Joffcom
commented
1 year ago Hey @grachevko
In the credential if you check the "force path style" option does it then work for you?
Open grachevko opened 1 year ago
Joffcom
commented
1 year ago Hey @grachevko
In the credential if you check the "force path style" option does it then work for you?
grachevko
commented
1 year ago Hey @Joffcom
How it can be related to described issue? OBS support both path and domain style, checking or unchecking this does make nothing for me.
Joffcom
commented
1 year ago Hey @grachevko
It was my first thought as it is what is needed when connecting to Minio.
I will see if I can get OBS set up when I am back next Tuesday to see if we need to do anything special.
grachevko
commented
1 year ago You can create custom policy in minio without allow access to GetBucketLocation
Default readonly policy in minio have this
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}Empty response from OBS doesn't matter. Matter is S3 node fetch location on every operation even if region already preset in credentials. minio client doesn't fetch it if it present in options.
Joffcom
commented
1 year ago @grachevko ah I get you I missed the permission bit. Will need to think about whether we treat this as a bug or a feature request but it looks like something we should sort out soonish.
fraenkDUS
commented
1 year ago Same problem here with ERROR: Cannot read properties of undefined (reading '_') when using Get Many on File or Folder from a S3 compatible Object Storage Service (OBS).
So the only workarounds so far would be to modify the S3 node or make HTTP requests, right?
grachevko
commented
1 year ago @fraenkDUS assign s3:GetBucketLocation permission for your role
Joffcom
commented
1 year ago I really should do something with this, I will move it up my list.
fraenkDUS
commented
1 year ago @fraenkDUS assign
s3:GetBucketLocationpermission for your role
Thanks, but it doesn't change anything.
I think you already mentioned the root cause: For every request (Search, Get All etc.) it sends and expects the region but that's not supported by S3. For example: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
I got at least the Bucket > Search working by removing all references to "region" in the S3 GenericFuntions.js and S3.node.js.
File & Folder > Get All doesn't return anything yet, might be another issue.
Describe the bug S3 node call S3 endpoint to get region of bucket before request to any method except BucketList/BucketCreate/BucketDelete. In case where credentials doesn't have access to GetBucketLocation operation it cause error 403 check credentials. This is very confusing and cost me several hours to debug because documentation doesn't contain any information about this requirements.
I guess this question was about the same https://community.n8n.io/t/getting-403-forbidden-while-downloading-a-file-from-s3-even-though-the-credentials-are-correct/6437
To Reproduce
GetBucketLocationFileandGet ManyoperationExpected behavior
Moreover they also use region from configuration if it present https://github.com/minio/minio-go/blob/master/bucket-cache.go#L91 Our credentials also has region field, maybe we should use it without pre request if it present.
Additional context We use OBS as a S3 server. Our version of this server return empty response on Bucket Location method, which cause an
ERROR: Cannot read properties of undefined (reading '_')on this line https://github.com/n8n-io/n8n/blob/n8n%400.223.0/packages/nodes-base/nodes/S3/S3.node.ts#L700Ofcouse this related to OBS more then n8n, but for now no workaround to avoid this. No option to turn off prefetching location or use location from credentials/options.