search

aws / aws-sdk-php

Official repository of the AWS SDK for PHP (@awsforphp)
http://aws.amazon.com/sdkforphp
Apache License 2.0
6.04k stars 1.23k forks source link

InstanceProfile credentials provider causing open_basedir restriction error since 3.297.0 #2887

Closed mensler closed 8 months ago

mensler commented 9 months ago

Describe the bug

With version 3.297.0 of the SDK the custom endpoint for IMDS was introduced in the InstanceProfileProvider. It calls ConfigurationResolver::resolve() with the option use_aws_shared_config_files set to true, which causes an ErrorException because of the open_basedir setting.

Expected Behavior

The config option use_aws_shared_config_files should not be set to true, but reflect the client setting instead, so no error is thrown because of open_basedir restrictions.

Current Behavior

ErrorException: is_readable(): open_basedir restriction in effect. File(/usr/share/httpd/.aws/config) is not within the allowed path(s): (/var/www/:/tmp/:/usr/share/GeoIP/)
#38 [internal](0): is_readable
#37 /vendor/aws/aws-sdk-php/src/Configuration/ConfigurationResolver.php(111): Aws\Configuration\ConfigurationResolver::ini
#36 /vendor/aws/aws-sdk-php/src/Configuration/ConfigurationResolver.php(47): Aws\Configuration\ConfigurationResolver::resolve
#35 /vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php(368): Aws\Credentials\InstanceProfileProvider::resolveEndpoint
#34 /vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php(252): Aws\Credentials\InstanceProfileProvider::request
#33 /vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php(107): Aws\Credentials\InstanceProfileProvider::Aws\Credentials\{closure}
#32 [internal](0): Generator::current
#31 /vendor/guzzlehttp/promises/src/Coroutine.php(71): GuzzleHttp\Promise\Coroutine::__construct
#30 /vendor/guzzlehttp/promises/src/Coroutine.php(86): GuzzleHttp\Promise\Coroutine::of
#29 /vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php(101): Aws\Credentials\InstanceProfileProvider::__invoke
#28 /vendor/aws/aws-sdk-php/src/Credentials/CredentialProvider.php(214): Aws\Credentials\CredentialProvider::Aws\Credentials\{closure}

Reproduction Steps

$CredentialsProvider = CredentialProvider::memoize(CredentialProvider::instanceProfile());
$credentials = call_user_func($CredentialsProvider)->wait();

Possible Solution

No response

Additional Information/Context

No response

SDK version used

3.299.1

Environment details (Version of PHP (php -v)? OS name and version, etc.)

PHP 8.2, Amazon Linux 2

stobrien89 commented 8 months ago

Hi @mensler,

This should be fixed by #2894, which will be available in today's release. Please let us know if you're still having issues!

github-actions[bot] commented 8 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.