OCI Object Storage Access Issue with Instance Principal and Pre-signed URLs
Can someone help me understand I recently switched to I'm trying to configure I'm working on a personal project and I tried several approaches but none seem to work... I'm encountering an issue when trying to generate pre-signed URLs for objects stored in OCI Object Storage using Instance Principals. My application is written in Python, and I am using the `oci` SDK version 2.50.0. The goal is to allow users to download files without requiring them to authenticate directly with OCI. Here's a snippet of my code that attempts to create a pre-signed URL: ```python import oci from oci.object_storage import ObjectStorageClient from oci.object_storage.models import CreatePreauthenticatedRequestDetails # Setting up the client config = oci.config.from_file() # Load config from ~/.oci/config object_storage_client = ObjectStorageClient(config) namespace = '<your_namespace>' # Replace with your Object Storage namespace bucket_name = '<your_bucket_name>' # Replace with your bucket name object_name = '<your_object_name>' # Replace with the object name # Attempting to create a pre-signed URL try: presigned_url = object_storage_client.generate_presigned_url( method='GET', namespace_name=namespace, bucket_name=bucket_name, object_name=object_name, expires_in=3600 # Set expiration time ) print(f"Pre-signed URL: {presigned_url}") except oci.exceptions.ServiceError as e: print(f"Error: {e.message}") ``` When I run this, I receive the following error message: `OCIException: Error Code: 403, Message: The request is not authorized.` I have verified that the Instance Principal has the appropriate policies to access the Object Storage, including: ``` Allow group <your_group> to manage objects in compartment <your_compartment> Allow group <your_group> to read buckets in compartment <your_compartment> ``` I have also tried generating a pre-signed URL using the API directly via Postman and received the same 403 error. I suspect that there might be an issue with the way the Instance Principal is set up, but I have followed the official documentation on configuring Instance Principals for OCI SDKs. Is there something I might be missing with the permissions or the configuration? Any assistance would be appreciated. For context: I'm using Python on Linux. My development environment is macOS. Thanks in advance! What are your experiences with this? My team is using Python for this microservice. Any advice would be much appreciated. Any pointers in the right direction?