-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3 headIncompletePartForUpload function error exclusions seem insufficient #1010
Comments
Do you have allowed all of these actions? Lines 9 to 13 in 5e9be5a
I don't know the exact details but depending on the permissions AWS S3 either returns a 404 Not Found or 403 Forbidden error for non-existing objects. It could also be that we are missing a permission in the above documentation. The current code only handles the 404 case. We should also handle 403 better while also checking the documentation for missing permissions. |
Yes I have all these permissions. Everything else works fine except when it tries to HEAD or GET In fact after extensive testing, I have no idea when and when a Adding || isAwsErrorCode(err, "Forbidden") just makes the error go away. Full code below: if err != nil && (isAwsError[*types.NoSuchKey](err) || isAwsError[*types.NotFound](err) || isAwsErrorCode(err, "AccessDenied")) || isAwsErrorCode(err, "Forbidden") {
return nil, nil
} In the AWS error code documentation: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html , you can see |
@Acconut Hello! Wondering if you thought this has any merit for an addition of the Forbidden error type? Thanks! Congrats on launching 2.0.0 🥳 |
The
Yes, that would be a sensible change. Feel free to open a PR for it. And thanks for the kind words :) |
Created a pull request here: #1019 - if anyone has friends at AWS, it would help to know why AWS returns "Forbidden" as an Error Code when the documentation does not mention it: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html |
Thank you for the PR, @jimydavis. I hope this resolve the issue. If not, please let me know and we will reopen this.
One reason could be that |
In
s3store.go
, there's a number of errors that are ignored as below. I presume this is for fresh new uploads that have no incomplete parts:However, yesterday on testing a fresh upload (no parts uploaded yet, completely fresh), I received
status=500 body="ERR_INTERNAL_SERVER_ERROR: operation error S3: HeadObject, https response error StatusCode: 403, RequestID: xxxxxxx, HostID: uploadID+multipartID, api error Forbidden: Forbidden\n"
In my debugger, the error looked like this:
Do we have to exclude
Forbidden
for fresh uploads without incomplete parts too or am I missing something?Upon reading the AWS error codes documentation,
Forbidden
is not an error code. OnlyAccessDenied
is. But as you can see from my debugger screenshot, I am indeed getting the Forbidden code from what presumably must be from AWS's servers and not within any of the client code.Lastly, many people should encounter this error as incomplete parts are not always going to be there and when you do a HEAD on it, its going to come back empty.
Thank you.
edit: this seems to affect
getIncompletePartForUpload
too.The text was updated successfully, but these errors were encountered: