diff --git a/changelog/0.8.3_2018-02-26/pull-1648 b/changelog/0.8.3_2018-02-26/pull-1648 new file mode 100644 index 000000000..1613612a9 --- /dev/null +++ b/changelog/0.8.3_2018-02-26/pull-1648 @@ -0,0 +1,6 @@ +Enhancement: Ignore AWS permission denied error when creating a repository. + +It's not possible to use s3 backend scoped to a subdirectory(with specific permissions). +Restic doesn't try to create repository in a subdirectory, when 'bucket exists' of parent directory check fails due to permission issues. + +https://github.com/restic/restic/pull/1648 \ No newline at end of file diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go index d8d4dcdad..d36679bf7 100644 --- a/internal/backend/s3/s3.go +++ b/internal/backend/s3/s3.go @@ -104,6 +104,12 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) { return nil, errors.Wrap(err, "open") } found, err := be.client.BucketExists(cfg.Bucket) + + if err != nil && be.IsAccessDenied(err) { + err = nil + found = true + } + if err != nil { debug.Log("BucketExists(%v) returned err %v", cfg.Bucket, err) return nil, errors.Wrap(err, "client.BucketExists") @@ -120,6 +126,17 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) { return be, nil } +// IsAccessDenied returns true if the error is caused by Access Denied. +func (be *Backend) IsAccessDenied(err error) bool { + debug.Log("IsAccessDenied(%T, %#v)", err, err) + + if e, ok := errors.Cause(err).(minio.ErrorResponse); ok && e.Code == "AccessDenied" { + return true + } + + return false +} + // IsNotExist returns true if the error is caused by a not existing file. func (be *Backend) IsNotExist(err error) bool { debug.Log("IsNotExist(%T, %#v)", err, err)