search

drone-plugins / drone-s3

Drone plugin for publishing artifacts to Amazon S3
http://plugins.drone.io/drone-plugins/drone-s3
Apache License 2.0
37 stars 65 forks source link

Missing documentation on secrets, unable to publish to Minio #48

Closed moqmar closed 4 years ago

moqmar commented 6 years ago

I'm using the following configuration for drone-s3:

  publish:
    image: plugins/s3
    bucket: get
    secrets: [ plugin_access_key, plugin_secret_key ]
    source: gook
    target: /
    path_style: true
    endpoint: https://minio.mo-mar.de
    when:
      branch: master

In Drone, I set the two secrets plugin_access_key and plugin_secret_key, which gives me the following error message:

time="2018-06-11T13:32:59Z" level=info msg="Attempting to upload" bucket=get endpoint="https://minio.mo-mar.de" region=us-east-1 
time="2018-06-11T13:32:59Z" level=info msg="Uploading file" bucket=get content-type="application/octet-stream" name=gook target="/gook" 
time="2018-06-11T13:33:01Z" level=error msg="Could not upload file" bucket=get error="SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.\n\tstatus code: 403, request id: 15371E5C340F19FD, host id: " name=gook target="/gook" 
SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.
    status code: 403, request id: 15371E5C340F19FD, host id:

Now, I actually got that secret name from the source, because it's not mentioned anywhere in the documentation. Looking at https://github.com/drone-plugins/drone-docker/blob/master/cmd/drone-docker/main.go (e.g. PLUGIN_REPO) and the documentation for it (which mentions docker_repo, which works), I also tried s3_access_key and s3_secret_key, but it results in the following different error message:

time="2018-06-11T16:12:20Z" level=info msg="Attempting to upload" bucket=get endpoint="https://minio.mo-mar.de" region=us-east-1 
time="2018-06-11T16:12:20Z" level=info msg="Uploading file" bucket=get content-type="application/octet-stream" name=gook target="/gook" 
time="2018-06-11T16:12:40Z" level=error msg="Could not upload file" bucket=get error="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors" name=gook target="/gook" 
NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Now, the first one somehow looks more like it makes sense, and I also triple-checked my secrets, but I just can't upload anything to my Minio instance. What am I doing wrong here, and why is the documentation actually recommending to just store the secrets in the .drone.yml?

tboerger commented 6 years ago

The secrets should be aws_access_key_id and aws_secret_access_key which are pretty common variable names for AWS.

The documentation is missing the available secrets reference, but beside that the secrets are working the same way everywhere, so IMHO it's a waste of examples if every plugin got to list the usage of secrets.

moqmar commented 6 years ago

Hm, thanks. I'm still getting the second first error with those two variable names somehow, so I assume it doesn't mean that it can't find the credentials but that there must be some other error...
EDIT: I fixed it - Minio was running behind Caddy, which wasn't configured as transparent, somehow causing the signature to fail. Leaving this open for the documentation issues, feel free to close it if you think it's not worth an issue. :)

I think although the variables "work the same way" as somewhere else, it's not really visible at any point in the documentation that they have that exact name, or even what secrets can be used with the plugin - the Docker plugin has a section titled "Secret References" for example, which is in my eyes missing for the S3 plugin.

I have never worked with the S3/Minio API before, so I have no idea what commonly used variable names are there, and I don't think a documentation should completely omit them even if they are commonly used.

tboerger commented 6 years ago

I think although the variables "work the same way" as somewhere else, it's not really visible at any point in the documentation that they have that exact name, or even what secrets can be used with the plugin - the Docker plugin has a section titled "Secret References" for example, which is in my eyes missing for the S3 plugin.

That's why I have written The documentation is missing the available secrets reference...

tboerger commented 4 years ago

The documentation should be clear enough in the meantime.