oracle/oci-typescript-sdk

NotAuthenticated with the SDK on retreiving namespaces

jussetain opened this issue · 1 comments

jussetain commented

Environment

Host: Linux instance-20230814-xxxx 5.15.0-1039-oracle #45-Ubuntu SMP Thu Jul 13 19:41:22 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
Bun: 1.1.7
oci-sdk: 2.101.0

Description

I'm experiencing a NotAuthenticated (401) error whenever I want to retreive namespaces with the Typescript SDK.

What I checked

  • Everything suggested in here : https://docs.oracle.com/en-us/iaas/Content/API/References/apierrors.htm#apierrors_401__401_notauthenticated

    • "Verify your private_key_path is pointing to your private key and not the corresponding public key"
      Not sure if this part of the documentation hasn't been updated but I only have a key_path in my conf, it doesn't work with private_key_path

  • IAM Permission/Policies are correct

    • I've created a group 'App' which in my user is, the same user I've created the API key for, the same user I've put the OCID in the conf file
    • I've added this policy : Allow group 'App' to read objectstorage-namespaces in tenancy

  • ~/.oci/config file is correct

  • Private key is correct

  • With all of the above: it works perfectly fine with the CLI using the command oci os ns get with the same config file and profile I'm trying to use with the sdk

  • Loggin the ObjectStorageClient object shows me that the configuration file has been loaded correctly (I can see my OCIDs, my private key, etc.)

Configuration file

[DEFAULT]
user=ocid1.user.oc1..aaaaa...
fingerprint=63:5d:fd:...
tenancy=ocid1.tenancy.oc1..aaa....
region=eu-paris-1
key_file=~/.ssh/oracle/oci_api_key.pem

Code

import common from 'oci-common';
import objectstorage from 'oci-objectstorage';

const provider = new common.ConfigFileAuthenticationDetailsProvider();

const client = new objectstorage.ObjectStorageClient({
    authenticationDetailsProvider: provider
});

export const getNamespace = async (): Promise<string | undefined> => {
    try {
        const namespace = await client.getNamespace({}).then((res: objectstorage.responses.GetNamespaceResponse) => res.value);
        return namespace;
    } catch (error: any) {
        console.error("Err code:", error.statusCode);
        console.error("Err message:", error.message);
        console.error("Err stack:", error.stack);
        return '';
    }
}

Error stack

Err code: 401
Err message: Get namespace is limited to authenticated users
Err stack: Error: Get namespace is limited to authenticated users
    at new OciError (/home/ubuntu/project/core/node_modules/oci-common/lib/error.js:12:13)
    at handleErrorResponse (/home/ubuntu/project/core/node_modules/oci-common/lib/helper.js:35:28)
    at <anonymous> (/home/ubuntu/project/core/node_modules/oci-common/lib/retrier.js:145:92)
    at fulfilled (/home/ubuntu/project/core/node_modules/oci-common/lib/retrier.js:8:73)
    at processTicksAndRejections (:12:39)

Note

Even when I hardcode the namespace in my code to retreive buckets, I get an error (404 this time), even though I filled in the right information, and of course this too works fine with the CLI.

Did I obviously missed a thing somewhere? Thanks for your help. 🙏