Add Scaleway IPFS Pinning for compliance

[vmscw]

Scaleway is a french cloud provider that provides an IPFS pinning service.

Here the tutorial to create a new API key: https://www.scaleway.com/en/docs/identity-and-access-management/iam/how-to/create-api-keys/, you need IPFSFullAccess permission

Scaleway pinning service is based on volume (like object storage bucket), you need to create one before pinning. The volume can be created with in one-click from the console: https://console.scaleway.com/ipfs

Once the volume is created, you have to put it into the endpoint: https://www.scaleway.com/en/docs/labs/ipfs/api-cli/ipfs-cli/ Example: ipfs pin remote service add --service=scaleway https://fr-par.ipfs.labs.scw.cloud/<VOLUME_ID> <SECRET_KEY>

[SgtPooki]

Cannot create a volumne. Also, this is a significant amount of setup work and there seem to be some instructions missing.

How do I add IPFSFullAccess to my API key?

[vmscw]

Hello @SgtPooki ! Thanks for taking the time to integrate our pinning service !

Indeed, this message is not enough, we will handle this asap.

In other words, you need to level-up your tier level by adding a payment method in the billing section (top-right of the console). Once done, you will be able to access all Scaleway products and there free tier, pinning service included (25GB of free tier).

From that point, the IPFSFullAccess auth is included in your defaut policies, so you don't have to manage it manually !

[OnsagerHe]

Hello @SgtPooki Did you retest the service?

[SgtPooki]

@OnsagerHe @vmscw I have not retested the service. Is there a way you can whitelist our account on the free-tier so there is no need to add a credit card?

[OnsagerHe]

Hello @SgtPooki There are several options available to you If you have an account used by protocol labs and not a personal account, I can discuss with the trust and security team to create a voucher or permission for the pinning service project only, but the credit card might be required as well. It's about the payment solution.

If it's a question of identity, I can find out what options are available

[OnsagerHe]

Hello @SgtPooki Were you able to get the Scaleway account information you are using? So that we can merge this MR :D

[SgtPooki]

I'm going to add a CC now and get this closed out. thanks for your patience with me

[SgtPooki]

ok i created a volume in PAR and then tried to test it using pinning-service-compliance but i'm getting only failures.

it seems like the domain names are not resolvable for volumes in any of the regions

╭─    ~/c/work/p/ipfs-s/pinning-service-compliance    main *4 !1 ?2 
╰─ ✔ ❯ curl $SCALEWAY_API_ENDPOINT1
curl: (6) Could not resolve host: fr-par.ipfs.labs.scaleway.com

╭─    ~/c/work/p/ipfs-s/pinning-service-compliance    main *4 !1 ?2 
╰─ ✘ 6 ❯ curl $SCALEWAY_API_ENDPOINT2
curl: (6) Could not resolve host: nl-ams.ipfs.labs.scaleway.com

╭─    ~/c/work/p/ipfs-s/pinning-service-compliance    main *4 !1 ?2 
╰─ ✘ 6 ❯ curl $SCALEWAY_API_ENDPOINT3
curl: (6) Could not resolve host: pl-waw.ipfs.labs.scaleway.com

Also, checking them at https://dnschecker.org/#A/pl-waw.ipfs.labs.scaleway.com seems to show failures for all the domains as well.

Have the endpoints changed?

[SgtPooki]

it looks like there's a different endpoint listed at https://www.scaleway.com/en/docs/labs/ipfs/reference-content/install-ipfs-desktop/, https://<region>.ipfs.labs.scw.cloud/<volume-id> which seems to be up: https://dnsdumpster.com/static/map/ipfs.labs.scw.cloud.png

trying that now

[SgtPooki]

seems like that URL is working, but is breaking the request with empty bearer token and giving me permission errors on other requests:

    {
      "error": "insufficient permissions",
      "code": 7,
      "message": "insufficient permissions",
      "details": [
        {
          "@type": "type.googleapis.com/scaleway.std.errors.PermissionsDenied",
          "details": [
            {
              "resource": "024f8b87-3705-4492-84ba-d34501e74ee2",
              "action": "svc=ipfs;name=volume;action=write"
            }
          ]
        }
      ]
    }

full output at nl-ams.ipfs.labs.scw.cloud.md

[SgtPooki]

I tried all three volumes in all 3 endpoints and was able to get a non-permission error only in the pl-waw region:

    {
      "error": "resource is not found",
      "code": 5,
      "message": "resource is not found",
      "details": [
        {
          "@type": "type.googleapis.com/scaleway.std.errors.ResourceNotFound",
          "resource_id": "79c85e76-ce9a-4ee4-9c97-e656b8744ab4"
        }
      ]
    }

but i'm unsure what resource it's referring to. Also, these failure messages are not to spec :(

[SgtPooki]

looks like I needed to add a policy and grant IPFSFullAccess to the "project" that is the Bearer of the API key i was using

[SgtPooki]

Finally got a success in pl-waw:

pl-waw.ipfs.labs.scw.cloud.md