Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

k8s offload access denied

See original GitHub issue

hello

I have a issue with the s3 tiered offload two exact configurations, using different buckets, one works and the other one doesn’t i got this when i try to check the offload status after trying to trigger it manually with topics offload (the one that doesnt work isnt a fresh start so it has some previous data)

Error in offload

null

Reason: Error offloading: org.apache.bookkeeper.mledger.ManagedLedgerException: java.util.concurrent.CompletionException: org.jclouds.rest.AuthorizationException: Access Denied

I am using pulsar 2.6.1 i have set the following configuration in the brokers

managedLedgerOffloadDriver: "aws-s3"
s3ManagedLedgerOffloadRegion: "us-east-1"
s3ManagedLedgerOffloadBucket: bucketname
s3ManagedLedgerOffloadRole: rolename
s3ManagedLedgerOffloadRoleSessionName: sessioname

the role name has the following perms both have the same the only difference its the bucket name, i even tried with s3 full access and no luck

{
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::bucketname",
                "arn:aws:s3:::bucktname/*"
            ],
            "Effect": "Allow"
        }
    ]
}

is there something else i can check between the two?

appreciate any feedback

thanks