Match doesn't respect team_id when readonly is true.

[vruffer]

New Issue Checklist

• Updated fastlane to the latest version
• I read the Contribution Guidelines
• I read docs.fastlane.tools
• I searched for existing GitHub issues

Issue Description

In a setup where you have an S3 bucket (someS3Bucket) with multiple teams: team1 and team2. Running match(team_id: 'team1', readonly: true, storage: 's3', bucket: 'someS3Bucket') will try to download certificates and profiles for both team1 and team2.

I expected match to only download certificates and profiles from team1. The fact that it is downloading all certificates and provisioning profiles makes it quite hard to restrict access to certificates and profiles based on team_id. In the command output below, I am using the accessKeyId and secretAccessKey from a user, who only has read access to team1.

The reason I know fastlane is trying to download every file, is because I added a puts statement in ~/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/customizations/object.rb line 478:

def download_file(destination, options = {})
  downloader = FileDownloader.new(client: client)
  puts "bucket " + bucket_name + " key: " + key
  downloader.download(
    destination,
    options.merge(bucket: bucket_name, key: key)
  )
  true
end

Command executed

match(team_id: 'team1', readonly: 'true', storage: 's3', bucket: 'someS3Bucket')

Complete output when running fastlane, including the stack trace and command used

 match(type: "development", 
    storage_mode: 's3', 
    app_identifier: ["com.some.app"], 
    s3_region: "eu-west-1", 
    s3_bucket: "someS3Bucket", 
    s3_access_key: "SOMEACCESSKEYID",
    s3_secret_access_key: *********, 
    team_id: "team1",
    readonly: true,
    skip_certificate_matching: true)
[✔] 🚀 
[13:46:51]: fastlane detected a Gemfile in the current directory
[13:46:51]: However, it seems like you didn't use `bundle exec`
[13:46:51]: To launch fastlane faster, please use
[13:46:51]: 
[13:46:51]: $ bundle exec fastlane certificates
[13:46:51]: 
[13:46:51]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[13:46:52]: Driving the lane 'certificates' 🚀
[13:46:52]: -------------------
[13:46:52]: --- Step: match ---
[13:46:52]: -------------------
+----------------------------------------+--------------------------------------------------------+

|                                    Summary for match 2.209.1                                    |

+----------------------------------------+--------------------------------------------------------+

| type                                   | development                                            |

| storage_mode                           | s3                                                     |

| app_identifier                         | ["com.some.app"]                             |

| s3_region                              | eu-west-1                                              |

| s3_bucket                              | someS3Bucket  |

| s3_access_key                          | SOMEACCESSKEYID                                   |

| s3_secret_access_key                   | ********                                               |

| team_id                                | team1                                             |

| git_branch                             | master                                             |

| readonly                               | true                                                   |

| skip_certificate_matching              | true                                                   |

| generate_apple_certs                   | true                                                   |

| skip_provisioning_profiles             | false                                                  |

| shallow_clone                          | false                                                  |

| clone_branch_directly                  | false                                                  |

| skip_google_cloud_account_confirmation | false                                                  |

| keychain_name                          | login.keychain                                         |

| force                                  | false                                                  |

| force_for_new_devices                  | false                                                  |

| include_all_certificates               | false                                                  |

| force_for_new_certificates             | false                                                  |

| skip_confirmation                      | false                                                  |

| safe_remove_certs                      | false                                                  |

| skip_docs                              | false                                                  |

| platform                               | ios                                                    |

| derive_catalyst_app_identifier         | false                                                  |

| fail_on_name_taken                     | false                                                  |

| skip_set_partition_list                | false                                                  |

| verbose                                | false                                                  |

+----------------------------------------+--------------------------------------------------------+
+---------------+--------------+

|         Lane Context         |

+---------------+--------------+

| PLATFORM_NAME |              |

| LANE_NAME     | certificates |

+---------------+--------------+

[13:46:53]: Aws::S3::Errors::Forbidden
+------+--------+-------------+

|      fastlane summary       |

+------+--------+-------------+

| Step | Action | Time (in s) |

+------+--------+-------------+

| 💥   | match  | 0           |

+------+--------+-------------+
[13:46:53]: fastlane finished with errors
Looking for related GitHub issues on fastlane/fastlane...
➡️  Match receives Access Forbidden response

#20530 [open] 1 💬

3 days ago
➡️  fastlane init failed - undefined method `include?' for nil:NilClass

#20457 [open] 3 💬

4 weeks ago
➡️  Verifying that the certificate and profile are still valid on the Dev Portal... Reading keychain entry, because either user or password were empty

#20416 [closed] 4 💬

a week ago
and 24 more at: https://github.com/fastlane/fastlane/search?q=Aws%3A%3AS3%3A%3AErrors%3A%3AForbidden&type=Issues&utf8=✓
🔗  You can ⌘ + double-click on links to open them directly in your browser.

/Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in call': \e[31m[!] Aws::S3::Errors::Forbidden\e[0m (Aws::S3::Errors::Forbidden) from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:24:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/dualstack.rb:27:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/accelerate.rb:56:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/plugins/checksum_algorithm.rb:111:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:16:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/seahorse/client/plugins/request_callback.rb:71:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/seahorse/client/plugins/response_target.rb:24:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/seahorse/client/request.rb:72:in send_request'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/client.rb:7232:in head_object' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_downloader.rb:56:in multipart_download'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_downloader.rb:36:in download' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/customizations/object.rb:481:in download_file'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/customizations/object_summary.rb:80:in download_file' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/match/lib/match/storage/s3_storage.rb:113:in block in download'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:54:in yield' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:54:in block (3 levels) in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:53:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:53:in block (2 levels) in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:102:in yield' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:102:in block (2 levels) in non_empty_batches'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/bucket.rb:923:in yield' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/bucket.rb:923:in block (2 levels) in objects'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/pageable_response.rb:191:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/bucket.rb:913:in block in objects'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:101:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:101:in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:101:in block in non_empty_batches' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:52:in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:52:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:52:in block in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:58:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:58:in each'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/aws-sdk-core-3.132.0/lib/aws-sdk-core/resources/collection.rb:58:in each' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/match/lib/match/storage/s3_storage.rb:104:in download'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/match/lib/match/runner.rb:65:in run' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/actions/sync_code_signing.rb:19:in run'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:263:in block (2 levels) in execute_action' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/actions/actions_helper.rb:69:in execute_action'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:255:in block in execute_action' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:229:in chdir'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:229:in execute_action' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:157:in trigger_action_by_name'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/fast_file.rb:159:in method_missing' from Fastfile:27:in block in parsing_binding'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/lane.rb:33:in call' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:49:in block in execute'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:45:in chdir' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/runner.rb:45:in execute'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/lane_manager.rb:47:in cruise_lane' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/command_line_handler.rb:36:in handle'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/commands_generator.rb:110:in block (2 levels) in run' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/commander-4.6.0/lib/commander/command.rb:187:in call'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/commander-4.6.0/lib/commander/command.rb:157:in run' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/commander-4.6.0/lib/commander/runner.rb:444:in run_active_command'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane_core/lib/fastlane_core/ui/fastlane_runner.rb:124:in run!' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/commander-4.6.0/lib/commander/delegates.rb:18:in run!'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/commands_generator.rb:354:in run' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/commands_generator.rb:43:in start'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/fastlane/lib/fastlane/cli_tools_distributor.rb:123:in take_off' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/gems/fastlane-2.209.1/bin/fastlane:23:in <top (required)>'

from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/bin/fastlane:25:in load' from /Users/vvf/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/bin/fastlane:25:in 
'  

Environment

✅ fastlane environment ✅

Stack

Key	Value
OS	12.5.1
Ruby	3.1.2
Bundler?	false
Git	git version 2.32.1 (Apple Git-133)
Installation Source	~/Applications/homebrew/Cellar/fastlane/2.209.1/libexec/bin/fastlane
Host	macOS 12.5.1 (21G83)
Ruby Lib Dir	~/Applications/homebrew/Cellar/ruby/3.1.2_1/lib
OpenSSL Version	OpenSSL 1.1.1q 5 Jul 2022
Is contained	false
Is homebrew	true
Is installed via Fabric.app	false
Xcode Path	/Applications/Xcode.app/Contents/Developer/
Xcode Version	13.4.1
Swift Version	5.6.1

System Locale

Variable	Value
LANG	en_GB.UTF-8	✅
LC_ALL
LANGUAGE

fastlane files:

No Fastfile found
No Appfile found

fastlane gems

Gem	Version	Update-Status
fastlane	2.209.1	✅ Up-To-Date

Loaded fastlane plugins:

No plugins Loaded

Loaded gems

Gem	Version
error_highlight	0.3.0
did_you_mean	1.6.1
atomos	0.1.3
rexml	3.2.5
CFPropertyList	3.0.5
claide	1.1.0
colored2	3.1.2
nanaimo	0.3.0
xcodeproj	1.22.0
rouge	2.0.7
xcpretty	0.3.0
terminal-notifier	2.0.0
unicode-display_width	1.8.0
terminal-table	1.8.0
plist	3.6.0
public_suffix	5.0.0
addressable	2.8.1
multipart-post	2.0.0
word_wrap	1.0.0
optparse	0.1.1
tty-screen	0.8.1
tty-cursor	0.7.1
tty-spinner	0.9.3
artifactory	3.0.15
babosa	1.0.4
colored	1.2
highline	2.0.3
commander	4.6.0
excon	0.92.4
faraday-em_http	1.0.0
faraday-em_synchrony	1.0.0
faraday-excon	1.1.0
faraday-httpclient	1.0.1
faraday-multipart	1.0.4
faraday-net_http	1.0.1
faraday-net_http_persistent	1.2.0
faraday-patron	1.0.0
faraday-rack	1.0.0
faraday-retry	1.0.3
ruby2_keywords	0.0.5
faraday	1.10.1
unf_ext	0.0.8.2
unf	0.1.4
domain_name	0.5.20190701
http-cookie	1.0.5
faraday-cookie_jar	0.0.7
faraday_middleware	1.2.0
fastimage	2.2.6
gh_inspector	1.1.3
json	2.6.1
mini_magick	4.11.0
naturally	2.2.1
rubyzip	2.3.2
security	0.1.3
xcpretty-travis-formatter	1.0.1
dotenv	2.8.1
bundler	2.3.11
simctl	1.6.8
jwt	2.4.1
uber	0.1.0
declarative	0.0.20
trailblazer-option	0.1.2
representable	3.2.0
retriable	3.1.2
mini_mime	1.1.2
memoist	0.16.2
multi_json	1.15.0
os	1.1.4
signet	0.17.0
googleauth	1.2.0
httpclient	2.8.3
webrick	1.7.0
google-apis-core	0.7.0
google-apis-playcustomapp_v1	0.10.0
google-apis-androidpublisher_v3	0.25.0
google-cloud-env	1.6.0
google-cloud-errors	1.2.0
google-cloud-core	1.6.0
google-apis-iamcredentials_v1	0.13.0
google-apis-storage_v1	0.17.0
rake	13.0.6
digest-crc	0.6.4
google-cloud-storage	1.38.0
emoji_regex	3.2.3
jmespath	1.6.1
aws-partitions	1.620.0
aws-eventstream	1.2.0
aws-sigv4	1.5.1
aws-sdk-core	3.132.0
aws-sdk-kms	1.58.0
aws-sdk-s3	1.114.0
set	1.0.2
forwardable	1.3.2
logger	1.5.0
pathname	0.2.0
shellwords	0.1.0
cgi	0.3.1
date	3.2.2
timeout	0.2.0
stringio	3.0.1
securerandom	0.1.1
uri	0.11.0
openssl	3.0.0
digest	3.1.0
io-nonblock	0.1.0
ipaddr	1.2.4
io-wait	0.2.1
zlib	2.1.1
resolv	0.2.1
time	0.2.0
open-uri	0.2.0
mutex_m	0.1.1
net-protocol	0.1.2
net-http	0.2.0
ostruct	0.5.2
english	0.7.1
erb	2.2.3
strscan	3.0.1
abbrev	0.1.0
io-console	0.5.11
tempfile	0.1.2
delegate	0.2.0
fileutils	1.6.0
tmpdir	0.1.2
base64	0.1.1
singleton	0.1.1
open3	0.1.1
nkf	0.1.1
prettyprint	0.1.1
pp	0.3.0
find	0.1.1
yaml	0.2.0
psych	4.0.3

generated on: 2022-09-08

[fastlane-bot]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.

Please make sure to update to the latest fastlane version and check if that solves the issue. Let us know if that works for you by adding a comment 👍

Friendly reminder: contributions are always welcome! Check out CONTRIBUTING.md for more information on how to help with fastlane and feel free to tackle this issue yourself 💪

This issue will be auto-closed if there is no reply within 1 month.

[fastlane-bot]

This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem 👍