I've created a storage space called "registry" and added a bucket called "registry", as you can sense a trend here my user is also called "registry" The registry user has read/write access to the registry storage space confirmed via FTP.
I'm running the s3cmd as follows:
Code: Select all
s3cmd --access_key=registry:xxxxxxxx --secret_key=xxxxxx --host=lab-nas.ocplab.com:8010 --no-check-certificate --no-check-hostname -d ls s3://registry
Code: Select all
DEBUG: Updating Config.Config access_key -> registry:xxxxxxxxx
DEBUG: Updating Config.Config bucket_location -> default
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config check_ssl_certificate -> False
DEBUG: Updating Config.Config check_ssl_hostname -> False
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config host_base -> lab-nas.ocplab.com:8010
DEBUG: Updating Config.Config secret_key -> xxxxxxxxxxx
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Command: ls
DEBUG: Bucket 's3://registry':
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v4
DEBUG: get_hostname(registry): lab-nas.ocplab.com:8010
DEBUG: canonical_headers = host:lab-nas.ocplab.com:8010
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20220126T162539Z
DEBUG: Canonical Request:
GET
/registry/
delimiter=%2F
host:lab-nas.ocplab.com:8010
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20220126T162539Z
host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
----------------------
DEBUG: signature-v4 headers: {'x-amz-date': '20220126T162539Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=registry:nPVyedsuQxlkz95JwIHr/20220126/default/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=b10b78763b3e314b5f86a5984d9eecc25175ca17ed1107877740f554d59097d7', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}
DEBUG: Processing request, please wait...
DEBUG: get_hostname(registry): lab-nas.ocplab.com:8010
DEBUG: ConnMan.get(): creating new connection: https://lab-nas.ocplab.com:8010
DEBUG: Using ca_certs_file None
DEBUG: Using ssl_client_cert_file None
DEBUG: Using ssl_client_key_file None
DEBUG: Disabling SSL certificate checking
DEBUG: httplib.HTTPSConnection() has both context and check_hostname
DEBUG: non-proxied HTTPSConnection(lab-nas.ocplab.com, 8010)
DEBUG: format_uri(): /registry/?delimiter=%2F
DEBUG: Sending request method_string='GET', uri='/registry/?delimiter=%2F', headers={'x-amz-date': '20220126T162539Z', 'Authorization': 'AWS4-HMAC-SHA256 Credential=registry:xxxxxxxx/default/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=b10b78763b3e314b5f86a5984d9eecc25175ca17ed1107877740f554d59097d7', 'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'}, body=(0 bytes)
DEBUG: ConnMan.put(): connection put back to pool (https://lab-nas.ocplab.com:8010#1)
DEBUG: Response:
{'data': b'<?xml version="1.0" encoding="UTF-8"?>\r\n<Error>\r\n <Code>AccessD'
b'enied</Code>\r\n <Message>Access denied</Message>\r\n</Error>\r\n',
'headers': {'content-length': '124',
'content-type': 'text/xml',
'date': 'Wed, 26 Jan 2022 16:23:22 GMT',
'x-trans-id': 'txde8bb4eaee374deea38cf-0061f1757a'},
'reason': 'Forbidden',
'status': 403}
DEBUG: S3Error: 403 (Forbidden)
DEBUG: HttpHeader: content-length: 124
DEBUG: HttpHeader: content-type: text/xml
DEBUG: HttpHeader: x-trans-id: txde8bb4eaee374deea38cf-0061f1757a
DEBUG: HttpHeader: date: Wed, 26 Jan 2022 16:23:22 GMT
DEBUG: ErrorXML: Code: 'AccessDenied'
DEBUG: ErrorXML: Message: 'Access denied'
ERROR: Access to bucket 'registry' was denied
ERROR: S3 error: 403 (AccessDenied): Access denied