Hi Sven - thanks for taking a quick look, this change did stop me getting an immediate error - but I seem to get no results back.
Digging into it a bit more - I seem to be issuing the GET request as indicated by https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html e.g. GET /?versions HTTP/1.1 Headers: a ZnMultiValueDictionary('User-Agent'->'Zinc HTTP Components 1.0 (Pharo/8.0)’ 'Accept'->'*/*' 'Host'->'mtt-data.s3.amazonaws.com’ 'Date'->'Thu, 17 Jun 2021 16:08:44 GMT’ 'Authorization'->'AWS AKIAIP2xxxxxxx:DqPPbDyyyyy’) From the spec (which I’m no expert on) - the get command looks right (the other params are optional) and the Bucket name is prefixed onto s3.amazonaws.com in the header. But is seems that I am getting a 200 - 403 response : "a ZnResponse(200 OK application/xml 1899B)" HTTP/1.1 403 Forbidden (Aside - the code should possibly handle this better - the spec seems to say that response content needs to be interpreted - but that’s something I can look to help with when we know the actual issue). But I’m a bit mystified why the previous: client keysIn: 'mtt-data’ Invocation would work, but this seemingly extra step would be forbidden. My IAM role says it has full S3 access, so I’m not sure if this is still that we haven’t got the right fix or if its something environmental. I’m not sure what to do - if you have another idea, I’m happy to be a guniea pig to try it. Tim > On 17 Jun 2021, at 09:06, Sven Van Caekenberghe <s...@stfx.eu> wrote: > > Hi Tim, > > It has been a very long time since I last looked at this code. It is a good > thing that at least part of it still works. > > Just by reading the code and reasoning about your problem, I would suggest > you try the following change: > > In ZnAWSS3RequestSignatureTool>>#canonicalStringFor: replace the last > > request uri pathPrintString > > by > > request uri pathQueryFragmentPrintString > > I did not try this myself, so it might not solve your issue. > > Please let me know if this works. > > Sven > >> On 17 Jun 2021, at 03:05, Tim Mackinnon <tim@testit.works> wrote: >> >> Hi everyone - I’m wondering if someone knows the trick to listing object >> versions in AWS S3? >> >> I was previously using a non-Zn library (there are a few around - but they >> are quite old and I’m not sure how much they are maintained) - however I >> hadn’t realised that Zn actually supports S3 until I read it a bit carefully >> and realised that I needed to load an extra AWS group. >> >> So - I have a bucket that is versioned, and I wanted to read the versions of >> an object - and hopefully be able to read the contents of an older version. >> >> I can list the contents of a bucket, but when I try to read the versions of >> an object - I get a forbidden error - which when I dig deeper gives a >> stranger explanation? >> >> I have confirmed that the AWS CLI is able to list versions in that bucket - >> so I’m a bit confused what the issue might be? >> >> (client := ZnAWSS3Client new) >> accessKeyId: 'xxx'; >> secretAccessKey: ‘yyyyy'; >> checkIntegrity: true. >> >> client buckets. “Works" >> client keysIn: 'mtt-data’. “Works" >> >> client at: 'mtt-data' -> 'sample.txt’. “Works" >> >> client keysIn: 'mtt-data' query: (Dictionary with: 'versions'->nil). “Gives >> an error?” >> >> >> HTTP/1.1 403 Forbidden >> >> <?xml version="1.0" encoding="UTF-8"?> >> <Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we >> calculated does not match the signature you provided. Check your key and >> signing >> method.</Message><AWSAccessKeyId>xxx</AWSAccessKeyId><StringToSign>GET >> >> >> Has anyone tried doing this - I’m sure there is something really simple that >> I am missing? >> >> Tim
