Open PhilipBehrenberg opened 2 years ago
Also facing the same issue after our plugin was bumped from 0.10.0 to anything 0.11.0 and onwards. Same steps, same errors/results.
this might be caused by introduction of DynamicBucketRegion in #146, which was released in 0.11.0
DynamicBucketRegion
is always called, it's always called with hard-coded credentials and hard-coded endpoint
it also breaks the plugin in environments with restricted access to internet, and leaks internal bucket names to amazon AWS in non-restricted environments, since the dynamic bucket region "guessing" is always performed on amazon s3, no matter what is set in .aws
files or environment variables.
As stated in the title, the S3 plugin is not authorized to connect to S3 to do any action, init or add repo. On the other hand, the AWS CLI on the same account/machine is able to cp the index.yaml or list/download files in the same bucket.
The commands are being run on an instance within the same AWS account, connecting to a private S3 bucket owned by the account logged into the CLI. Using an "identical" (as far as I can tell, and I've looked very closely) setup on a separate AWS account, everything works exactly as expected. The working account was using version
0.13
, so I even tried downgrading that version to no avail. Both the s3 bucket and the instance are in the same region.The
~/.aws/credentials
and~/.aws/config
files both exist and are populated with default region, key, and secret. I even tried manually populating the ENV varsAWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
andAWS_DEFAULT_REGION
, again to no avail.AWS CLI, working as expected
Helm S3 Plugin, failing
Software/OS versions: