I am using the AWS S3 plugin, version 1.5. I tested the plugin, and it works fine, but when executing a task, the files cannot be uploaded to the bucket. Additionally, why does the AWS S3 plugin require administrator read and write permissions? Can’t it just use read and write permissions for the specific bucket? The extensive permissions required are concerning, and I’m worried about the security of the plugin. Will it access my other buckets? S3 Bucket I am using a Cloudflare R2 bucket, which supports the S3 protocol. In my project, the S3 SDK only requires “Object Read & Write” permissions to function properly. However, your panel requires “Admin Read & Write” permissions to proceed. After submitting, I am able to create folders and upload files through the plugin, but backup files from scheduled tasks cannot be uploaded. I have two concerns: The backup files cannot be uploaded. The permission requirements are too high, causing me to worry about data security and privacy. BUG Log: |-Database size: 1.27 MB |-Database Character Set: utf8mb4 |-The available disk space for partition / is: 134.41 GB, and the available Inode is: 9583519 |-Start exporting database:2024-10-13 18:00:01 |-Database backup completed, taking 0.07 seconds, compressed file size: 65.05 KB |-Uploading to AWS S3, please wait... Traceback (most recent call last): File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/transfer.py", line 372, in upload_file future.result() File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/futures.py", line 103, in result return self. coordinator.result() ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/futures.py", line 266, in result raise self. exception File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/tasks.py", line 139, in call return self._execute_main(kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/tasks.py", line 162, in execute_main return_value = self. main(**kwargs) ^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/upload.py", line 764, in _main client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args) File "/www/server/panel/pyenv/lib/python3.12/site-packages/botocore/client.py", line 569, in api_call return self. make_api_call(operation_name, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/pyenv/lib/python3.12/site-packages/botocore/client.py", line 1023, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/www/server/panel/script/backup.py", line 59, in <module> backup.backupDatabaseAll(sys.argv[3], echo_id) File "/www/server/panel/script/backup.py", line 37, in backupDatabaseAll self.backup_database_all(save, echo_id=echo_id) File "/www/server/panel/class_v2/panel_backup_v2.py", line 885, in backup_database_all status, backup_path = self.backup_database(db_name, save, echo_id=echo_id) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/class_v2/panel_backup_v2.py", line 998, in backup_database res = self._cloud.upload_file1(backup_path, upload_path) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/plugin/aws_s3/s3lib/client/aws_s3.py", line 258, in upload_file1 client.upload_file( File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/inject.py", line 145, in upload_file return transfer.upload_file( ^^^^^^^^^^^^^^^^^^^^^ File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/transfer.py", line 378, in upload_file raise S3UploadFailedError( boto3.exceptions.S3UploadFailedError: Failed to upload /www/backup/database/mysql/crontab_backup/data_accounts/data_accounts_2024-10-13_18-00-01_mysql_data.sql.gz to backups/data_us_server/database/mysql/data_accounts/data_accounts_2024-10-13_18-00-01_mysql_data.sql.gz: An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.

Backup Cron cannot upload files to the S3 bucket

aaP_jarvis

I am using the AWS S3 plugin, version 1.5. I tested the plugin, and it works fine, but when executing a task, the files cannot be uploaded to the bucket.

Additionally, why does the AWS S3 plugin require administrator read and write permissions? Can’t it just use read and write permissions for the specific bucket? The extensive permissions required are concerning, and I’m worried about the security of the plugin. Will it access my other buckets?

S3 Bucket

I am using a Cloudflare R2 bucket, which supports the S3 protocol.

In my project, the S3 SDK only requires “Object Read & Write” permissions to function properly. However, your panel requires “Admin Read & Write” permissions to proceed. After submitting, I am able to create folders and upload files through the plugin, but backup files from scheduled tasks cannot be uploaded.

I have two concerns:

The backup files cannot be uploaded.
The permission requirements are too high, causing me to worry about data security and privacy.

BUG Log:

|-Database size: 1.27 MB
|-Database Character Set: utf8mb4
|-The available disk space for partition / is: 134.41 GB, and the available Inode is: 9583519
|-Start exporting database:2024-10-13 18:00:01
|-Database backup completed, taking 0.07 seconds, compressed file size: 65.05 KB
|-Uploading to AWS S3, please wait...
Traceback (most recent call last):
File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/transfer.py", line 372, in upload_file
future.result()
File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/futures.py", line 103, in result
return self.coordinator.result()
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/futures.py", line 266, in result
raise self.exception
File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/tasks.py", line 139, in call
return self._execute_main(kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/tasks.py", line 162, in execute_main
return_value = self.main(**kwargs)
^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/pyenv/lib/python3.12/site-packages/s3transfer/upload.py", line 764, in _main
client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
File "/www/server/panel/pyenv/lib/python3.12/site-packages/botocore/client.py", line 569, in api_call
return self.make_api_call(operation_name, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/pyenv/lib/python3.12/site-packages/botocore/client.py", line 1023, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/www/server/panel/script/backup.py", line 59, in <module>
backup.backupDatabaseAll(sys.argv[3], echo_id)
File "/www/server/panel/script/backup.py", line 37, in backupDatabaseAll
self.backup_database_all(save, echo_id=echo_id)
File "/www/server/panel/class_v2/panel_backup_v2.py", line 885, in backup_database_all
status, backup_path = self.backup_database(db_name, save, echo_id=echo_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/class_v2/panel_backup_v2.py", line 998, in backup_database
res = self._cloud.upload_file1(backup_path, upload_path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/plugin/aws_s3/s3lib/client/aws_s3.py", line 258, in upload_file1
client.upload_file(
File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/inject.py", line 145, in upload_file
return transfer.upload_file(
^^^^^^^^^^^^^^^^^^^^^
File "/www/server/panel/pyenv/lib/python3.12/site-packages/boto3/s3/transfer.py", line 378, in upload_file
raise S3UploadFailedError(
boto3.exceptions.S3UploadFailedError: Failed to upload /www/backup/database/mysql/crontab_backup/data_accounts/data_accounts_2024-10-13_18-00-01_mysql_data.sql.gz to backups/data_us_server/database/mysql/data_accounts/data_accounts_2024-10-13_18-00-01_mysql_data.sql.gz: An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.

aaPanel_Kern

Hello, thank you for your feedback. Currently, only administrator permissions are supported. We will optimize this part in the future.

aaP_jarvis

aaPanel_Kern Hello, Thank you for your response; I understand the permission issues. My foremost concern now is the inability to back up the database, a predicament that has persisted for nearly two months. I am compelled to manually back up data each day, which is exceedingly burdensome.

aaPanel_Kern

It is recommended that you back up to other storage first

aaP_jarvis

aaPanel_Kern May I inquire whether this issue has been slated for resolution within the development schedule? Is there a definitive timeline established, or has it been decided not to incorporate it?

aaPanel_Kern

Hello, there is currently no repair record. This issue has been recorded.

aaP_jarvis

aaPanel_Kern Hello, May I inquire if there have been any recent developments?

aaP_jarvis

aaPanel_Kern I have identified the root cause and can resolve it manually.

/www/server/panel/plugin/aws_s3/config.conf

The issue stems from the inability to save the EndPoint information within this configuration file. By appending |https://ff409e576f096b080desf3b1c197.r2.cloudflarestorage.com at the end, the problem was successfully mitigated.

Additionally, I configured the key permissions to Object Read & Write, which are functional. However, during the initial setup, a permissions insufficiency warning may appear. Once the configuration is complete, promptly adjust the permissions to ensure seamless operation.

aaPanel_Kern

Hello, thank you for your feedback, I will forward it to the developers