Listing buckets of an user that owns no buckets results in _is_sigv4_error_message

[rgherta]

Describe the bug

Good morning

I tested the following in ceph rgw provisioned with rook. I am testing this with a cephobjectstoreuser that owns no buckets.

$kubectl run aws --image amazon/aws-cli  -it --env AWS_ACCESS_KEY_ID="XXXXX" --env AWS_SECRET_ACCESS_KEY="XXXXX" -- s3 ls s3://mybucket-XXXXXX   --endpoint-url XXXXX.svc.cluster.local   --no-verify-ssl  --debug
...
026-01-21 17:43:58,087 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
  File "awscli/clidriver.py", line 530, in main
  File "awscli/customizations/commands.py", line 153, in __call__
  File "awscli/customizations/commands.py", line 207, in __call__
  File "awscli/customizations/s3/subcommands.py", line 801, in _run_main
  File "awscli/customizations/s3/subcommands.py", line 833, in _list_all_objects
  File "awscli/botocore/paginate.py", line 267, in __iter__
  File "awscli/botocore/context.py", line 124, in wrapper
  File "awscli/botocore/paginate.py", line 356, in _make_request
  File "awscli/botocore/client.py", line 438, in _api_call
  File "awscli/botocore/context.py", line 124, in wrapper
  File "awscli/botocore/client.py", line 896, in _make_api_call
  File "awscli/botocore/hooks.py", line 255, in emit
  File "awscli/botocore/hooks.py", line 238, in _emit
  File "awscli/customizations/s3errormsg.py", line 37, in enhance_error_msg
  File "awscli/customizations/s3errormsg.py", line 55, in _is_sigv4_error_message
TypeError: argument of type 'NoneType' is not iterable

I think the best response here would be a 403 forbidden. Also, if I do not explicitly call the bucket by s3://bucketname then I receive and empty response and the exit code of aws cli is 0.

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

A more relevant error message like "crendentials invalid"

Current Behavior

empty response or TypeError: argument of type 'NoneType' is not iterable

Reproduction Steps

try to aws ls contents using credentials of a cephobjectstoreuser that owns no bucket.

Possible Solution

No response

Additional Information/Context

No response

SDK version used

aws-cli/2.27.0 Python/3.14.2 Linux/6.18.5-200.fc43.x86_64 source/x86_64.fedora.43

Environment details (OS name and version, etc.)

Fedora

[RyanFitzSimmonsAK]

Hi @rgherta, thanks for reaching out. Boto3 is designed for usage with official AWS services, and not 3rd-party S3-like services. Could you try testing this behavior with exclusively AWS S3, and see if there's still issues? If so, please provide debug logs (boto3.set_stream_logger('')), and we'll be able to investigate.

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.