Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to authenticate with S3 (Credentials from AWS Command Line Interface) profile #15222

Closed
oohnoitz opened this issue Oct 19, 2023 · 1 comment · Fixed by #15236 or #15313
Closed

Unable to authenticate with S3 (Credentials from AWS Command Line Interface) profile #15222

oohnoitz opened this issue Oct 19, 2023 · 1 comment · Fixed by #15236 or #15313
Assignees
@dkocher
Labels
s3 AWS S3 Protocol Implementation
Milestone
8.7.1

Comments

@oohnoitz
Copy link

Describe the bug
When using version 8.7.0 with Credentials from AWS CLI profile, the following message is shown: "The AWS Access Key Id you provided does not exist in our records."

Downgrading back to 8.6.3 works correctly and picks up the credentials correctly.

To Reproduce
Steps to reproduce the behavior:

  1. Set up AWS SSO with either the legacy or new format
  2. Connect with the Credentials from AWS CLI profile
  3. See the error mentioned above

Expected behavior
Able to connect with SSO/credentials from CLI.

Desktop (please complete the following information):

  • OS: macOS 14.0

Log Files

8.7.0 connection log:

2023-10-19 08:06:31,259 [Thread-32] DEBUG ch.cyberduck.core.Session - Connection did open to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:06:31,259 [Thread-32] DEBUG ch.cyberduck.core.KeychainLoginService - Attempt authentication for Session{host=Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}, state=open}
2023-10-19 08:06:31,262 [Thread-32] DEBUG ch.cyberduck.core.s3.S3Session - Connect with basic credentials to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:06:31,267 [Thread-32] DEBUG ch.cyberduck.core.shared.DefaultPathHomeFeature - No default path set for bookmark Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', password='', tokens='STSTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}

8.6.3 connection log:

2023-10-19 08:07:54,934 [Thread-33] DEBUG ch.cyberduck.core.Session - Connection did open to Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null',
workdir=null, custom={s3.location=us-east-1}, labels=[]}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.KeychainLoginService - Attempt authentication for Session{host=Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}, state=open}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Load profiles from Local{path='/Users/xxxx/.aws/config'} and Local{path='/Users/xxxx/.aws/credentials'}
2023-10-19 08:07:54,935 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Reading AWS file Local{path='/Users/xxxx/.aws/config'}
2023-10-19 08:07:54,937 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Found matching profile SSO_TEST for profile name SSO_TEST
2023-10-19 08:07:54,937 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Configure credentials from basic profile SSO_TEST
2023-10-19 08:07:54,960 [Thread-33] DEBUG ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Attempting to read SSO credentials from /Users/xxxx/.aws/cli/cache/bf923355127d698e30fed927d41b3514b9a9d93e.json
2023-10-19 08:07:54,966 [Thread-33] WARN  ch.cyberduck.core.sts.AWSProfileSTSCredentialsConfigurator - Expired AWS SSO credentials.
2023-10-19 08:07:54,968 [Thread-33] DEBUG ch.cyberduck.core.shared.DefaultPathHomeFeature - No default path set for bookmark Host{protocol=Profile{parent=Profile{parent=s3, vendor=iterate GmbH, description=null, image=null}, vendor=s3-cli, description=S3 (Credentials from AWS Command Line Interface), image=null}, region='null', port=443, hostname='s3.amazonaws.com', credentials=Credentials{user='SSO_TEST', oauth='OAuthTokens{accessToken='', refreshToken='', expiryInMilliseconds=9223372036854775807}', token='', identity=null}, uuid='f7664d66-4c9c-415c-a05f-db67d26dad52', nickname='null', defaultpath='null', workdir=null, custom={s3.location=us-east-1}, labels=[]}

The biggest difference when looking at logs generated from both versions is that 8.6.3 mentioned the local credentials.
@dkocher dkocher added the s3 AWS S3 Protocol Implementation label Oct 19, 2023
@dkocher dkocher added this to the 8.7.1 milestone Oct 19, 2023
@calvinhobbes23
Copy link

I am having the same problem with this version

dkocher added a commit that referenced this issue Oct 20, 2023
@dkocher
Fix #15222.
21c14e8
@dkocher dkocher linked a pull request Oct 20, 2023 that will close this issue
Fix #15222. #15236
Merged
ylangisc added a commit that referenced this issue Oct 22, 2023
@ylangisc
Merge pull request #15236 from iterate-ch/bugfix/GH-15222
8827fd4 
Fix #15222.
This was referenced Oct 23, 2023
Closed
Closed
@dkocher dkocher changed the title Unable to connect with Credentials from AWS CLI Unable to authenticate with S3 (Credentials from AWS Command Line Interface) profile Oct 27, 2023
@dkocher dkocher mentioned this issue Oct 30, 2023
Closed
@dkocher dkocher self-assigned this Nov 2, 2023
@dkocher dkocher reopened this Nov 2, 2023
dkocher added a commit that referenced this issue Nov 2, 2023
@dkocher
Fix #15222 for basic profiles with no session token.
bf153c2
@dkocher dkocher linked a pull request Nov 2, 2023 that will close this issue
Fix #15222 for basic profiles with no session token. #15313
Merged
dkocher added a commit that referenced this issue Nov 2, 2023
@dkocher
Merge pull request #15313 from iterate-ch/bugfix/GH-15222-basicprofile
ce89270 
Fix #15222 for basic profiles with no session token.
@dkocher dkocher mentioned this issue Nov 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkocher dkocher

Labels
s3 AWS S3 Protocol Implementation
Projects
None yet
Milestone
8.7.1
3 participants
@dkocher @oohnoitz @calvinhobbes23