From 5873ab4031dd383b416e56e392374ca4176ed5a9 Mon Sep 17 00:00:00 2001 From: "denis.uzvik" Date: Fri, 2 Mar 2018 10:47:20 +0200 Subject: [PATCH 1/2] Ignore s3 AccessDenied error, during creation of repository --- internal/backend/s3/s3.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go index d8d4dcdad..d36679bf7 100644 --- a/internal/backend/s3/s3.go +++ b/internal/backend/s3/s3.go @@ -104,6 +104,12 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) { return nil, errors.Wrap(err, "open") } found, err := be.client.BucketExists(cfg.Bucket) + + if err != nil && be.IsAccessDenied(err) { + err = nil + found = true + } + if err != nil { debug.Log("BucketExists(%v) returned err %v", cfg.Bucket, err) return nil, errors.Wrap(err, "client.BucketExists") @@ -120,6 +126,17 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) { return be, nil } +// IsAccessDenied returns true if the error is caused by Access Denied. +func (be *Backend) IsAccessDenied(err error) bool { + debug.Log("IsAccessDenied(%T, %#v)", err, err) + + if e, ok := errors.Cause(err).(minio.ErrorResponse); ok && e.Code == "AccessDenied" { + return true + } + + return false +} + // IsNotExist returns true if the error is caused by a not existing file. func (be *Backend) IsNotExist(err error) bool { debug.Log("IsNotExist(%T, %#v)", err, err) From f6890210aa1e14587a0ee4f6ff3190730086f5b2 Mon Sep 17 00:00:00 2001 From: "denis.uzvik" Date: Fri, 2 Mar 2018 11:06:06 +0200 Subject: [PATCH 2/2] Add entry to changelog --- changelog/0.8.3_2018-02-26/pull-1648 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changelog/0.8.3_2018-02-26/pull-1648 diff --git a/changelog/0.8.3_2018-02-26/pull-1648 b/changelog/0.8.3_2018-02-26/pull-1648 new file mode 100644 index 000000000..1613612a9 --- /dev/null +++ b/changelog/0.8.3_2018-02-26/pull-1648 @@ -0,0 +1,6 @@ +Enhancement: Ignore AWS permission denied error when creating a repository. + +It's not possible to use s3 backend scoped to a subdirectory(with specific permissions). +Restic doesn't try to create repository in a subdirectory, when 'bucket exists' of parent directory check fails due to permission issues. + +https://github.com/restic/restic/pull/1648 \ No newline at end of file