We have an openstack (swift) S3 bucket available. When it is configured as a private bucket, everything is working fine in onyxia. But at soon as it is defined as a public bucket, the test connection keeps working (as well as the listing of existing files), but we receive an HTTP 403 Forbidden error when trying to interact (PUT/POST, DELETE) with the bucket from the "My files" tab.

A bucket example has been configured in my account at your sspcloud instance if you want to impersonate my user account. (username: slyobard)

Tips: Within a Jupyter Notebook instance on the datalab, it seems that the minio client commands to PUT or DELETE files are working...

Regards.

After some debugging, we are now one step further : the 403 is tied to referer header being present (which we probably have no control over since Onyxia is web-based).
Removing the referer header makes the request magically work.
I suspect you have some checks on aws:Referer somewhere in your s3 policies, probably applied when you activate public mode

Can I close this or ther is something I should do on my end?

Hi @garronej, yes I think you can. We'll investigate a bit more on our side. Thx

Just to let you know that we succeeded to add the following bucket policy and that it works now:

{
    "Statement": [{
        "Effect": "Allow",
        "Principal": {"AWS": "*"},
        "Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"],
        "Condition": {
            "StringLike": {
                "aws:Referer": [ "https://my.domain/*" ]
            }
        }
    } ]
}