Error 405 (MethodNotAllowed) when running "s3cmd info" in version 2.0.0

[yzargari]

Hello,

I recently found out that "s3cmd info" returns error 405 when running version 2. Same command on the same bucket returns correct results in 1.6.0.

There are Get* and List* permissions on that bucket.

Is this a bug? Cloud this have started from a change AWS did?

Thanks!

Update:
Just realized this happens when trying to get the bucket policy. It only happens when trying it on a bucket that's located on a different AWS account. Anyone knows if it requires other permissions on cross-account access?

Update 2:
So after talking to AWS support, they say that policy cannot be retrieved cross account. This raised an important question; If this isn't possible, howcome it worked on version 1.6? After testing s3cmd 1.6 in same-account access and cross-account access, it appears that policy was not retrieved on cross-account access - BUT is didn't fail:

same-account:

s3cmd info s3://BUCKET-NAME
s3://BUCKET-NAME/ (bucket):
   Location:  us-east-1
   Payer:     BucketOwner
   Expiration Rule: none
   policy:    {"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"AWS":"*************"},"Action":["s3:List*","s3:Get*"],"Resource":["arn:aws:s3:::BUCKET-NAME/*","arn:aws:s3:::BUCKET-NAME"]}]}
   cors:      none
   ACL:       ********: FULL_CONTROL

cross-account:

s3cmd info s3://BUCKET-NAME
s3://BUCKET-NAME/ (bucket):
   Location:  us-east-1
   Payer:     BucketOwner
   Expiration Rule: none
   policy:    none
   cors:      none
   ACL:       ********: FULL_CONTROL

Did 1.6 had an error-ignore mechanism that is no longer in 2.0?

[fviard]

Currently the code is like this:

except S3Error as exc:
                # Ignore the exception and don't fail the info
                # if the server doesn't support setting ACLs
                if exc.status not in [404, 501]:
                    raise exc
                output(u"   policy:    none")

So we raise the exception if not 404 or 501.

And here is what is stated by aws documentation for the GET policy call:

http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETpolicy.html

To use this operation, you must have GetPolicy permissions on the specified bucket, and you must be the bucket owner.

If you don't have GetPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not the bucket owner, Amazon S3 returns a 405 Method Not Allowed error. If the bucket does not have a policy, Amazon S3 returns a 404 Policy Not found error. There are restrictions about who can create bucket policies and which objects in a bucket they can apply to. For more information, go to Using Bucket Policies.

So, in your case, the issue probably comes from the fact that you are not the owner of the other bucket?

I will add a specific message for this case.

[fviard]

@yzargari Can you give a try to my fix? And so check that it really was the origin of your issue?

[yzargari]

Thanks @fviard - your changes did fix my problem...
How long should I expect it to get into python's pip?

[fviard]

I will wait a few days to see if there are other regressions that shows up and then do a new release.

[yzargari]

Many thanks!