Create an API keypair with RW access, locked to a particular bucket.
Create a config in rclone for R2.
Run the following, to copy a file to the r2 bucket root
rclone copy file.txt r2config:
Depending on the endpoint you've specified in rclone.conf, you'll have mixed results. If you specify the bucket in R2 you have locked your api keypair to, ie endpoint = https://<account>.r2.cloudflarestorage.com/<bucket>, the transfer will work if you copy to a subdirectory, like this:
rclone copy file.txt r2config:/subdir
However, if you don't specify a subdirectory, you get the following error:
rclone copy file.txt r2config:
- minimum field size of 1, HeadObjectInput.Key.
If you try to remove the bucket from the endpoint, authorization fails entirely. It doesn't matter if you append the bucket to the copy destination. This is probably expected S3 behavior, just noting here for posterity.
2023/08/09 09:19:50 Failed to copy: Forbidden: Forbidden
status code: 403, request id: , host id:
Any workarounds for transferring to R2 bucket root, using api keys locked to a particular bucket? Is this a bug, or am I missing something?
try rclone copy file.txt r2config:protected-bucket --s3-no-check-bucket
rclone tries to head the bucket before file copy, and that is the cause of the error. --s3-no-check-bucket prevents rclone from doing that head.
rclone is designed to work like this - you always need to put the bucket in the command line. You can use the alias backend if you want to use it without.
could be that the bucket policy for the locked bucket does not have "Action": "s3:ListAllMyBuckets"
which makes sense and good that cloudflare does that.
fwiw, whenever i create a bucket on s3 provider, i never add "Action": "s3:ListAllMyBuckets"
so i always use no_check_bucket = true