New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upspin-ui GCP setup doesn't give allUsers read access to bucket #630
Comments
I just tried restarting my instance, to no avail. |
It looks like the Google Cloud Storage bucket permissions are wrong.
They need to be set such that the bucket is world-readable.
@grosse had some related issues recently; was this the solution?
…On Wed, 4 Dec 2019 at 09:16, Tom Lieber ***@***.***> wrote:
I just tried restarting my instance, to no avail.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#630?email_source=notifications&email_token=ACAOFFMSGCT5ZDC3MDOUCB3QW3LCLA5CNFSM4JU7HY4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF3AFPI#issuecomment-561382077>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACAOFFMP7SLW5UEBXQQLEHDQW3LCLANCNFSM4JU7HY4A>
.
|
I poked around in my bucket and don't see any files named "Upspin". The files that do exist are all public and accessing them is no problem. |
Indeed upspin-ui will fail if you see "Forbidden" instead of "Not exist"
when you use your plain browser to get
https://storage.googleapis.com/mybucket/Upspin:notexist (no upspin software
or credentials needed.)
I have not been able to determine what makes the difference; in my case two
setups both had world-readable buckets as far as I could tell from the
cloud console.
It could be that finishing the setup for user2@example.com manually, for
example using "upspin user | edit | upspin user -put" will work; that's
what I'd been doing all along with success. But it would be nice for
upspin-ui to get debugged as well, so we'll continue tpo investigate.
On Tue, Dec 3, 2019 at 2:24 PM Andrew Gerrand <notifications@github.com>
wrote:
… It looks like the Google Cloud Storage bucket permissions are wrong.
They need to be set such that the bucket is world-readable.
@grosse had some related issues recently; was this the solution?
On Wed, 4 Dec 2019 at 09:16, Tom Lieber ***@***.***> wrote:
> I just tried restarting my instance, to no avail.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <
#630?email_source=notifications&email_token=ACAOFFMSGCT5ZDC3MDOUCB3QW3LCLA5CNFSM4JU7HY4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF3AFPI#issuecomment-561382077
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/ACAOFFMP7SLW5UEBXQQLEHDQW3LCLANCNFSM4JU7HY4A
>
> .
>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#630?email_source=notifications&email_token=ACADPOR46BGMVKLQMIY3Y7DQW3MCNA5CNFSM4JU7HY4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF3A3MQ#issuecomment-561384882>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACADPORDAUTWYPKAPSNMIBLQW3MCNANCNFSM4JU7HY4A>
.
|
Thanks for the info! I added "allUsers" as a member of the bucket with role "Storage Object Viewer" per this page and storage-ui was able to continue. However… is that insecure? |
Interesting. I don't have that setting, but seems it would be safe since
the buckets are encrypted and signed.
…On Tue, Dec 3, 2019 at 3:41 PM Tom Lieber ***@***.***> wrote:
Thanks for the info! I added "allUsers" as a member of the bucket with
role "Storage Object Viewer" per this page
<https://cloud.google.com/storage/docs/access-control/making-data-public#buckets>
and storage-ui was able to continue. However… is that insecure?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#630?email_source=notifications&email_token=ACADPOQGAGCJKN5O4AD256TQW3VBHA5CNFSM4JU7HY4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF3GL5A#issuecomment-561407476>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACADPORG3RFAG73BJQ2O2HLQW3VBHANCNFSM4JU7HY4A>
.
|
Thanks, I seem to be in business now. I renamed the issue to what I hope is a better summary of what seems to have been the problem. |
I'm trying to follow https://upspin.io/doc/faq.md to allow a second account to use my personal upspin server, but getting stuck. Repro steps:
upspin setupwriters
seems to assume the config lives in a ~/upspin/deploy subdirectory… or maybe this is my problem?)upspin setupwriters -domain myhostname user1@example.com user2@example.com
upspin get
the Group/Writers file, I see that both users are now in it.After a short delay, an error appears in the bottom of the dialog with a message like:
Did I miss a step?
The text was updated successfully, but these errors were encountered: