雾宝石 - 删除S3文件时拒绝访问

时间:2016-12-21 15:04:57

标签: ruby-on-rails amazon-web-services amazon-s3 carrierwave fog

我正在使用带有carrierwave的雾宝石将文件上传到s3。上传是正常的,并且工作正常,但是,一旦我尝试删除附带文件的模型的某个实例,它就会发送删除请求并返回拒绝访问,如下所示:

[fog][WARNING] fog: followed redirect to bucket-name.s3-us-west-2.amazonaws.com, connecting to the matching region will be more performant
Excon::Error::Forbidden: Expected(204) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB625F4C97AD368E</RequestId><HostId>E+We/GvBslMHoNn9nTT6Uw3t0qfJ9jXHCNkJRu0KOk5sk8WoFZbkaIyUB0WcWNPZuH2uCeoZTIo=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Content-Type"     => "application/xml"
    "Date"             => "Wed, 21 Dec 2016 14:48:53 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "E+We/GvBslMHoNn9nTT6Uw3t0qfJ9jXHCNkJRu0KOk5sk8WoFZbkaIyUB0WcWNPZuH2uCeoZTIo="
    "x-amz-request-id" => "EB625F4C97AD368E"
  }
  :host          => "bucket-name.s3.amazonaws.com"
  :local_address => "192.168.2.106"
  :local_port    => 51425
  :path          => "/uploads/conta/pdf_conta/375/1530_09-2016.pdf"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "52.216.66.16"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"

    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/expects.rb:7:in `response_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/response_parser.rb:9:in `response_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:388:in `response'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:252:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:272:in `rescue in request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:215:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:272:in `rescue in request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:215:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
... 36 levels...
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/console_helper.rb:9:in `start'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:78:in `console'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:49:in `run_command!'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands.rb:18:in `<top (required)>'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `require'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `block in require'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:259:in `load_dependency'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `require'
    from /home/ronanlopes/HY Brazil/HyBrazil/bin/rails:9:in `<top (required)>'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `load'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `block in load'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:259:in `load_dependency'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `load'
    from /home/ronanlopes/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /home/ronanlopes/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from -e:1:in `<main>'

我在配置中使用的用户令牌有AmazonS3FullAccess - AWS Managed policy,因此对我来说没有意义。有什么想法吗?

1 个答案:

答案 0 :(得分:3)

从我看到的情况来看,您将雾宝石上的bucket_name变量设置为'bucket-name',或者您已编辑它以在此处发布。 您的config/initializer/carrierwave.rb应该看起来像这样

    CarrierWave.configure do |config|
      config.fog_credentials = {
        # Configuration for Amazon S3 should be made available through an Environment variable.
        # For local installations, export the env variable through the shell OR
        # if using Passenger, set an Apache environment variable.
        #
        # In Heroku, follow http://devcenter.heroku.com/articles/config-vars
        #
        # $ heroku config:add S3_KEY=your_s3_access_key S3_SECRET=your_s3_secret S3_REGION=eu-west-1 S3_ASSET_URL=http://assets.example.com/ S3_BUCKET_NAME=s3_bucket/folder

        # Configuration for Amazon S3
        :provider              => 'AWS',
        :aws_access_key_id     => ENV['S3_KEY'],
        :aws_secret_access_key => ENV['S3_SECRET'],
        :region                => ENV['S3_REGION']
       }

      # For testing, upload files to local `tmp` folder.
      if Rails.env.test? || Rails.env.cucumber?
        config.storage = :file
        config.enable_processing = false
        config.root = "#{Rails.root}/tmp"
      else
        config.storage = :fog
      end

      config.cache_dir = "#{Rails.root}/tmp/uploads"                  # To let CarrierWave work on heroku

      config.fog_directory    = ENV['S3_BUCKET_NAME']
      config.s3_access_policy = :public_read                          # Generate http:// urls. Defaults to :authenticated_read (https://)
      config.fog_host         = "#{ENV['S3_ASSET_URL']}/#{ENV['S3_BUCKET_NAME']}"
    end

您可能错误地设置了ENV['S3_BUCKET_NAME']ENV['S3_ASSET_URL']个变量,或者甚至设置了变量,请检查.env文件中的变量