© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Note that this is actually because of bug #1161383 in goaws.
Having written sync-tools and been unhappy about this fact, here is the background:
1) creating an environment in juju-core always validates the full config. And the config code says you must have credentials set (either in the config or in the environment).
2) goaws is used for listing the S3 bucket. It currently requires you to pass credentials.
3) Amazon will always validate the credentials you supply, even if the bucket itself is public. (It checks passed credentials before it checks if the bucket can be read.)
If we could pass empty auth for (2) then (3) would be happy. But you can't set empty credentials due to (1). And even if you could, we have to be careful with how goaws handles empty credentials. (naively it might try to sign the request with an key of "" and Amazon might reject that as invalid, rather than actually not signing the request at all.)
sync-tools is rather unique in juju-core, as it is the only code that wants to talk to 2 providers. Also, it is unique in being the only code that will never want to write to one of the providers. (arguably 'juju status' is read code, but at some point in the future, you could write to that provider. sync-tools is talking to an environment where you will never have write access.)
I don't have a good feeling for whether we should make it more apparent that you have to source your AWS credentials, or whether we can actually fix it. There are enough layers and specific differences for sync-tools that I'm hesitant to make a clear cut decision.