Previously, --configure would perform an access check by trying to list
all buckets for the account. This requires the S3 ListAllMyBuckets
permission which is typically not available to delegated IAM accounts.
With this change, --configure now accepts an (optional) bucket uri as a
parameter and if it's provided, the access check will just verify
access to this bucket individually.
i.e.
s3cmd --configure # Access Denied if the account lacks ListAllMyBuckets
But
s3cmd --configure s3://some-bucket # Still work
... | ... |
@@ -1187,7 +1187,7 @@ def gpg_decrypt(filename, gpgenc_header = "", in_place = True): |
1187 | 1187 |
tmp_filename = filename |
1188 | 1188 |
return (code, tmp_filename) |
1189 | 1189 |
|
1190 |
-def run_configure(config_file): |
|
1190 |
+def run_configure(config_file, args): |
|
1191 | 1191 |
cfg = Config() |
1192 | 1192 |
options = [ |
1193 | 1193 |
("access_key", "Access Key", "Access key and Secret key are your identifiers for Amazon S3"), |
... | ... |
@@ -1246,8 +1246,22 @@ def run_configure(config_file): |
1246 | 1246 |
val = raw_input("\nTest access with supplied credentials? [Y/n] ") |
1247 | 1247 |
if val.lower().startswith("y") or val == "": |
1248 | 1248 |
try: |
1249 |
- output(u"Please wait...") |
|
1250 |
- S3(Config()).bucket_list("", "") |
|
1249 |
+ # Default, we try to list 'all' buckets which requires |
|
1250 |
+ # ListAllMyBuckets permission |
|
1251 |
+ if len(args) == 0: |
|
1252 |
+ output(u"Please wait, attempting to list all buckets...") |
|
1253 |
+ S3(Config()).bucket_list("", "") |
|
1254 |
+ else: |
|
1255 |
+ # If user specified a bucket name directly, we check it and only it. |
|
1256 |
+ # Thus, access check can succeed even if user only has access to |
|
1257 |
+ # to a single bucket and not ListAllMyBuckets permission. |
|
1258 |
+ output(u"Please wait, attempting to list bucket: " + args[0]) |
|
1259 |
+ uri = S3Uri(args[0]) |
|
1260 |
+ if uri.type == "s3" and uri.has_bucket(): |
|
1261 |
+ S3(Config()).bucket_list(uri.bucket(), "") |
|
1262 |
+ else: |
|
1263 |
+ raise Exception(u"Invalid bucket uri: " + args[0]) |
|
1264 |
+ |
|
1251 | 1265 |
output(u"Success. Your access key and secret key worked fine :-)") |
1252 | 1266 |
|
1253 | 1267 |
output(u"\nNow verifying that encryption works...") |
... | ... |
@@ -1681,7 +1695,7 @@ def main(): |
1681 | 1681 |
sys.exit(0) |
1682 | 1682 |
|
1683 | 1683 |
if options.run_configure: |
1684 |
- run_configure(options.config) |
|
1684 |
+ run_configure(options.config, args) |
|
1685 | 1685 |
sys.exit(0) |
1686 | 1686 |
|
1687 | 1687 |
if len(args) < 1: |