'Unsupported Data Source' adding GDAL AWS S3 raster layers with credential options #60288
Comments
rtmorgan
added
the
Bug
would be needed. I can just add fine a GeoTIFF from my S3 bucket using AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY keys and values set in the Add raster layer dialog. |
|
@rouault may I email you the bucket, object and same access key info so that I do not include them in the public github issue? If so, what email address should I use? Thank you. |
|
@rtmorgan even.rouault at spatialys.com |
|
@rouault email on the way from robert.thomas.morgan at gmail.com |
|
@rtmorgan Just tried with your credentials and that works fine. Are you sure you aren't pasting extra leading or trailing spaces in the credential values ? |
|
@rouault It does not appear to have extra leading or trailing spaces in the values. I will type the keys in this evening (thankfully they're not very long) and report back with the results. Thank you again for helping. |
|
@rouault I'm going to test more things, but I believe the 'AWS_PROFILE' environment variable may be the source of the issue. I started reading through the '/vsis3/' portion of the docs https://gdal.org/en/stable/user/virtual_file_systems.html#vsis3-aws-s3-files to better understand the configuration options and identify what might be set incorrectly or missing. I noted that the AWS_PROFILE (GDAL >= 3.2) defaults to 'default' but that configuration is not available in the Credential Options drop-down values. I already have a configured AWS credentials file with a default profile that is used for tasks unrelated to the GIS work and the S3 location. Because AWS_PROFILE is not available in the AWS S3 protocol Credential Options drop-down values, I could not update it there. I added it to the QGIS System environment and set its value to a new profile I then added to my existing ~/.aws/credentials file with the AWS access key id and AWS secret access key we were troubleshooting with. With no options set in the Credential Options, I was able to add the AWS S3 raster layer - as I believe it is reading the AWS access key id and AWS secret access key from the AWS credential profile referenced in the QGIS System environment variable AWS_PROFILE. |
|
As it has a default value that can't currently be overridden in the AWS S3 protocol credential options window to support layer-specific credentials, AWS_PROFILE should probably be added to the drop-down lists for the places where VSIS3-related layer configuration options can be selected, like the AWS S3 protocol credential options window we've been discussing. I could attempt a PR if that would help (but it would be my first to QGIS so it might go slowly). |
|
Will be fixed in GDAL per OSGeo/gdal@4d2e653 |
|
thank you - I appreciate this and all you and the maintainers do for the QGIS community. |
agiudiceandrea
added
the
Data Provider
What is the bug or the crash?
I am unable to add an AWS S3 raster layer (Layer -> Add Layer -> Add Raster Layer -> Protocol Type AWS S3) with the protocol Credential Options (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) set to the appropriate values.
The following message is generated (sanitized with 'xxxxx'):
"Unsupported Data Source: /vsis3/xxxxx/xxxxx/xxxxx.tif|credential:AWS_ACCESS_KEY_ID=xxxxx|credential:AWS_SECRET_ACCESS_KEY=xxxxx is not a supported raster data source"
I am however able to add the AWS S3 raster layer if AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set as QGIS system-level environment variables (Settings -> Options -> System -> Environment).
Steps to reproduce the issue
Click on (Layer -> Add Layer -> Add Raster Layer)
Within the 'Source Type' section, select 'Protocol: HTTP(s), cloud, etc.'Protocol Type AWS S3)
Within the 'Protocol' section, select 'AWS S3' from the 'Type' drop-down
Within the 'Protocol' section, enter the bucket name in the 'Bucket or container' field
Within the 'Protocol' section, enter the object key name in the 'Object key' field
Within the 'Credential Options' section, select 'AWS_ACCESS_KEY_ID' from the drop-down and enter the AWS Access Key ID value as the attribute value
Within the 'Credential Options' section, on the second row - select 'AWS_SECRET_ACCESS_KEY' from the drop-down and enter the AWS Secret Access Key value as the attribute value
Click on the 'Add' button at the bottom of the window.
Versions
Supported QGIS version
New profile
Additional context
I have confirmed that the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY keys and values entered in the protocol credential option variables are the same as entered as QGIS System-level environment variables on successful executions (and used within related Python GDAL code).
I can create separate disposable AWS user access keys to aid in others troubleshooting if needed.
The text was updated successfully, but these errors were encountered: