search

deis / object-storage-cli

A Command Line Tool for Utilizing Multiple Object Storage Systems from a Single Interface
MIT License
5 stars 5 forks source link

S3 authentication via IAM profiles #17

Open robholland opened 7 years ago

robholland commented 7 years ago

It doesn't seem that objstorage supports IAM instance profiles. With deis workflow v2.5.0 installed via helmc dockerbuilder fails with an access denied message from S3 when trying to deploy via git:

https://github.com/deis/dockerbuilder/blob/master/rootfs/deploy.py#L91

The tar file it is trying to download had been successfully uploaded to the bucket, so the S3 IAM profile system is working elsewhere in deis.

kmala commented 7 years ago

this should be working as per me...can you say what your object secret is kubectl --namespace=deis describe secret objectstorage-keyfile

robholland commented 7 years ago

I've now changed it to add credentials, but it had region, builder-bucket, database-bucket, registry-bucket all set, and "accesskey: null", "secretkey: null".

Now that I've set accesskey and secretkey (leaving the other settings unchanged) and everything is working as intended. Previously some parts of deis worked but dockerbuilder didn't.