i tried this after the createBucket but it did not did anyth cfml #box-products

i tried this after the createBucket but it did not...

Simone

07/27/2023, 12:52 AM

i tried this after the createBucket but it did not did anything special setAccessControlPolicy(bucketName = bucket_Name, acl = "public-read");

Rodney

07/27/2023, 12:56 AM

Read Amazon's documentation. Amazon somewhat recently made a change that forces ACLs to disabled and Block public access to on. https://www.infoq.com/news/2022/12/amazon-s3-security-changes/

Simone

07/27/2023, 1:18 PM

but how to fix this, my code does not seems to do anything wrong here unless i need to specify something

jclausen

07/27/2023, 1:27 PM

@Simone If you update to

s3sdk v5.7.0+91

it should resolve your issue. That version adds the correct headers to deal with the changes noted in the link above.

Simone

07/27/2023, 2:05 PM

i did updated but it broke my code Error making Amazon REST Call: Code: PermanentRedirect\nMessage: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n

Simone

07/27/2023, 2:08 PM

seems its failing for canada nad asia pacific buckets

Simone

07/27/2023, 2:19 PM

i modifiedthis function to include canada and australia but it seems its only working for USA

Copy code

boolean function putBucket(
		required string bucketName    = variables.defaultBucketName,
		string acl                    = variables.defaultACL,
		string location               = "",
		string objectOwnership        = variables.defaultObjectOwnership,
		boolean BlockPublicAcls       = false,
		boolean IgnorePublicAcls      = false,
		boolean BlockPublicPolicy     = false,
		boolean RestrictPublicBuckets = false
	){
		requireBucketName( arguments.bucketName );
		if(arguments.location == "EU") {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>EU</LocationConstraint></CreateBucketConfiguration>"
		} else if(arguments.location == 'ca-central-1') {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>ca-central-1</LocationConstraint></CreateBucketConfiguration>"
		} else if(arguments.location == 'ap-southeast-2') {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>ap-southeast-2</LocationConstraint></CreateBucketConfiguration>"
		} else {
			var constraintXML = "";
		}
		var headers       = { "content-type" : "text/xml" };
		if ( len( arguments.objectOwnership ) ) {
			if (
				!listFindNoCase(
					"BucketOwnerPreferred,ObjectWriter,BucketOwnerEnforced",
					arguments.objectOwnership
				)
			) {
				throw(
					message = "Invalid value [#arguments.objectOwnership#] for [objectOwnership] when creating bucket.",
					detail  = "Valid options are: [BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced]"
				);
			}
			headers[ "x-amz-object-ownership" ] = arguments.objectOwnership;
		}

		var results = s3Request(
			method   = "PUT",
			resource = arguments.bucketName,
			body     = constraintXML,
			headers  = headers
		);

		// s3 does not provide a way to set this when creating the bucket
		putBucketPublicAccess(
			arguments.bucketName,
			arguments.BlockPublicAcls,
			arguments.IgnorePublicAcls,
			arguments.BlockPublicPolicy,
			arguments.RestrictPublicBuckets
		);

		// Must set ACL in second step in case public access settings above would prevent the ACL from being saved.
		putBucketACL( arguments.bucketName, arguments.acl );

		return results.responseheader.status_code == 200;
	}

Simone

07/27/2023, 5:13 PM

?, this inc confusing is this answer relevant to my question

Simone

07/27/2023, 5:13 PM

@bdw429s you expertise needed here

bdw429s

07/27/2023, 5:22 PM

The bucket you are attempting to access must be addressed using the specified endpoint

Sounds like you have the wrong region set in the SDK

bdw429s

07/27/2023, 5:23 PM

If you need to work with several regions, I think you'll need to map several instance of the SDK and set the appropriate region in each one.

seandaniels

07/27/2023, 5:24 PM

Ah geez, sorry to confuse @Simone, all that was in the wrong thread 👆

gsr

07/27/2023, 6:48 PM

Sdk has USA by default and I send location when I create bucket I posted my two functions here which I m using Please check

bdw429s

07/27/2023, 7:00 PM

Can you send a pull request if more locations are needed.

bdw429s

07/27/2023, 7:00 PM

I'm not sure why we're passing an empty body when USA and only XML when it's EU

Simone

07/27/2023, 7:00 PM

pull request, i am adding for canada and Asia pacific

Simone

07/27/2023, 7:01 PM

like Australia

bdw429s

07/27/2023, 7:01 PM

If possible, I'd like to always pass XML and just make the

LocationConstraint

node dynamic

Simone

07/27/2023, 7:01 PM

see my updated function, I am using XML if else clauses to adjust canada and australia but that might not be right i suppose

bdw429s

07/27/2023, 7:02 PM

If the rest of the XML is always the same and only the location changes, then it seems like the code should simply have

Copy code

var constraintXML = "<CreateBucketConfiguration><LocationConstraint>#XMLFormat( arguments.location )#</LocationConstraint></CreateBucketConfiguration>";

and not be messing with the if statements

Simone

07/27/2023, 7:02 PM

this one

Copy code

if(arguments.location == "EU") {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>EU</LocationConstraint></CreateBucketConfiguration>"
		} else if(arguments.location == 'ca-central-1') {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>ca-central-1</LocationConstraint></CreateBucketConfiguration>"
		} else if(arguments.location == 'ap-southeast-2') {
			var constraintXML = "<CreateBucketConfiguration><LocationConstraint>ap-southeast-2</LocationConstraint></CreateBucketConfiguration>"
		} else {
			var constraintXML = "";
		}

bdw429s

07/27/2023, 7:03 PM

Right, that feels like a really sloppy solution and I'm unclear why it wasn't just dynamic in the first place

bdw429s

07/27/2023, 7:03 PM

I don't think I worked on that part of the SDK

bdw429s

07/27/2023, 7:03 PM

But all our clients using it for a long time were USA only anyway

Simone

07/27/2023, 7:03 PM

let me try what you stated

Simone

07/27/2023, 7:04 PM

should work if that is the case

Simone

07/27/2023, 7:06 PM

nopes it does not work that way

Simone

07/27/2023, 7:18 PM

buckets gets created but lucee throwws error and the permissions are set to objects cannot be public, so not sure why it doing that, even as they mentioned in the docs, i am using region specific url for crea5ting buckets

Simone

07/27/2023, 7:19 PM

i think has something to do with this new code added

Copy code

// s3 does not provide a way to set this when creating the bucket
		putBucketPublicAccess(
			arguments.bucketName,
			arguments.BlockPublicAcls,
			arguments.IgnorePublicAcls,
			arguments.BlockPublicPolicy,
			arguments.RestrictPublicBuckets
		);

		// Must set ACL in second step in case public access settings above would prevent the ACL from being saved.
		putBucketACL( arguments.bucketName, arguments.acl );

Simone

07/28/2023, 1:05 PM

@bdw429s any thing you can suggest here

bdw429s

07/28/2023, 3:45 PM

Nope, not really.

bdw429s

07/28/2023, 3:46 PM

If you're wanting to sponsor Ortus to help look into this, you can reach out. Otherwise, I'm up to my ears in stuff and leaving the country next week so I have no time to spend right now

Open in Slack

Previous Next