search

spine-generic / data-multi-subject

Multi-subject data for the Spine Generic project
Creative Commons Attribution 4.0 International
22 stars 15 forks source link

git annex unable to access remotes #164

Closed Palpatineli closed 7 months ago

Palpatineli commented 7 months ago

Can you advise on how to further debug, or is there a problem with the server config?

> git annex version | head -n 1
git-annex version: 8.20210223
> git clone https://github.com/spine-generic/data-multi-subject && \
> cd data-multi-subject && \
> git annex init
Remote origin not usable by git-annex; setting annex-ignore
> git annex get sub-nwu01
get sub-nwu01/dwi/sub-nwu01_dwi.nii.gz (from amazon...)

  HttpExceptionRequest Request {
    host                 = "data-multi-subject---spine-generic---neuropoly.s3.ca-central-1.amazonaws.com"
    port                 = 443
    secure               = True
    requestHeaders       = [("Date","Wed, 17 Apr 2024 23:39:05 GMT"),("Authorization","<REDACTED>"),("X-Amz-Content-Sha256","e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca
495991b7852b855"),("X-Amz-Date","20240417T233905Z"),("X-Amz-Security-Token","{token content removed for security}")]
    path                 = "/SHA256E-s2674869--e0add74809feb3a59c7402c5785c9028c7036034883d88de3d297981c2989d01.nii.gz"
    queryString          = ""
    method               = "GET"
    proxy                = Nothing
    rawBody              = False
    redirectCount        = 10
    responseTimeout      = ResponseTimeoutDefault
    requestVersion       = HTTP/1.1
  }
   (StatusCodeException (Response {responseStatus = Status {statusCode = 400, statusMessage = "Bad Request"}, responseVersion = HTTP/1.1, responseHeaders = [("x-amz-request-i
d","Y9PW06CWJEF1H1VZ"),("x-amz-id-2","y7WOGw4bo3xr15vT5cHH0YS2mIReUO2B+Vx/pZP3MbtI4oP+hfwxnffA0eD2go7nQAknxtVTBjw="),("Content-Type","application/xml"),("Transfer-Encoding","
chunked"),("Date","Wed, 17 Apr 2024 23:39:05 GMT"),("Server","AmazonS3"),("Connection","close")], responseBody = (), responseCookieJar = CJ {expose = []}, responseClose' = Re
sponseClose}) "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><Token-0>{token content removed for security}</Token-0><Reque
stId>Y9PW06CWJEF1H1VZ</RequestId><HostId>y7WOGw4bo3xr15vT5cHH0YS2mIReUO2B+Vx/pZP3MbtI4oP+hfwxnffA0eD2go7nQAknxtVTBjw=</HostId></Error>")

  Unable to access these remotes: amazon

  Maybe add some of these git remotes (git remote add ...):
        b4e0530d-c6b2-440c-8080-b7fb53d79990 -- sebeda@joplin.neuro.polymtl.ca:~/datasets/data-multi-subject_v2

  (Note that these git remotes have annex-ignore set: origin)

And when I add the other remote > git remote add b4e0530d-c6b2-440c-8080-b7fb53d79990 -- sebeda@joplin.neuro.polymtl.ca:~/datasets/data-multi-subject_v2 I got 

fatal: Could not read from remote repository.

then the same amazon error message.

joshuacwnewton commented 7 months ago

As a sanity check, I was able to clone + get the sub-nwu01 subject on my personal machine, so I don't think this is a universal issue?

<Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message>

This seems like the important bit from the error message? (Thank you for providing the full log! :hearts:)

From other reports of this same error, it may be that git-annex is picking up on some pre-existing AWS credentials, either in ~/.aws or in various AWS-specific environment variables.

As a quick check, could you see if you have .aws in your home folder, and also check if you have any of the following environment variables set using echo? 

# Check if either empty (not set) or non-empty (secrets -- don't share!) 
echo $AWS_SESSION_TOKEN
echo $AWS_ACCESS_KEY
echo $AWS_ACCESS_KEY_ID
echo $AWS_SECRET_ACCESS_KEY

Also, as a quick note, regarding the "Maybe add some of these remotes" message, see https://github.com/spine-generic/data-multi-subject/issues/132#issuecomment-1279115797:

No, these remotes are an internal server, and someone's laptop, neither of which is accessible from the internet, so they wouldn't work. It's an unfortunate side-effect of how git-annex works that these details are visible to you.

mguaypaq commented 7 months ago

While we wait for more details, I've marked this extra remote as inaccessible, so it should stop showing up as a suggestion once people run git annex sync:

b4e0530d-c6b2-440c-8080-b7fb53d79990 -- sebeda@joplin.neuro.polymtl.ca:~/datasets/data-multi-subject_v2
Palpatineli commented 7 months ago

Thanks for the help! Turns out I have an AWS_SESSION_TOKEN hidden in a startup file from long time ago. It works when I unset it.

mguaypaq commented 7 months ago

Excellent! Thanks for letting us know that this is resolved. And if anyone else has the same problem in the future, we'll know how to solve it.