You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this use case, the bucket has already been created elsewhere, so the service has limited s3.GetObject, s3.PutObject, s3.DeleteObject type permissions.
A non-breaking fix could be an option like #101 provides to skip the create bucket attempt. While I recognize the create bucket attempt is there to ease usability, testing, and compatibility with non-S3 services, it does run counter to least-privilege and least-surprise patterns.
Another non-breaking fix could be to change the logic in s3.NewClient() for origS3 to see if the bucket already exists before creating with ListBuckets, but that can also result in a 403 for this use case. You could also just handle the 403 errors from CreateBucket, ListBuckets, etc by not failing and attempting to proceed with the client.
A breaking fix I would propose would be to default to no unnecessary S3 calls in s3.NewClient() and to explicitly pass the option in if you wanted to try creating, listing, validating the bucket first.
Thank you for this very cool module I stumbled upon :)
The text was updated successfully, but these errors were encountered:
A service will fail with
s3.NewClient()
at https://github.com/philippgille/gokv/blob/master/s3/s3.go#L228-L231 when a service does not have permission to create an S3 bucket resulting in error:In this use case, the bucket has already been created elsewhere, so the service has limited s3.GetObject, s3.PutObject, s3.DeleteObject type permissions.
A non-breaking fix could be an option like #101 provides to skip the create bucket attempt. While I recognize the create bucket attempt is there to ease usability, testing, and compatibility with non-S3 services, it does run counter to least-privilege and least-surprise patterns.
Another non-breaking fix could be to change the logic in
s3.NewClient()
for origS3 to see if the bucket already exists before creating with ListBuckets, but that can also result in a 403 for this use case. You could also just handle the 403 errors from CreateBucket, ListBuckets, etc by not failing and attempting to proceed with the client.A breaking fix I would propose would be to default to no unnecessary S3 calls in
s3.NewClient()
and to explicitly pass the option in if you wanted to try creating, listing, validating the bucket first.Thank you for this very cool module I stumbled upon :)
The text was updated successfully, but these errors were encountered: