Giter VIP home page Giter VIP logo

Comments (14)

micheloosterhof avatar micheloosterhof commented on June 16, 2024

So looking at https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html the head object seem to require s3:getObject which you give, so I think you give the right acces rights.

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

this could help: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/ ?

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

Does your policy need a principal entry?

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

What if you try it from a non-dockered cowrie?

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

Does your policy need a principal entry?

It doesn't seem so (referring in this specific case to the MinIO documentation on users and access control). Policies are applied to users in a second step.

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

What if you try it from a non-dockered cowrie?

I'll try that 👍

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

Yup, I can confirm that in a non-dockerized cowrie instance everything works fine 👍 at least the whole S3 setup wasn't for nothing 😅
That's weird though... does Docker's network adapter change request headers? 🤔

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

botocore is 1.15.x on both environments, while awscli is not present in either... The system time issue sounds interesting. I'll try to tap a request that arrives on the backend to check what parameters it is sent, might help with debugging that.

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

Well... sure enough I start tapping and today everything works as expected even in the dockerized cowrie 😒. Coincidentally yesterday we entered summer time here in Central Europe... so I tried messing with the system clock manually and restarting the Docker daemon (since apparently "Docker uses the same clock as the host and the [container] cannot change it", see this SO answer) and yes, that is indeed the issue... Tbh I thought the S3 signature mechanism would be based only on the data received in the headers (timestamp included) 🤔 , so it never crossed my mind that time differences between machines could be an issue.

All this means that the timing of your answer was perfect 😄 had I tried running a non-dockerized cowrie instance last week it wouldn't have worked.

Now I only have to find a way to keep cowrie deployments and the S3 backend always in sync, but that's not a cowrie issue 👍

Thanks a lot for the support @micheloosterhof and in general for your work on cowrie 🙏

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

Actually, I think I jumped to conclusions too fast. Last week I would be able to access S3 from a simple virtual environment, but not from inside the container. Yet the host was the same, so something must be still off with Docker...

from docker-cowrie.

micheloosterhof avatar micheloosterhof commented on June 16, 2024

from docker-cowrie.

kuax avatar kuax commented on June 16, 2024

Yes, I'll most likely do that.
I unfortunately haven't been able to exactly reproduce last week's conditions by manually changing the system clock... If I do that I get a 403 in both cases now 🤔 bah, who knows...
In any case thank you!

from docker-cowrie.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.