Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NotAuthenticated with the SDK on retreiving namespaces #342

Open
jussetain opened this issue Feb 1, 2025 · 0 comments
Open

NotAuthenticated with the SDK on retreiving namespaces #342

jussetain opened this issue Feb 1, 2025 · 0 comments

Comments

@jussetain
Copy link

jussetain commented Feb 1, 2025
edited
Loading

Environment

Host: Linux instance-20230814-xxxx 5.15.0-1039-oracle #45-Ubuntu SMP Thu Jul 13 19:41:22 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
Bun: 1.1.7
oci-sdk: 2.101.0

Description

I'm experiencing a NotAuthenticated (401) error whenever I want to retreive namespaces with the Typescript SDK.

What I checked

  • Everything suggested in here : https://docs.oracle.com/en-us/iaas/Content/API/References/apierrors.htm#apierrors_401__401_notauthenticated

    • "Verify your private_key_path is pointing to your private key and not the corresponding public key"
      Not sure if this part of the documentation hasn't been updated but I only have a key_path in my conf, it doesn't work with private_key_path

  • IAM Permission/Policies are correct

    • I've created a group 'App' which in my user is, the same user I've created the API key for, the same user I've put the OCID in the conf file
    • I've added this policy : Allow group 'App' to read objectstorage-namespaces in tenancy

  • ~/.oci/config file is correct

  • Private key is correct

  • With all of the above: it works perfectly fine with the CLI using the command oci os ns get with the same config file and profile I'm trying to use with the sdk

  • Loggin the ObjectStorageClient object shows me that the configuration file has been loaded correctly (I can see my OCIDs, my private key, etc.)

Configuration file

[DEFAULT]
user=ocid1.user.oc1..aaaaa...
fingerprint=63:5d:fd:...
tenancy=ocid1.tenancy.oc1..aaa....
region=eu-paris-1
key_file=~/.ssh/oracle/oci_api_key.pem

Code

import common from 'oci-common';
import objectstorage from 'oci-objectstorage';

const provider = new common.ConfigFileAuthenticationDetailsProvider();

const client = new objectstorage.ObjectStorageClient({
    authenticationDetailsProvider: provider
});

export const getNamespace = async (): Promise<string | undefined> => {
    try {
        const namespace = await client.getNamespace({}).then((res: objectstorage.responses.GetNamespaceResponse) => res.value);
        return namespace;
    } catch (error: any) {
        console.error("Err code:", error.statusCode);
        console.error("Err message:", error.message);
        console.error("Err stack:", error.stack);
        return '';
    }
}

Error stack

Err code: 401
Err message: Get namespace is limited to authenticated users
Err stack: Error: Get namespace is limited to authenticated users
    at new OciError (/home/ubuntu/project/core/node_modules/oci-common/lib/error.js:12:13)
    at handleErrorResponse (/home/ubuntu/project/core/node_modules/oci-common/lib/helper.js:35:28)
    at <anonymous> (/home/ubuntu/project/core/node_modules/oci-common/lib/retrier.js:145:92)
    at fulfilled (/home/ubuntu/project/core/node_modules/oci-common/lib/retrier.js:8:73)
    at processTicksAndRejections (:12:39)

Note

Even when I hardcode the namespace in my code to retreive buckets, I get an error (404 this time), even though I filled in the right information, and of course this too works fine with the CLI.

Did I obviously missed a thing somewhere? Thanks for your help. 🙏
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jussetain