rangas26 opened a new issue #9461: URL: https://github.com/apache/pulsar/issues/9461
#### Expected behavior aws-s3 offloader should upload the segments even when the target bucket have restricted bucket policy to allow writes of encrypted objects only. #### Actual behavior aws-s3 offloaders fail to upload segments when the policy of the target bucket requires all objects to be encrypted. offloader fails with the error below ``` Caused by: org.jclouds.aws.AWSResponseException: request POST https://offload-s3-test.s3.amazonaws.com/31548dee-c36c-4186-bdf4-1e969d70f5df-ledger-9?uploads HTTP/1.1 failed with code 403, error: AWSError{requestId='70DDF12549897X83', requestToken='E4ng+sBnNfT6ssSs+uZ2yTS8nuMbpnKieqvknrjP88rqio2jbhaP9OdZ23o0O7nK5QEtAyfYgJM=', code='AccessDenied', message='Access Denied', context='{HostId=E4ng+sBnNfY6ssSs+uZ2yTS8nuMbpnKieqvknrjP88rqio2jbhaP9OdZ23o0O7nK5QEtAyfYgJM=}'} ``` #### Steps to reproduce Edit the target bucket policy to allow only encrypted objects ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "RequiredEncryptedPutObject", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::offload-s3-test/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": [ "AES256", "aws:kms" ] } } } ] } ``` Now try to offload the topic with the below command ```pulsar-admin topics offload --size-threshold 10k persistent://tenant/namespace/test-partition-0``` check the status of the upload: ``` pulsar-admin topics offload-status persistent://tenant/namespace/test-partition-0 Warning: Nashorn engine is planned to be removed from a future JDK release Error in offload null Reason: Error offloading: org.apache.bookkeeper.mledger.ManagedLedgerException: java.util.concurrent.CompletionException: org.jclouds.rest.AuthorizationException: Access Denied ``` #### System configuration **Pulsar version**: 2.7 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
