geesefs
geesefs copied to clipboard
geesefs drops credentials when bucket is public
geesefs drops credentials when YC bucket is public
# geesefs -f --debug_s3 --debug --iam <redacted> <redacted>
2022/05/21 21:16:27.491339 s3.INFO Successfully acquired IAM Token
2022/05/21 21:16:27.524579 s3.DEBUG HEAD https://storage.yandexcloud.net/<redacted> = 200 []
2022/05/21 21:16:27.524613 s3.DEBUG X-Amz-Request-Id = [XXXXXX]
2022/05/21 21:16:27.524643 s3.DEBUG Server = [nginx]
2022/05/21 21:16:27.524658 s3.DEBUG Date = [Sat, 21 May 2022 21:16:27 GMT]
2022/05/21 21:16:27.524672 s3.DEBUG Content-Type = [application/xml]
2022/05/21 21:16:27.524686 s3.INFO anonymous bucket detected
Probable cause: https://github.com/yandex-cloud/geesefs/blob/c4861e0f1aa3c40d8ec4988814b0a6079705aedd/internal/backend_s3.go#L276-L278
Current fix: set --profile 1
Hi, it's intended to work like this, partly because anonymous bucket auto-detection functionality was there since goofys :-)
But, i would like to upload some files using binded service account credentials, although the bucket is public. So I should file an issue in googys and then ask to merge from the upstream?
But, i would like to upload some files using binded service account credentials, although the bucket is public. So I should file an issue in googys and then ask to merge from the upstream?
No, we can fix it here of course :-) For example I can add an option to explicitly disable anonymous access.