Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-4995 velero-legacy-aws: SignatureDoesNotMatch errors found after OADP upgrade
  3. OADP-5373

(QE) Verify for ( velero-legacy-aws: SignatureDoesNotMatch errors found after OADP upgrade )

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • OADP 1.4.2
    • None
    • QE-Task
    • None
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0
    • 0.000
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      These errors are seen in the velero pod logs after customer has upgraded their OADP operator from 1.3 to 1.4,

      message: 'BackupStorageLocation "together-forever-1" is unavailable: rpc error: code = Unknown desc = operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: , HostID: , api error SignatureDoesNotMatch: Access denied.' phase: Unavailable

      We had them double check their secret since according to [1] it could be a conflict in their AWS secret access key and signing method. 

      Using the same set of keys, the error went away when they downgraded back to 1.3.

       

      [1]https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList

       

              amastbau Amos Mastbaum
              talayan@redhat.com Tareq Alayan
              Amos Mastbaum Amos Mastbaum
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: