Giters

ex-aws / ex_aws

A flexible, easy to use set of clients AWS APIs for Elixir

Home Page:https://hex.pm/packages/ex_aws

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

2.3.3 — `ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter` Fails in China

kyleVsteger opened this issue · comments

commented

Environment

  • Elixir & Erlang versions (elixir --version):
Erlang/OTP 24 [erts-12.3.2] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1]
Elixir 1.13.4 (compiled with Erlang/OTP 22)
  • ExAws version mix deps |grep ex_aws
* ex_aws (Hex package) (mix)
  locked at 2.3.3 (ex_aws) 140f65eb
* ex_aws_s3 (Hex package) (mix)
  locked at 2.3.3 (ex_aws_s3) 0044f0b6
* ex_aws_sts (Hex package) (mix)
  locked at 2.3.0 (ex_aws_sts) f14e4c7d
  • HTTP client version. IE for hackney do mix deps | grep hackney
* hackney 1.18.1 (Hex package) (rebar3)
  locked at 1.18.1 (hackney) a4ecdaff

Summary

I was unable to authenticate using the ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter in cn-northwest-1 after updating from 2.2.10 -> 2.3.3.

Current behavior

Config

config :ex_aws,
  access_key_id: [
    {:system, "AWS_ACCESS_KEY_ID"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  secret_access_key: [
    {:system, "AWS_SECRET_ACCESS_KEY"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter,
  region: "cn-northwest-1"

Stacktrace

** (exit) exited in: GenServer.call(ExAws.Config.AuthCache, {:refresh_awscli_config, "myprofile", 30000}, 30000)
    ** (EXIT) an exception was raised:
        ** (RuntimeError) sso not found in partition aws-cn
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:175: ExAws.Config.Defaults.fetch_or/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:147: ExAws.Config.Defaults.do_host/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:89: ExAws.Config.Defaults.get/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:70: ExAws.Config.build_base/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:54: ExAws.Config.http_config/2
            (ex_aws 2.3.3) lib/ex_aws/credentials_ini/file.ex:15: ExAws.CredentialsIni.File.security_credentials/1
            (ex_aws 2.3.3) lib/ex_aws/config.ex:158: ExAws.Config.awscli_auth_credentials/2
            (ex_aws 2.3.3) lib/ex_aws/config/auth_cache.ex:65: ExAws.Config.AuthCache.refresh_awscli_config/3

Expected behavior

Authentication should work in the China region as it did in previous releases.

Thanks @bernardd! Please let me know if you need any other info!

commented

Hi @kyleVsteger - apologies this took so long. Life happened etc etc, and also it wasn't quite the trivial fix I thought it might have been. If you can try v2.3.4 and let me know if it resolves this, that would be great, thanks.

commented

I'll put this on my list of things to check during our cooldown cycle. Thanks @bernardd!