Merge pull request #10188 from Direnol/yandex/check-access-to-specific-bucket

verifying the access to a specific bucket

post-processor/yandex-export/script.go

@@ -46,6 +46,12 @@ Exit () {
     aws s3 --region ru-central1 --endpoint-url=https://storage.yandexcloud.net cp /var/log/syslog ${LOGDEST}
   done
 
+  echo "Delete static access key..."
+  if ! yc iam access-key delete ${YC_SK_ID} ; then
+    echo "Failed to delete static access key."
+    FAIL=1
+  fi
+
   if [ $1 -ne 0 ]; then
 	echo "Set metadata key 'cloud-init-status' to 'cloud-init-error' value"
     if ! yc compute instance update ${INSTANCE_ID} --metadata cloud-init-status=cloud-init-error ; then
@@ -53,7 +59,7 @@ Exit () {
 	  exit 111
 	fi
   fi
-	
+
   exit $1
 }
 
@@ -83,11 +89,14 @@ fi
 echo "Setup env variables to access storage..."
 eval "$(jq -r '@sh "export YC_SK_ID=\(.access_key.id); export AWS_ACCESS_KEY_ID=\(.access_key.key_id); export AWS_SECRET_ACCESS_KEY=\(.secret)"' <<<${SEC_json}  )"
 
-echo "Check access to storage..."
-if ! aws s3 --region ru-central1 --endpoint-url=https://storage.yandexcloud.net ls > /dev/null ; then
-  echo "Failed to access storage."
-  Exit 1
-fi
+for i in ${PATHS}; do
+  bucket=$(echo ${i} | sed 's/\(s3:\/\/[^\/]*\).*/\1/')
+  echo "Check access to storage: '${bucket}'..."
+  if ! aws s3 --region ru-central1 --endpoint-url=https://storage.yandexcloud.net ls ${bucket} > /dev/null ; then
+    echo "Failed to access storage: '${bucket}'."
+    Exit 1
+  fi
+done
 
 echo "Creating disk from image to be exported..."
 if ! yc compute disk create --name ${DISKNAME} --source-image-id ${IMAGE_ID} --zone ${ZONE}; then
@@ -126,11 +135,6 @@ for i in ${PATHS}; do
   fi
 done
 
-echo "Delete static access key..."
-if ! yc iam access-key delete ${YC_SK_ID} ; then
-  echo "Failed to delete static access key."
-  FAIL=1
-fi
 
 echo "Set metadata key 'cloud-init-status' to 'cloud-init-done' value"
 if ! yc compute instance update ${INSTANCE_ID} --metadata cloud-init-status=cloud-init-done ; then