Rails 5.2 Active Storage 清除/删除附件不会删除 Blob 或附件记录 [英] Rails 5.2 Active Storage purging/deleting attachements won't delete Blob or Attachent records
问题描述
我正在使用 rails 5.2 并且我正在尝试使用 Amazon S3 设置 Active Storage.我的应用程序可以完全访问 S3,并且可以将 avatar 图像附加到 user.但是当我尝试删除头像时,我遇到了以下问题:
I am using rails 5.2 and I am trying to set up Active Storage with Amazon S3. My application has full access to S3 and I am able to attach an avatar image to a user. But when I try to delete the avatar, I run into the following issues:
> user.avatar.attached? #true`
> user.avatar.purge
S3 Storage (697.9ms) Deleted file from key: Ns1KBRzdgxLNnY31sH72vT5t
S3 Storage (227.0ms) Deleted files by key prefix: variants/Ns1KBRzdgxLNnY31sH72vT5t/
Aws::S3::Errors::AccessDenied: Access Denied
然后,当我检查存储桶时,该文件实际上已被删除,但在数据库中查看时,Blob 和 Attachment 记录仍然存在.
Then when I inspect the bucket, the file was actually deleted, but looking in the database, both Blob, and the Attachment records are still present.
知道为什么会这样吗?
编辑根据接受的答案中的建议,我对 IAM 权限进行了一些更新.这些是我更新的项目:
EDIT I made some updates in my IAM permissions following the advice from the accepted answer. These are the items that I updated:
- 将策略附加到我的 IAM 用户,而不是我的 s3 存储桶.
- 列出了所有必需的操作.
- 在资源字段中添加整个存储桶,而不仅仅是所有对象.
最后我的策略 json 看起来像这样:
In the end my policy json looked like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-bucket/*",
"arn:aws:s3:::my-bucket"
]
}
]
}
推荐答案
您用于 Active Storage 的 S3 帐户必须具有对整个存储桶的 s3:DeleteObject 权限.(如 Active Storage 指南 中所述,它还必须具有s3:ListBucket、s3:PutObject 和 s3:GetObject 权限.)
The S3 account you use for Active Storage must have the s3:DeleteObject permission for the entire bucket. (As specified in the Active Storage guide, it must also have the s3:ListBucket, s3:PutObject, and s3:GetObject permissions.)
这篇关于Rails 5.2 Active Storage 清除/删除附件不会删除 Blob 或附件记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
