Ruby client + Riak CS endpoint + aws-sdk (3.0.1) = Access Denied

[cbenaveen]

Hi There,

My ruby client failed connect to Riak CS (v 1.4.10) instance. Consistently i am getting Aws::S3::Errors::AccessDenied.

Below is some details about the environment information:
In my Ubuntu (14.04), i have ruby 2.4.1p111 installed.
Also used ruby gem to install aws-sdk (3.0.1)

Here is my ruby client (example.rb):

require 'aws-sdk'

Aws::S3

s3 = Aws::S3::Client.new(
  access_key_id: '[ACTUAL_ACCESS_KEY]',
  secret_access_key: '[ACTUAL_SECRET_KEY]',
  region: "us-east-1",
  endpoint: "[MY_RIAK_CS_HTTPS_ENDPOINT]"
)

#bucket = s3.list_buckets('2159844069')
resp = s3.list_objects_v2(bucket: "21159841440649")
resp.contents.each do |obj|
  puts obj.key
end

Here is the access denied exception stack trace:

naveen@ubuntu:~/cloudlock$ ruby example.rb 
/home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call': Access Denied (Aws::S3::Errors::AccessDenied)
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-s3-1.2.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:22:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-s3-1.2.0/lib/aws-sdk-s3/plugins/dualstack.rb:26:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-s3-1.2.0/lib/aws-sdk-s3/plugins/accelerate.rb:35:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/aws-sdk-core/plugins/idempotency_token.rb:17:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/aws-sdk-core/plugins/param_converter.rb:24:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/seahorse/client/plugins/response_target.rb:23:in `call'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-core-3.4.0/lib/seahorse/client/request.rb:70:in `send_request'
	from /home/naveen/.rvm/gems/ruby-2.4.1/gems/aws-sdk-s3-1.2.0/lib/aws-sdk-s3/client.rb:3846:in `list_objects_v2'
	from example.rb:21:in `<main>'

Can somebody help me in this issue?

[shino]

It may be helpful if there are ...

• error log of riak cs, debug log is much better around the error happens
• packet capture at TCP layer if you use plain HTTP (i.e. NOT https)

Some questions:

• Which version which version of AWS authentication (v2 or v4) the ruby client use?
• Is it possible to force it use v2 auth?
• What happens when you use simple client like s3curl[1] ?

[1] There are many forks exist. For example https://github.com/ksauzz/s3curl

[eredi93]

hi @shino i'm also trying to get riak_cs to work with my ruby application which uses the v3 version of the SDK. It seems that they deprecated the v2 Auth endpoint and i can set it 😢

[12] pry(main)> s3 = Aws::S3::Client.new(access_key_id: 'DIIUAPUAHJSNNXE5Q0TC', secret_access_key: 'rC7Q8pXaXoW59VTa3b0asXxV9JqWTb-yvZeF5A==', endpoint: 'http://host.docker.internal:8080', signature_version: 'v2')

ArgumentError: unsupported signature version `v2'
from /bundler_cache/gems/aws-sdk-s3-1.43.0/lib/aws-sdk-s3/plugins/s3_signer.rb:29:in `add_handlers'
[13] pry(main)>

is the ruby sdk really supported?

[shino]

@eredi93 May this help? #897 (comment)

[eredi93]

aaaaah. i'll give it a try over the weekend! thanks 🙇‍♀