Mc: `mc config host add` can have an option to skip the credentials verify.
Expected behaviour
mc config host add can have an option to skip the credentials verify.
Actual behaviour
mc config host add s3-somebucket https://s3.cn-north-1.amazonaws.com.cn XXXXX XXXXXXXXXX S3v4
mc: <ERROR> Unable to initialize new config from the provided credentials. The specified bucket does not exist.
Steps to reproduce the behaviour
Here is my s3 iam Policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1506154426000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws-cn:s3:::somebucket/*"
]
},
{
"Sid": "Stmt1506154452000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws-cn:s3:::somebucket"
]
}
]
}
In the old version of mc, it won't verify when I added the credentials.
And I give a very strict permission to my s3 access key. So it does like this:
The access key can't list the bucket name. But it does have the access when you know the specific bucket name.
mc version
- Version: 2018-03-25T01:22:22Z
Release-tag: RELEASE.2018-03-25T01-22-22Z
Commit-id: da5c19848d1e82a24eddb453b01e83d4a0660de4
System information
Tested on macOS, Ubuntu 16.04
tru2dagame
All 6 comments
You can by providing the --api s3v4 directly and it shouldn't call the validation call path.
harshavardhana
on 27 Mar 2018
@tru2dagame Closing this issue as answered. Please feel free to re-open the issue if you feel otherwise.
kannappanr
on 27 Mar 2018
The answer is a little confusing as (https://docs.minio.io/docs/minio-client-complete-guide) specifies s3v4 as the default. Using the --api option explictly worked for me (macos mc version 2018-03-25T01). Without the option, I see the same error as reported here.
rbetts
on 2 Jun 2018
@rbetts if option --api is provided, credential verification is skipped. If you do not specify the option, it will do the verification which is failing in your case. Will look into adding the option in the documentation
kannappanr
on 2 Jun 2018
What exact authorization does mc need to work without --api s3v4 parameter? I give the s3 user authorization below but it still not working.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws-cn:s3:::<my-bucket>"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws-cn:s3:::<my-bucket>/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws-cn:s3:::<my-bucket>"
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
I used the command like this and got error message below:
$ docker run -it --entrypoint=/bin/sh minio/mc:RELEASE.2018-05-25T20-20-15Z
$ mc config host add s3 <endpoint> <key> <secret>; mc ls s3/<my-bucket>
mc: Configuration written to `/root/.mc/config.json`. Please update your access credentials.
mc: Successfully created `/root/.mc/share`.
mc: Initialized share uploads `/root/.mc/share/uploads.json` file.
mc: Initialized share downloads `/root/.mc/share/downloads.json` file.
mc: <ERROR> Unable to initialize new config from the provided credentials. The specified bucket does not exist.
mc: <ERROR> Unable to stat `<my-bucket>`. Requested file `<my-bucket>` not found
And if I add the --api s3v4 parameter everything works fine.
aisensiy
on 7 Jun 2018
You can by providing the --api s3v4 directly and it shouldn't call the validation call path.
This worked for me. But it is extremely confusing and impossible to understand without trial or without visiting this issue.
mc config host add can have an explanation near --api argument, saying it would prevent active probing.
Also adding --debug outputs *nothing*, the command just looks at me with empty eyes, for more than a minute.. :/
furkanmustafa
on 4 Aug 2019
Related issues
donatello
·
5Comments
teto
·
7Comments
richarson
·
5Comments
accaldwell
·
5Comments
d5ve
·
6Comments
Most helpful comment
You can by providing the
--api s3v4directly and it shouldn't call the validation call path.