[chef] Re: http_request head on S3 pre-signed URL gets 403 error

["Julian C. Dunn" < >]

The only thing I can think of is that http_request uses Chef::REST internally and so Accept is only application/json. If your S3 bucket is rejecting requests like that, it could be the problem.

http://tickets.opscode.com/browse/CHEF-4202

I have used http_request to HEAD objects from more lenient servers though, so it does work.

- Julian

On Wed, Jun 19, 2013 at 1:49 PM, Jorge Bianquetti < " target="_blank"> > wrote:

Ohai!

I've been reading
http://docs.opscode.com/chef/resources.html#remote-file, and
implemented something like this:

local = "some_local_file"
remote = "pre-signed_S3_url"

remote_file local  do
  source remote
  action :nothing
end

http_request "HEAD #{remote}" do
  message ""
  url remote
  action :head
  if File.exists?(local)
    headers "If-Modified-Since" => File.mtime(local).httpdate
  end
  notifies :create, "remote_file[local]", :immediately
end

I get this response from chef-client:

FATAL: Net::HTTPServerException:
http_request[HEAD
https://mybucket.s3.amazonaws.com/develop/some.war?AWSAccessKeyId=AKIXXXXXXXXXXX&Expires=1543242415&Signature=8234962346239423949ygf89w]
(some::backend line 140) had an error: Net::HTTPServerException: 403
"Forbidden"

I supposed this an Chef issue, because all it's fine when I run:

wget -S https://mybucket.s3.amazonaws.com/develop/some.war?AWSAccessKeyId=AKIXXXXXXXXXXX&Expires=1543242415&Signature=8234962346239423949ygf89w

Chef's versions on servers are  10.26.0 (soon, migration to chef11)

Thanks!

--
[ Julian C. Dunn < " target="_blank"> >          * Sorry, I'm    ]
[ WWW: http://www.aquezada.com/staff/julian    * only Web 1.0  ]
[ gopher://sdf.org/1/users/keymaker/           * compliant!    ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9       ]