search

Netflix / asgard

[Asgard is deprecated at Netflix. We use Spinnaker ( www.spinnaker.io ).] Web interface for application deployments and cloud management in Amazon Web Services (AWS). Binary download: http://github.com/Netflix/asgard/releases
http://netflix.github.com/asgard
Apache License 2.0
2.24k stars 403 forks source link

Exception when AWS secret key contains the '/' character #448

Open e0d opened 10 years ago

e0d commented 10 years ago

Recording this for others who might run into it. There seems to be a bug somewhere such that if the secret key contains the '/' character invalid request signatures are generated. I don't know the root cause yet, but generating a new key pair can work around the issue.

[2013-12-30 10:39:07,508] grails.web.context.GrailsContextLoader    Error initializing the application: Error creating bean with name 'applicationService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsAutoScalingService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsCloudWatchService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsSnsService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsSqsService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'taskService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowService': Cannot create inner bean '(inner bean)' while setting bean property 'target'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#5': Invocation of init method failed; nested exception is com.amazonaws.AmazonServiceException: Status Code: 400, AWS Service: AmazonSimpleWorkflow, AWS Request ID: 850fa85b-7168-11e3-8e5e-b356cdc789fa, AWS Error Code: InvalidSignatureException, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/
content-length:35
content-type:application/x-amz-json-1.0
host:swf.us-east-1.amazonaws.com
user-agent:asgard-1.4, aws-sdk-java/1.6.6 Linux/3.12.5-200.fc19.x86_64 OpenJDK_64-Bit_Server_VM/24.45-b08
x-amz-date:20131230T153906Z
x-amz-target:SimpleWorkflowService.ListDomains
content-length;content-type;host;user-agent;x-amz-date;x-amz-target
480b16fde2af3a6d51239c5c94a38303a5fa48e5e08a29478db01d6169db2506'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20131230T153906Z
20131230/us-east-1/swf/aws4_request
d980444f17a0e8c51be4ded10956406cdbf6783b00309d0cc49ec7c6dbbbfb0d'
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'applicationService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsAutoScalingService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsCloudWatchService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsSnsService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'awsSqsService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'taskService': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flowService': Cannot create inner bean '(inner bean)' while setting bean property 'target'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#5': Invocation of init method failed; nested exception is com.amazonaws.AmazonServiceException: Status Code: 400, AWS Service: AmazonSimpleWorkflow, AWS Request ID: 850fa85b-7168-11e3-8e5e-b356cdc789fa, AWS Error Code: InvalidSignatureException, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/
danveloper commented 10 years ago

@e0d I'm not sure the root cause of this problem, but I think at a minimum we can make that error more logical. Thanks for the details.