Hello Unless I m missing something

Hello! Unless I'm missing something obvious, I'm pretty sure I'm running into an R2 bug. I'm using a token with "Object Read & Write" permissions and get AccessDenied when using rclone to write an object to the bucket. I know I have the access id & secret key correct because as soon as I switch the token permissions to "Admin Read & Write" privileges, it starts working and rclone will correctly write new objects to the bucket. When I switch it back, it stops working again. What I'm doing is very simple:
sergey@ark ~> echo Hello World > myfile.txt
sergey@ark ~> rclone copyto myfile.txt r2:mcbuilds/myfile.txt
2023/08/28 21:58:52 ERROR : myfile.txt: Failed to copy: AccessDenied: Access Denied
status code: 403, request id: , host id:
2023/08/28 21:58:52 ERROR : Attempt 1/3 failed with 1 errors and: AccessDenied: Access Denied
status code: 403, request id: , host id:
sergey@ark ~> echo Hello World > myfile.txt
sergey@ark ~> rclone copyto myfile.txt r2:mcbuilds/myfile.txt
2023/08/28 21:58:52 ERROR : myfile.txt: Failed to copy: AccessDenied: Access Denied
status code: 403, request id: , host id:
2023/08/28 21:58:52 ERROR : Attempt 1/3 failed with 1 errors and: AccessDenied: Access Denied
status code: 403, request id: , host id:
4 Replies
Unknown User
Unknown User17mo ago
Message Not Public
Sign In & Join Server To View
Meekro
MeekroOP17mo ago
Sorry about the delay in responding, I was away.. There is only one bucket involved. I'm copying a local file to an R2 bucket. I've tried the "Object Read & Write" permissions with "All buckets in this account", and I've also tried it with the "specific buckets only" and both produce the same results.
Meekro
MeekroOP17mo ago
As you can see, the token is currently configured to apply to all buckets. When it's like this, I can delete objects from the bucket but creating new ones fails.
No description
Meekro
MeekroOP16mo ago
When I set this to "Admin Read & Write", I can once again create objects in the bucket. I've flipped it back and forth several times to make sure it wasn't a coincidence. Turns out rclone always tries to create the bucket you’re writing to, just in case it doesn’t exist. A limited-access user doesn’t have permission to do this, so the request fails. You can add this to your rclone.conf to turn off this behavior and fix the problem: no_check_bucket = true Could you please tell whoever's working on the R2+rclone docs: https://developers.cloudflare.com/r2/examples/rclone/ The docs should mention that you should probably have "no_check_bucket = true" in your rclone.conf, or else limited-access access keys won't work.
Want results from more Discord servers?
Add your server