如何使用S3作为maven repository?

w8ntj3qf  于 12个月前  发布在  Maven
关注(0)|答案(3)|浏览(216)

我无法将maven工件部署到S3。
即使我对存储桶具有写访问权限,也会收到“拒绝”异常。
当我运行mvn deploy -DskipTests时,我得到以下错误:

Caused by: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 5CFBE8472B760710; S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=), S3 Extended Request ID: cxvn4bs9sg2hNEZRbno2dxocwSj8i6jCSNSQtsZL2H7h2y/cY2koFhExrGv3mACLK+kfcxHfKkg=
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1630)

字符串
S3请求由wagon插件触发:

>> PUT /release/ HTTP/1.1
>> Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com
>> x-amz-content-sha256: UNSIGNED-PAYLOAD
>> Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298
>> X-Amz-Date: 20191018T145734Z
>> x-amz-acl: public-read
>> User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60
>> amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd
>> amz-sdk-retry: 0/0/500
>> Content-Type: application/octet-stream
>> Content-Length: 0
>> Connection: Keep-Alive
>> "PUT /release/ HTTP/1.1"
>> "Host: inuka-mvn-repo.s3.eu-west-1.amazonaws.com"
>> "x-amz-content-sha256: UNSIGNED-PAYLOAD"
>> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAUMQWI47EFQZPBQW3/20191018/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b20a1e2fb100eae4b70d7c0922fde9164bc7326d02074627e54d860359d8b298"
>> "X-Amz-Date: 20191018T145734Z"
>> "x-amz-acl: public-read"
>> "User-Agent: aws-sdk-java/1.11.276 Mac_OS_X/10.13.6 Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23 java/1.8.0_60"
>> "amz-sdk-invocation-id: 47ea0bcd-c021-6d48-2547-f9a276c055cd"
>> "amz-sdk-retry: 0/0/500"
>> "Content-Type: application/octet-stream"
>> "Content-Length: 0"
>> "Connection: Keep-Alive"
>> ""


S3响应

<< "HTTP/1.1 403 Forbidden"
<< "x-amz-request-id: 83C798E7B7B523ED"
<< "x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA="
<< "Content-Type: application/xml"
<< "Transfer-Encoding: chunked"
<< "Date: Fri, 18 Oct 2019 14:57:33 GMT"
<< "Server: AmazonS3"
<< ""
<< HTTP/1.1 403 Forbidden
<< x-amz-request-id: 83C798E7B7B523ED
<< x-amz-id-2: 6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=
<< Content-Type: application/xml
<< Transfer-Encoding: chunked
<< Date: Fri, 18 Oct 2019 14:57:33 GMT
<< Server: AmazonS3
e kept alive for 60000 MILLISECONDS
<< "f3"
<< "<?xml version="1.0" encoding="UTF-8"?>[\n]"
<< "<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>83C798E7B7B523ED</RequestId><HostId>6QylxeiERpjXVuThC0VXYqCGSL9+pWqw5Kdi/1PpI+ly1eBMxYY+byB59T7yGLf2D5vPOLTLAPA=</HostId></Error>"
<< "0"
<< ""


我使用com.github.platform-team:aws-maven上传到S3

<build>
    ...
    <extensions>
        <extension>
            <groupId>com.github.platform-team</groupId>
            <artifactId>aws-maven</artifactId>
            <version>6.0.0</version>
        </extension>
    </extensions>
</build>


这是我的maven repo配置

<distributionManagement>
    <repository>
        <id>repo.inuka</id>
        <url>s3://*****-mvn-repo/release</url>
    </repository>
</distributionManagement>


我可以从命令行对s3进行写访问:

halils-mbp:inuka-be halil$ aws s3 cp pom.xml s3://inuka-mvn-repo
upload: ./pom.xml to s3://inuka-mvn-repo/pom.xml


谁能帮帮我,为什么maven wagon插件com.github.platform-team:aws-maven不能上传到S3?

vxf3dgd4

vxf3dgd41#

我猜你错过了配置你的S3策略或m2设置的服务器ID不匹配与您的pom distributionManagements,也有snapshotRepositoryrepository
举例说明:

<distributionManagement>
    <snapshotRepository>
        <id>YOUR_BUCKET_NAME-snapshot</id>
        <url>s3://YOUR_BUCKET_NAME/snapshot</url>
    </snapshotRepository>
    <repository>
        <id>YOUR_BUCKET_NAME-release</id>
        <url>s3://YOUR_BUCKET_NAME/release</url>
    </repository>
</distributionManagement>

字符串
我发现这个maven扩展很有用,它是建立在apache wagon之上的,链接:https://github.com/ehsaniara/maven-repository-aws-s3
您可以从https://github.com/ehsaniara/maven-repository-aws-s3#configure-by-aws-console开始
Setp1:您可以使用以下权限创建s3策略:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:CreateBucket",
        "s3:ListBucket",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
    }
  ]
}


然后创建一个IAM用户并附加该策略。
.m2/setting上添加snapshotrelease服务器ID

<settings>
  <servers>
    ...
    ...
    <server>
      <id>YOUR_BUCKET_NAME-snapshot</id>
      <username>AWS_ACCESS_KEY_ID</username>
      <password>AWS_SECRET_ACCESS_KEY</password>
      <configuration>
        <region>AWS_REGION</region>
        <publicRepository>false</publicRepository>
      </configuration>
    </server>
    <server>
      <id>YOUR_BUCKET_NAME-release</id>
      <username>AWS_ACCESS_KEY_ID</username>
      <password>AWS_SECRET_ACCESS_KEY</password>
      <configuration>
        <region>AWS_REGION</region>
        <publicRepository>false</publicRepository>
      </configuration>
    </server>
    ....
    ....
  </servers>
</settings>


然后将以下扩展名添加到您的pom中

<extensions>
        <extension>
            <groupId>com.github.ehsaniara</groupId>
            <artifactId>maven-repository-aws-s3</artifactId>
            <version>1.2.10</version>
        </extension>
    </extensions>

zzzyeukh

zzzyeukh2#

我做了一个支持AWS SSO(OIDC auth)的SDK,它使用了第二个版本。也许它对那些像我一样在搜索此类功能时发现这个问题的人有用。
https://github.com/embriq-nordic/aws-oidc-s3-maven-wagon

<extension>
    <groupId>io.github.embriq-nordic</groupId>
    <artifactId>aws-oidc-s3-maven-wagon</artifactId>
    <version>1.1.0</version>
</extension>

字符串
由于它使用SDK的第二个版本,因此它使用该版本所使用的凭据提供程序链。
当然,您仍然需要创建一个策略/角色,如Jay Ehsaniara的回答中所述。

ldxq2e6h

ldxq2e6h3#

大多数Maven S3 wagons,包括问题中提到的那个,似乎都不支持开箱即用的私有权限写入bucket。结果是,即使你的IAM策略很好,你的身份验证细节也很好,当涉及到PUT调用时,你也会得到403。
我发现的唯一一个可以开箱即用的私有bucket是Allogy wagon

<build>
...
    <extensions>
        <extension>
            <groupId>com.allogy.maven.wagon</groupId>
            <artifactId>maven-s3-wagon</artifactId>
            <version>1.2.0</version>
        </extension>
    </extensions>
...
</build>

字符串

相关问题