Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aws::SharedCredentials regression #1257

Closed
temujin9 opened this issue Jul 26, 2016 · 5 comments
Closed

Aws::SharedCredentials regression #1257

temujin9 opened this issue Jul 26, 2016 · 5 comments

Comments

@temujin9
Copy link

v.2.4.0 and v2.4.1 work fine with AWS_PROFILE role assumption. v2.4.2 or later fail

/home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/request_signer.rb:100:in `require_credentials': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError)
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/request_signer.rb:90:in `sign_authenticated_requests'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/request_signer.rb:83:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:10:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/retry_errors.rb:87:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/query/handler.rb:27:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/user_agent.rb:12:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/seahorse/client/plugins/endpoint.rb:41:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/seahorse/client/plugins/response_target.rb:21:in `call'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/seahorse/client/request.rb:70:in `send_request'
        from /home/temujin9/.gem/ruby/1.9.1/gems/aws-sdk-core-2.4.2/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
        from /home/temujin9/.gem/ruby/1.9.1/gems/cloudformation-ruby-dsl-1.2.1/lib/cloudformation-ruby-dsl/cfntemplate.rb:297:in `cfn'
        from /home/temujin9/.gem/ruby/1.9.1/gems/cloudformation-ruby-dsl-1.2.1/lib/cloudformation-ruby-dsl/cfntemplate.rb:556:in `exec!'
        from ./nexpose-console.rb:158:in `<main>'

This has forced us to pin the version in our Gemfile to use the shared credentials.
@trevorrowe
Copy link
Member

Thanks for reporting this issue. We are having discussion about this now. I'll get back here shortly.

@awood45
Copy link
Member

awood45 commented Jul 26, 2016

Three part answer:

First, the workaround. Make sure that the AWS_SDK_LOAD_CONFIG environment variable is set, for example to "1", and your code should work. That's the feature flag environment variable, and setting it will get you back on track.

Second, why this happened in 2.4.2. The 2.4.0 and 2.4.1 releases had a code bug where we ignored the feature flag and always used the new credential resolution chain, which is why your code worked without a feature flag. Technically, the new credential resolution chain is a breaking change, hence the feature flag.

Third, what might happen. We're discussing if we should remove the feature flag, since the breaking change surface area is low. That discussion is ongoing (and we're open to input).

For now - set the environment variable AWS_SDK_LOAD_CONFIG and you'll be working again.

@temujin9
Copy link
Author

Aha! We had tried that earlier, but in the storm of problems (this was not the only one) we lost track of trying it again.

I strongly vote for the removal of the flag. This is the documented way that aws configuration is supposed to work. Inobvious flags needed in addition end up confusing the issue.

As we have it patched (via version pinning) where we need it for the moment, I think I'm just going to leave it as is until you've decided. Can you ping here when you do?

@awood45
Copy link
Member

awood45 commented Jul 26, 2016

Sure, I can leave this open.

@awood45
Copy link
Member

awood45 commented Aug 2, 2016

#1263 creates an opt-out flag, and makes this behavior on by default. When merged, it will be released as version 2.5.0.

@awood45 awood45 closed this as completed Aug 2, 2016
@awood45 awood45 removed the pending label Aug 2, 2016
@geekifier geekifier mentioned this issue Aug 3, 2016
Closed
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Aug 3, 2016
@jasdel
aws/session: Enables support for Shared Config by default
b831511 
Updates the SDK so by default the Session returned will be created with the
configuration loaded from the shared config file (~/.aws/config) will also be
loaded, in addition to the shared credentials file (~/.aws/config). Options
set in both the shared config, and shared credentials will be taken from the
shared credentials file. This functionality can be disabled by setting the
AWS_SDK_CONFIG_OPTOUT environment variable.

This also brings the SDK in like with the AWS SDK for Ruby to use an opt
out flag with default support for the shared config.

Related: aws#472, aws/aws-sdk-ruby#1257
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Aug 3, 2016
@jasdel
aws/session: Enables support for Shared Config by default
f491850 
Updates the SDK so by default the Session returned will be created with the
configuration loaded from the shared config file (~/.aws/config) will also be
loaded, in addition to the shared credentials file (~/.aws/config). Options
set in both the shared config, and shared credentials will be taken from the
shared credentials file. This functionality can be disabled by setting the
AWS_SDK_CONFIG_OPT_OUT environment variable.

This also brings the SDK in like with the AWS SDK for Ruby to use an opt
out flag with default support for the shared config.

Related: aws#472, aws/aws-sdk-ruby#1257
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Aug 3, 2016
@jasdel
aws/session: Enables support for Shared Config by default
b5b11a1 
Updates the SDK so by default the Session returned will be created with the
configuration loaded from the shared config file (~/.aws/config) will also be
loaded, in addition to the shared credentials file (~/.aws/config). Options
set in both the shared config, and shared credentials will be taken from the
shared credentials file. This functionality can be disabled by setting the
AWS_SDK_CONFIG_OPT_OUT environment variable.

This also brings the SDK in like with the AWS SDK for Ruby to use an opt
out flag with default support for the shared config.

Related: aws#472, aws/aws-sdk-ruby#1257
@jasdel jasdel mentioned this issue Aug 3, 2016
Closed
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Aug 4, 2016
@jasdel
aws/session: Enables support for Shared Config by default
899f70d 
Updates the SDK so by default the Session returned will be created with the
configuration loaded from the shared config file (~/.aws/config) will also be
loaded, in addition to the shared credentials file (~/.aws/config). Options
set in both the shared config, and shared credentials will be taken from the
shared credentials file. This functionality can be disabled by setting the
AWS_SDK_CONFIG_OPT_OUT environment variable.

This changes the behavior added in v1.3.0 to load the shared config by
default instead of requiring an opt in flag. This also brings the SDK in
like with the AWS SDK for Ruby to use an opt out flag with default support for
the shared config.

Related: aws#472, aws/aws-sdk-ruby#1257
jasdel added a commit to jasdel/aws-sdk-go that referenced this issue Aug 8, 2016
@jasdel
aws/session: Enables support for Shared Config by default
f80e6d0 
Updates the SDK so by default the Session returned will be created with the
configuration loaded from the shared config file (~/.aws/config) will also be
loaded, in addition to the shared credentials file (~/.aws/config). Options
set in both the shared config, and shared credentials will be taken from the
shared credentials file. This functionality can be disabled by setting the
AWS_SDK_CONFIG_OPT_OUT environment variable.

This changes the behavior added in v1.3.0 to load the shared config by
default instead of requiring an opt in flag. This also brings the SDK in
like with the AWS SDK for Ruby to use an opt out flag with default support for
the shared config.

Related: aws#472, aws/aws-sdk-ruby#1257
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@trevorrowe @temujin9 @awood45