search

KalobTaulien / boto3_wasabi

Other
6 stars 3 forks source link

SignatureDoesNotMatch error when calling the PutObject operation #2

Open fahimsun opened 4 years ago

fahimsun commented 4 years ago

I am able to list Buckets but unable to put_object. I updated the bucket policy to allow all operations for that User(urn)

---Bucket Policy

{ "Id": "Policyxxxxxxx", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmtxxxxxxxx", "Action": [ "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::mybucket", "Principal": { "AWS": [ "arn:aws:iam::xxxxxxxxx:user/uploader" ] } } ] }

-------------------------------Sample Code used --------------------

---- Creating Sample file----

file = open('new-file.txt', 'a+') file.write('Hello, this is my new file') file.close()

Open the file as readable

body = open('new-file.txt', 'rb')

s3 = boto3_wasabi.client('s3', endpoint_url = 'https://s3.wasabisys.com', aws_access_key_id = access_key, aws_secret_access_key =secret_key)

---- Printing List of Buckets - it works

print(s3.list_buckets())

---- Upload File Fails gives SignatureDoesNot Match----

Upload your file

upload_data = s3.put_object(Bucket=WASABI_BUCKET, Key='test.txt', Body=body, ContentType='text/plain')

body.close() print(upload_data)

------- Error I am receiving ------------

ClientError: An error occurred (SignatureDoesNotMatch) when calling the PutObject operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.

ghost commented 4 years ago

It doesn't look like this is being responded to thus far but it would be helpful if it were. I've set up a new wasabi account for testing and received the same result using the exact test script posted by the author. I created a new key after the first one failed to confirm. `import boto3_wasabi

WASABI_ACCESS_KEY = 'XXXXXXXXXXXXXXXXXXXX' WASABI_SECRET_KEY = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' WASABI_BUCKET = 'occ-applic'

file = open('test.txt', 'a+') file.write('Hello, this is my new file') file.close()

body = open('test.txt', 'rb')

s3 = boto3_wasabi.client('s3', aws_access_key_id=WASABI_ACCESS_KEY, aws_secret_access_key=WASABI_SECRET_KEY)

upload_data = s3.put_object(Bucket=WASABI_BUCKET, Key='test.txt', Body=body, ContentType='text/plain')

body.close()

print(upload_data) This results in a SignatureDoesNotMatch error. Looking through the source code I also tried the upload_file function, which essentially does the same thing and received the same error: from s3transfer import S3Transfer

fn = 'test.txt' client = boto3_wasabi.client('s3', aws_access_key_id=WASABI_ACCESS_KEY, aws_secret_access_key=WASABI_SECRET_KEY) transfer = S3Transfer(client) transfer.upload_file(fn, 'occ-applic', fn)`

With this same client I am also able to list buckets. client.list_buckets()

With this I can create a new bucket: `import boto3

s3 = boto3.resource('s3', endpoint_url = 'https://s3.wasabisys.com', aws_access_key_id = WASABI_ACCESS_KEY, aws_secret_access_key = WASABI_SECRET_KEY)

s3.create_bucket(Bucket='occ-test')`

I wish I was more familiar with s3 but it seems that the client is created alright since I can list and it's just an issue with the PUT, perhaps policy related but if so the SignatureDoesNotMatch error seems to indicate otherwise. Can the author shed any light on this?

ghost commented 4 years ago

I also tried to set the region when initializing the client, although the example doesn't show doing this. client = boto3_wasabi.client('s3', region_name='us-east-2', aws_access_key_id=WASABI_ACCESS_KEY, aws_secret_access_key=WASABI_SECRET_KEY) Interestingly, I received an error AuthorizationHeaderMalformed stating that the region 'us-east-2' is wrong; expecting 'us-east-1', which is strange since us-east-2 is correct. But setting it to us-east-1 resulted back in the original error SignatureDoesNotMatch

ghost commented 4 years ago

I'm guessing that it's something that needs to be set in the wasabi configuration, but as I said I'm rather new to s3. I dumped the debug file from wasabi profile page trying to discover any indication from that and was curious about the problems fetching info, although perhaps not relevant. I suspect but don't enough yet to know if policies should be set on the default virgin account. It would seem that the default would be to allow read/write by the user that can create/list buckets. The dump shows empty policies policies": [],, but then is this was the issue I still would not expect that to result in a SignatureDoesNotMatch error. { "Name": "occ-applic", "CreationDate": "2020-02-15T14:36:06.000Z", "Region": "us-east-2", "PublicAccess": "Default", "Owner": "ron.banks.consultant", "Type": "bucket", "OwnerId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "Logging": "Problem fetching bucket logging", "Versioning": "Problem fetching bucket versioning", "Compliance": "Request failed with status code 403", "Acls": "Problem fetching bucket acls" }

KalobTaulien commented 4 years ago

This is most likely an API update. All I did with this package was clone boto3 and change the endpoint to what Wasabi's endpoint, but I haven't updated this package in quite some time so it's probably just stale.

ghost commented 4 years ago

Just to follow up on this... I'm not sure why it wouldn't work as is but I cloned boto3 and changed the endpoint in session.py as you did in boto3_wasabi just to see if it was api staleness that was the problem, and it would not work either. I experimented with curl calls until I had success.

Explicitly setting the region in the endpoint url using the standard boto3 is the only way I had success in python.

import os, boto3 from s3transfer import S3Transfer

fn = 'test.txt' client = boto3.client('s3', endpoint_url = 'https://s3.us-east-2.wasabisys.com', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY) transfer = S3Transfer(client) transfer.upload_file(fn, 'occ-applic', fn)