mc config host add
can have an option to skip the credentials verify.
mc config host add s3-somebucket https://s3.cn-north-1.amazonaws.com.cn XXXXX XXXXXXXXXX S3v4
mc: <ERROR> Unable to initialize new config from the provided credentials. The specified bucket does not exist.
Here is my s3 iam Policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1506154426000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws-cn:s3:::somebucket/*"
]
},
{
"Sid": "Stmt1506154452000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws-cn:s3:::somebucket"
]
}
]
}
In the old version of mc, it won't verify when I added the credentials.
And I give a very strict permission to my s3 access key. So it does like this:
The access key can't list the bucket name. But it does have the access when you know the specific bucket name.
Tested on macOS, Ubuntu 16.04
You can by providing the --api s3v4
directly and it shouldn't call the validation call path.
@tru2dagame Closing this issue as answered. Please feel free to re-open the issue if you feel otherwise.
The answer is a little confusing as (https://docs.minio.io/docs/minio-client-complete-guide) specifies s3v4
as the default. Using the --api
option explictly worked for me (macos mc version 2018-03-25T01). Without the option, I see the same error as reported here.
@rbetts if option --api
is provided, credential verification is skipped. If you do not specify the option, it will do the verification which is failing in your case. Will look into adding the option in the documentation
What exact authorization does mc
need to work without --api s3v4
parameter? I give the s3 user authorization below but it still not working.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws-cn:s3:::<my-bucket>"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws-cn:s3:::<my-bucket>/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws-cn:s3:::<my-bucket>"
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
I used the command like this and got error message below:
$ docker run -it --entrypoint=/bin/sh minio/mc:RELEASE.2018-05-25T20-20-15Z
$ mc config host add s3 <endpoint> <key> <secret>; mc ls s3/<my-bucket>
mc: Configuration written to `/root/.mc/config.json`. Please update your access credentials.
mc: Successfully created `/root/.mc/share`.
mc: Initialized share uploads `/root/.mc/share/uploads.json` file.
mc: Initialized share downloads `/root/.mc/share/downloads.json` file.
mc: <ERROR> Unable to initialize new config from the provided credentials. The specified bucket does not exist.
mc: <ERROR> Unable to stat `<my-bucket>`. Requested file `<my-bucket>` not found
And if I add the --api s3v4
parameter everything works fine.
You can by providing the --api s3v4 directly and it shouldn't call the validation call path.
This worked for me. But it is extremely confusing and impossible to understand without trial or without visiting this issue.
mc config host add
can have an explanation near --api
argument, saying it would prevent active probing.
Also adding --debug
outputs *nothing*, the command just looks at me with empty eyes, for more than a minute.. :/
Most helpful comment
You can by providing the
--api s3v4
directly and it shouldn't call the validation call path.