genbox.ProviderTests.Misc;
+using Genbox.SimpleS3.Core.Abstracts;
+using Genbox.SimpleS3.Core.Abstracts.Enums;
+using Genbox.SimpleS3.Core.Enums;
+using Genbox.SimpleS3.Core.Extensions;
+using Genbox.SimpleS3.Core.Network.Responses.Buckets;
+using Genbox.SimpleS3.Core.Network.Responses.Objects;
+using Genbox.SimpleS3.Extensions.AmazonS3.Extensions;
+using Genbox.SimpleS3.Extensions.BackBlazeB2.Extensions;
+using Genbox.SimpleS3.Extensions.GoogleCloudStorage.Extensions;
+using Genbox.SimpleS3.Extensions.HttpClientFactory.Extensions;
+using Genbox.SimpleS3.Extensions.ProfileManager.Extensions;
+using Genbox.SimpleS3.Extensions.Wasabi.Extensions;
+using Genbox.SimpleS3.Utility.Shared;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Genbox.ProviderTests.Buckets;
+
+public class MiscTests : TestBase
+{
+    [Theory]
+    [MultipleProviders(S3Provider.AmazonS3)]
+    public async Task CanAccessPublicBucket(S3Provider provider, string _1, ISimpleClient authedClient)
+    {
+        //This tests if we can access a public bucket without credentials
+        //We don't use the client provided. Instead, we build a new one.
+
+        ServiceCollection collection = new ServiceCollection();
+        collection.PostConfigure<SimpleS3Config>(config => config.Credentials = null);
+
+        ICoreBuilder builder = SimpleS3CoreServices.AddSimpleS3Core(collection);
+        builder.UseProfileManager()
+               .BindConfigToProfile("TestSetup-" + provider);
+
+        builder.UseHttpClientFactory();
+
+        if (provider == S3Provider.AmazonS3)
+            builder.UseAmazonS3();
+        else if (provider == S3Provider.BackBlazeB2)
+            builder.UseBackBlazeB2();
+        else if (provider == S3Provider.GoogleCloudStorage)
+            builder.UseGoogleCloudStorage();
+        else if (provider == S3Provider.Wasabi)
+            builder.UseWasabi();
+
+        await using ServiceProvider services = collection.BuildServiceProvider();
+        ISimpleClient client = services.GetRequiredService<ISimpleClient>();
+
+        //Use the authenticated client to create the bucket, but use the non-authenticated client to put/get object
+        await CreateTempBucketAsync(provider, authedClient, async tempBucket =>
+        {
+            string policy = $$"""
+                              {
+                              	"Version": "2012-10-17",
+                              	"Id": "Policy1740044169364",
+                              	"Statement": [
+                              		{
+                              			"Sid": "Stmt1740044164489",
+                              			"Effect": "Allow",
+                              			"Principal": "*",
+                              			"Action": "s3:*",
+                              			"Resource": "arn:aws:s3:::{{tempBucket}}/*"
+                              		}
+                              	]
+                              }
+                              """;
+
+            PutPublicAccessBlockResponse resp1 = await authedClient.PutPublicAccessBlockAsync(tempBucket, request =>
+            {
+                request.BlockPublicAcls = false;
+                request.BlockPublicPolicy = false;
+                request.IgnorePublicAcls = false;
+                request.RestrictPublicBuckets = false;
+            });
+            Assert.True(resp1.IsSuccess);
+
+            PutBucketPolicyResponse resp2 = await authedClient.PutBucketPolicyAsync(tempBucket, policy);
+            Assert.True(resp2.IsSuccess);
+
+            PutObjectResponse resp3 = await client.PutObjectStringAsync(tempBucket, "test", "test");
+            Assert.True(resp3.IsSuccess);
+
+            GetObjectResponse resp4 = await client.GetObjectAsync(tempBucket, "test");
+            Assert.True(resp4.IsSuccess);
+        });
+    }
+}
diff --git a/Src/SimpleS3.BackBlazeB2/BackBlazeB2Client.cs b/Src/SimpleS3.BackBlazeB2/BackBlazeB2Client.cs
@@ -39,7 +39,7 @@ public BackBlazeB2Client(string keyId, string accessKey, BackBlazeB2Region regio
     /// <param name="credentials">The credentials to use</param>
     /// <param name="region">The region you wish to use</param>
     /// <param name="networkConfig">Network configuration</param>
-    public BackBlazeB2Client(IAccessKey credentials, BackBlazeB2Region region, NetworkConfig? networkConfig = null) : this(new BackBlazeB2Config(credentials, region), networkConfig) {}
+    public BackBlazeB2Client(IAccessKey? credentials, BackBlazeB2Region region, NetworkConfig? networkConfig = null) : this(new BackBlazeB2Config(credentials, region), networkConfig) {}
 
     /// <summary>Creates a new instance of <see cref="BackBlazeB2Client" /></summary>
     /// <param name="config">The configuration you want to use</param>
diff --git a/Src/SimpleS3.Core.Abstracts/Enums/ErrorCode.cs b/Src/SimpleS3.Core.Abstracts/Enums/ErrorCode.cs
@@ -255,5 +255,12 @@ public enum ErrorCode
     UnresolvableGrantByEmailAddress,
 
     /// <summary>The bucket POST must contain the specified field name. If it is specified, check the order of the fields.</summary>
-    UserKeyMustBeSpecified
+    UserKeyMustBeSpecified,
+
+    /// <summary>If you want to apply the Bucket owner enforced setting to disable ACLs, your bucket ACL must give full control only to the bucket owner. Your bucket ACL cannot give access to an external AWS account or any other group. For example, if your CreateBucket request sets Bucket owner enforced and specifies a bucket ACL that provides access to an external AWS account, your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership error code. Similarly, if your PutBucketOwnershipControls request sets Bucket owner enforced on a bucket that has a bucket ACL that grants permissions to others, the request fails.</summary>
+    InvalidBucketAclWithObjectOwnership,
+
+    InvalidBucketAclWithBlockPublicAccessError,
+
+    MalformedPolicy
 }
diff --git a/Src/SimpleS3.Core.Abstracts/SimpleS3Config.cs b/Src/SimpleS3.Core.Abstracts/SimpleS3Config.cs
@@ -15,14 +15,14 @@ public SimpleS3Config(string providerName, string endpoint)
         Endpoint = endpoint;
     }
 
-    public SimpleS3Config(IAccessKey credentials, string endpoint, string regionCode) : this(string.Empty, endpoint) //Used internally
+    public SimpleS3Config(IAccessKey? credentials, string endpoint, string regionCode) : this(string.Empty, endpoint) //Used internally
     {
         Credentials = credentials;
         RegionCode = regionCode;
     }
 
     /// <summary>The credentials to use when communicating with S3.</summary>
-    public IAccessKey Credentials { get; set; }
+    public IAccessKey? Credentials { get; set; }
 
     /// <summary>
     /// There are 3 different signing modes: 1. Unsigned - means the request will be sent without a signature at all. 2. FullSignature - Means the full payload will be hashed
diff --git a/Src/SimpleS3.Core.Tests/OfflineTests/AuthenticationTests.cs b/Src/SimpleS3.Core.Tests/OfflineTests/AuthenticationTests.cs
@@ -0,0 +1,33 @@
+﻿using Genbox.SimpleS3.Core.Abstracts;
+using Genbox.SimpleS3.Core.Abstracts.Enums;
+using Genbox.SimpleS3.Core.Common.Validation;
+using Genbox.SimpleS3.Core.Extensions;
+using Genbox.SimpleS3.Core.Network.Requests.Objects;
+using Genbox.SimpleS3.Extensions.HttpClientFactory.Extensions;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Genbox.SimpleS3.Core.Tests.OfflineTests;
+
+public class AuthenticationTests
+{
+    [Fact]
+    public void PreSignRequireCredentials()
+    {
+        ServiceCollection collection = new ServiceCollection();
+        collection.Configure<SimpleS3Config>(config =>
+        {
+            config.Endpoint = "http://something.com";
+            config.RegionCode = "us-east-1";
+            config.NamingMode = NamingMode.PathStyle;
+            config.Credentials = null;
+        });
+
+        ICoreBuilder builder = SimpleS3CoreServices.AddSimpleS3Core(collection);
+        builder.UseHttpClientFactory();
+
+        using var provider = collection.BuildServiceProvider();
+        ISimpleClient client = provider.GetRequiredService<ISimpleClient>();
+
+        Assert.Throws<InvalidOperationException>(() => client.SignRequest(new GetObjectRequest("test", "name"), TimeSpan.FromHours(1)));
+    }
+}
diff --git a/Src/SimpleS3.Core/Internals/Authentication/SigningKeyBuilder.cs b/Src/SimpleS3.Core/Internals/Authentication/SigningKeyBuilder.cs
@@ -3,6 +3,7 @@
 using Genbox.SimpleS3.Core.Abstracts;
 using Genbox.SimpleS3.Core.Abstracts.Authentication;
 using Genbox.SimpleS3.Core.Common.Helpers;
+using Genbox.SimpleS3.Core.Common.Validation;
 using Genbox.SimpleS3.Core.Internals.Misc;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -36,6 +37,7 @@ public SigningKeyBuilder(IOptions<SimpleS3Config> options, ILogger<SigningKeyBui
 
     public byte[] CreateSigningKey(DateTimeOffset dateTime)
     {
+        Validator.RequireNotNull(_config.Credentials, "If we get to this point, we expect to have valid credentials");
         _logger.LogTrace("Creating key created on {DateTime}", dateTime);
 
         //https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
diff --git a/Src/SimpleS3.Core/Internals/Builders/HeaderAuthorizationBuilder.cs b/Src/SimpleS3.Core/Internals/Builders/HeaderAuthorizationBuilder.cs
@@ -29,6 +29,7 @@ public void BuildAuthorization(IRequest request)
 
     internal string BuildInternal(DateTimeOffset date, IReadOnlyDictionary<string, string> headers, byte[] signature)
     {
+        Validator.RequireNotNull(_config.Credentials, "If we get to this point, we expect to have valid credentials");
         logger.LogTrace("Building header based authorization");
 
         string scope = scopeBuilder.CreateScope("s3", date);
diff --git a/Src/SimpleS3.Core/Internals/Network/ChunkedContentRequestStreamWrapper.cs b/Src/SimpleS3.Core/Internals/Network/ChunkedContentRequestStreamWrapper.cs
@@ -30,7 +30,7 @@ public ChunkedContentRequestStreamWrapper(IOptions<SimpleS3Config> config, IChun
         _config = config.Value;
     }
 
-    public bool IsSupported(IRequest request) => _config.PayloadSignatureMode == SignatureMode.StreamingSignature && request is ISupportStreaming;
+    public bool IsSupported(IRequest request) => _config.PayloadSignatureMode == SignatureMode.StreamingSignature && request is ISupportStreaming && _config.Credentials != null;
 
     public Stream Wrap(Stream input, IRequest request)
     {
diff --git a/Src/SimpleS3.Core/Internals/Network/DefaultSignedRequestHandler.cs b/Src/SimpleS3.Core/Internals/Network/DefaultSignedRequestHandler.cs
@@ -48,6 +48,9 @@ public DefaultSignedRequestHandler(IOptions<SimpleS3Config> options, IMarshalFac
 
     public string SignRequest<TReq>(TReq request, TimeSpan expiresIn) where TReq : IRequest
     {
+        if (_config.Credentials == null)
+            throw new InvalidOperationException("You cannot pre-sign requests without first providing credentials");
+
         request.Timestamp = DateTimeOffset.UtcNow;
         request.RequestId = Guid.NewGuid();
 
diff --git a/Src/SimpleS3.Core/Internals/Validation/Validators/Configs/ConfigValidator.cs b/Src/SimpleS3.Core/Internals/Validation/Validators/Configs/ConfigValidator.cs
@@ -7,18 +7,19 @@ namespace Genbox.SimpleS3.Core.Internals.Validation.Validators.Configs;
 
 internal sealed class ConfigValidator : ConfigValidatorBase<SimpleS3Config>
 {
-    public ConfigValidator(IValidator<IAccessKey> validator)
+    public ConfigValidator(IValidator<IAccessKey?> validator)
     {
         RuleFor(x => x.Endpoint).NotEmpty().WithMessage("You must provide an endpoint.");
         RuleFor(x => x.RegionCode).NotEmpty().WithMessage("You must provide a region");
         RuleFor(x => x.PayloadSignatureMode).IsInEnum().Must(x => x != SignatureMode.Unknown).WithMessage("You must provide a valid payload signature mode");
         RuleFor(x => x.NamingMode).IsInEnum().Must(x => x != NamingMode.Unknown).WithMessage("You must provide a valid naming mode");
-        RuleFor(x => x.NamingMode).IsInEnum().Must(x => x == NamingMode.PathStyle).When(x => !x.Endpoint.Contains('{')).WithMessage("You can only use NamingMode.VirtualHost when you specify an endpoint template.");
 
-        RuleFor(x => x.ObjectKeyValidationMode).IsInEnum().Must(x => x != ObjectKeyValidationMode.Unknown).WithMessage("You must provide a valid object key validation mode");
+        // We have to check x.EndPoint != null due to the way validation is run
+        // ReSharper disable once ConditionalAccessQualifierIsNonNullableAccordingToAPIContract
+        RuleFor(x => x.NamingMode).IsInEnum().Must(x => x == NamingMode.PathStyle).When(x => x.Endpoint?.Contains('{') == false).WithMessage("You can only use NamingMode.VirtualHost when you specify an endpoint template.");
 
-        IRuleBuilderOptions<SimpleS3Config, IAccessKey> validatorRule = RuleFor(x => x.Credentials).NotNull().WithMessage("You must provide credentials");
-        validatorRule.SetValidator(validator);
+        RuleFor(x => x.ObjectKeyValidationMode).IsInEnum().Must(x => x != ObjectKeyValidationMode.Unknown).WithMessage("You must provide a valid object key validation mode");
+        RuleFor(x => x.Credentials).SetValidator(validator);
 
         //See https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
         RuleFor(x => x.StreamingChunkSize).GreaterThanOrEqualTo(8096).WithMessage("Please specify a chunk size of more than or equal to 8096 bytes");
diff --git a/Src/SimpleS3.Extensions.AmazonS3.Tests/SignedUrlTests.cs b/Src/SimpleS3.Extensions.AmazonS3.Tests/SignedUrlTests.cs
@@ -53,7 +53,7 @@ public void TestAgainstAmazonsExample()
         GetObjectRequest request = new GetObjectRequest("examplebucket", "test.txt");
         request.SetHeader("host", "examplebucket.s3.amazonaws.com");
         request.SetQueryParameter(AmzParameters.XAmzAlgorithm, SigningConstants.AlgorithmTag);
-        request.SetQueryParameter(AmzParameters.XAmzCredential, _options.Credentials.KeyId + '/' + scope);
+        request.SetQueryParameter(AmzParameters.XAmzCredential, _options.Credentials!.KeyId + '/' + scope);
         request.SetQueryParameter(AmzParameters.XAmzDate, _testDate.ToString(DateTimeFormats.Iso8601DateTime, DateTimeFormatInfo.InvariantInfo));
         request.SetQueryParameter(AmzParameters.XAmzExpires, "86400");
         request.SetQueryParameter(AmzParameters.XAmzSignedHeaders, "host");
diff --git a/Src/SimpleS3.Extensions.AmazonS3/AmazonS3Config.cs b/Src/SimpleS3.Extensions.AmazonS3/AmazonS3Config.cs
@@ -13,14 +13,14 @@ public class AmazonS3Config() : SimpleS3Config("AmazonS3", "{Scheme}://{Bucket:.
     private static readonly RegionConverter _converter = new RegionConverter(AmazonS3RegionData.Instance);
     private AmazonS3Region _region;
 
-    public AmazonS3Config(IAccessKey credentials, string regionCode) : this()
+    public AmazonS3Config(IAccessKey? credentials, string regionCode) : this()
     {
         Credentials = credentials;
         RegionCode = regionCode;
     }
 
     public AmazonS3Config(string keyId, string secretKey, AmazonS3Region region) : this(new StringAccessKey(keyId, secretKey), region) {}
-    public AmazonS3Config(IAccessKey credentials, AmazonS3Region region) : this(credentials, _converter.GetRegion(region).Code) {}
+    public AmazonS3Config(IAccessKey? credentials, AmazonS3Region region) : this(credentials, _converter.GetRegion(region).Code) {}
 
     public AmazonS3Region Region
     {
diff --git a/Src/SimpleS3.Extensions.BackBlazeB2/BackBlazeB2Config.cs b/Src/SimpleS3.Extensions.BackBlazeB2/BackBlazeB2Config.cs
@@ -14,15 +14,15 @@ public class BackBlazeB2Config() : SimpleS3Config("BackBlazeB2", "{Scheme}://{Bu
     private static readonly IRegionConverter _converter = new RegionConverter(BackblazeB2RegionData.Instance);
     private BackBlazeB2Region _region;
 
-    public BackBlazeB2Config(IAccessKey credentials, string regionCode) : this()
+    public BackBlazeB2Config(IAccessKey? credentials, string regionCode) : this()
     {
         Credentials = credentials;
         RegionCode = regionCode;
     }
 
     public BackBlazeB2Config(string keyId, string secretKey, BackBlazeB2Region region) : this(new StringAccessKey(keyId, secretKey), region) {}
 
-    public BackBlazeB2Config(IAccessKey credentials, BackBlazeB2Region region) : this(credentials, _converter.GetRegion(region).Code) {}
+    public BackBlazeB2Config(IAccessKey? credentials, BackBlazeB2Region region) : this(credentials, _converter.GetRegion(region).Code) {}
 
     public BackBlazeB2Region Region
     {
diff --git a/Src/SimpleS3.Extensions.GenericS3/GenericS3Config.cs b/Src/SimpleS3.Extensions.GenericS3/GenericS3Config.cs
@@ -13,7 +13,7 @@ public GenericS3Config(string endpoint) : this()
         Endpoint = endpoint;
     }
 
-    public GenericS3Config(IAccessKey credentials, string endpoint, string regionCode) : this(endpoint)
+    public GenericS3Config(IAccessKey? credentials, string endpoint, string regionCode) : this(endpoint)
     {
         Credentials = credentials;
         RegionCode = regionCode;
diff --git a/Src/SimpleS3.Extensions.GoogleCloudStorage/GoogleCloudStorageConfig.cs b/Src/SimpleS3.Extensions.GoogleCloudStorage/GoogleCloudStorageConfig.cs
@@ -21,15 +21,15 @@ public GoogleCloudStorageConfig() : base("GoogleCloudStorage", "{Scheme}://{Buck
         PayloadSignatureMode = SignatureMode.FullSignature;
     }
 
-    public GoogleCloudStorageConfig(IAccessKey credentials, string regionCode) : this()
+    public GoogleCloudStorageConfig(IAccessKey? credentials, string regionCode) : this()
     {
         Credentials = credentials;
         RegionCode = regionCode;
     }
 
     public GoogleCloudStorageConfig(string keyId, string secretKey, GoogleCloudStorageRegion region) : this(new StringAccessKey(keyId, secretKey), region) {}
 
-    public GoogleCloudStorageConfig(IAccessKey credentials, GoogleCloudStorageRegion region) : this(credentials, _converter.GetRegion(region).Code) {}
+    public GoogleCloudStorageConfig(IAccessKey? credentials, GoogleCloudStorageRegion region) : this(credentials, _converter.GetRegion(region).Code) {}
 
     public GoogleCloudStorageRegion Region
     {
diff --git a/Src/SimpleS3.Extensions.Wasabi/WasabiConfig.cs b/Src/SimpleS3.Extensions.Wasabi/WasabiConfig.cs
@@ -12,15 +12,15 @@ public class WasabiConfig() : SimpleS3Config("Wasabi", "{Scheme}://{Bucket:.}s3.
     private static readonly IRegionConverter _converter = new RegionConverter(WasabiRegionData.Instance);
     private WasabiRegion _region;
 
-    public WasabiConfig(IAccessKey credentials, string regionCode) : this()
+    public WasabiConfig(IAccessKey? credentials, string regionCode) : this()
     {
         Credentials = credentials;
         RegionCode = regionCode;
     }
 
     public WasabiConfig(string keyId, string secretKey, WasabiRegion region) : this(new StringAccessKey(keyId, secretKey), region) {}
 
-    public WasabiConfig(IAccessKey credentials, WasabiRegion region) : this(credentials, _converter.GetRegion(region).Code) {}
+    public WasabiConfig(IAccessKey? credentials, WasabiRegion region) : this(credentials, _converter.GetRegion(region).Code) {}
 
     public WasabiRegion Region
     {
diff --git a/Src/SimpleS3.GenericS3/GenericS3Client.cs b/Src/SimpleS3.GenericS3/GenericS3Client.cs
@@ -42,7 +42,7 @@ public GenericS3Client(string keyId, string accessKey, string endpoint, string r
     /// <param name="endpoint">The endpoint you wish to use</param>
     /// <param name="regionCode">The region code to use</param>
     /// <param name="networkConfig">Network configuration</param>
-    public GenericS3Client(IAccessKey credentials, string endpoint, string regionCode, NetworkConfig? networkConfig = null) : this(new GenericS3Config(credentials, endpoint, regionCode), networkConfig) {}
+    public GenericS3Client(IAccessKey? credentials, string endpoint, string regionCode, NetworkConfig? networkConfig = null) : this(new GenericS3Config(credentials, endpoint, regionCode), networkConfig) {}
 
     /// <summary>Creates a new instance of <see cref="GenericS3Client" /></summary>
     /// <param name="config">The configuration you want to use</param>
diff --git a/Src/SimpleS3.GoogleCloudStorage/GoogleCloudStorageClient.cs b/Src/SimpleS3.GoogleCloudStorage/GoogleCloudStorageClient.cs
@@ -39,7 +39,7 @@ public GoogleCloudStorageClient(string keyId, string accessKey, GoogleCloudStora
     /// <param name="credentials">The credentials to use</param>
     /// <param name="region">The region you wish to use</param>
     /// <param name="networkConfig">Network configuration</param>
-    public GoogleCloudStorageClient(IAccessKey credentials, GoogleCloudStorageRegion region, NetworkConfig? networkConfig = null) : this(new GoogleCloudStorageConfig(credentials, region), networkConfig) {}
+    public GoogleCloudStorageClient(IAccessKey? credentials, GoogleCloudStorageRegion region, NetworkConfig? networkConfig = null) : this(new GoogleCloudStorageConfig(credentials, region), networkConfig) {}
 
     /// <summary>Creates a new instance of <see cref="GoogleCloudStorageClient" /></summary>
     /// <param name="config">The configuration you want to use</param>
diff --git a/Src/SimpleS3.Wasabi/WasabiClient.cs b/Src/SimpleS3.Wasabi/WasabiClient.cs
@@ -39,7 +39,7 @@ public WasabiClient(string keyId, string accessKey, WasabiRegion region, Network
     /// <param name="credentials">The credentials to use</param>
     /// <param name="region">The region you wish to use</param>
     /// <param name="networkConfig">Network configuration</param>
-    public WasabiClient(IAccessKey credentials, WasabiRegion region, NetworkConfig? networkConfig = null) : this(new WasabiConfig(credentials, region), networkConfig) {}
+    public WasabiClient(IAccessKey? credentials, WasabiRegion region, NetworkConfig? networkConfig = null) : this(new WasabiConfig(credentials, region), networkConfig) {}
 
     /// <summary>Creates a new instance of <see cref="WasabiClient" /></summary>
     /// <param name="config">The configuration you want to use</param>

Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,14 @@ public SimpleS3Config(string providerName, string endpoint)`
`15`	`15`	`Endpoint = endpoint;`
`16`	`16`	`}`
`17`	`17`
`18`		`- public SimpleS3Config(IAccessKey credentials, string endpoint, string regionCode) : this(string.Empty, endpoint) //Used internally`
	`18`	`+ public SimpleS3Config(IAccessKey? credentials, string endpoint, string regionCode) : this(string.Empty, endpoint) //Used internally`
`19`	`19`	`{`
`20`	`20`	`Credentials = credentials;`
`21`	`21`	`RegionCode = regionCode;`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`/// <summary>The credentials to use when communicating with S3.</summary>`
`25`		`- public IAccessKey Credentials { get; set; }`
	`25`	`+ public IAccessKey? Credentials { get; set; }`
`26`	`26`
`27`	`27`	`/// <summary>`
`28`	`28`	`/// There are 3 different signing modes: 1. Unsigned - means the request will be sent without a signature at all. 2. FullSignature - Means the full payload will be hashed`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ public void BuildAuthorization(IRequest request)`
`29`	`29`
`30`	`30`	`internal string BuildInternal(DateTimeOffset date, IReadOnlyDictionary<string, string> headers, byte[] signature)`
`31`	`31`	`{`
	`32`	`+ Validator.RequireNotNull(_config.Credentials, "If we get to this point, we expect to have valid credentials");`
`32`	`33`	`logger.LogTrace("Building header based authorization");`
`33`	`34`
`34`	`35`	`string scope = scopeBuilder.CreateScope("s3", date);`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public ChunkedContentRequestStreamWrapper(IOptions<SimpleS3Config> config, IChun`
`30`	`30`	`_config = config.Value;`
`31`	`31`	`}`
`32`	`32`
`33`		`- public bool IsSupported(IRequest request) => _config.PayloadSignatureMode == SignatureMode.StreamingSignature && request is ISupportStreaming;`
	`33`	`+ public bool IsSupported(IRequest request) => _config.PayloadSignatureMode == SignatureMode.StreamingSignature && request is ISupportStreaming && _config.Credentials != null;`
`34`	`34`
`35`	`35`	`public Stream Wrap(Stream input, IRequest request)`
`36`	`36`	`{`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,9 @@ public DefaultSignedRequestHandler(IOptions<SimpleS3Config> options, IMarshalFac`
`48`	`48`
`49`	`49`	`public string SignRequest<TReq>(TReq request, TimeSpan expiresIn) where TReq : IRequest`
`50`	`50`	`{`
	`51`	`+ if (_config.Credentials == null)`
	`52`	`+ throw new InvalidOperationException("You cannot pre-sign requests without first providing credentials");`
	`53`	`+`
`51`	`54`	`request.Timestamp = DateTimeOffset.UtcNow;`
`52`	`55`	`request.RequestId = Guid.NewGuid();`
`53`	`56`