search

aws / aws-sdk-ruby

The official AWS SDK for Ruby.
https://aws.amazon.com/sdk-for-ruby/
Apache License 2.0
3.58k stars 1.23k forks source link

aws-sdk-s3: NoMethodError: undefined method `account_id' for an instance of Aws::STS::Types::Credentials #3114

Closed MrJoy closed 1 month ago

MrJoy commented 1 month ago

Describe the bug

Starting with 1.164.x, I'm seeing an exception when trying to assume a role via STS. 1.163.x does not exhibit this behavior. Specifically, the S3 SDK is attempting to access an apparently non-existent account_id property on Aws::STS::Types::Credentials.

Regression Issue

Expected Behavior

I expected the code that I wrote and have been successfully using untouched for months to continue working.

Specifically, I'm using Aws::STS::Client to assume_role before performing S3 operations.

Current Behavior

NoMethodError: undefined method `account_id' for an instance of Aws::STS::Types::Credentials (NoMethodError)

          if context.config.credentials&.credentials&.account_id
                                                    ^^^^^^^^^^^^
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/endpoints.rb:63:in `with_metrics'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/endpoints.rb:52:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/endpoint_discovery.rb:84:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/seahorse/client/plugins/endpoint.rb:46:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/url_encoded_keys.rb:43:in `manage_keys'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/url_encoded_keys.rb:35:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/param_validator.rb:26:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/seahorse/client/plugins/raise_response_errors.rb:16:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:24:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/dualstack.rb:21:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/plugins/accelerate.rb:43:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/checksum_algorithm.rb:111:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:16:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/invocation_id.rb:16:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/seahorse/client/plugins/request_callback.rb:89:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/seahorse/client/plugins/response_target.rb:24:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/telemetry.rb:39:in `block in call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/telemetry/no_op.rb:29:in `in_span'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/telemetry.rb:53:in `span_wrapper'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/aws-sdk-core/plugins/telemetry.rb:39:in `call'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-core-3.209.0/lib/seahorse/client/request.rb:72:in `send_request'
/Users/jonathonfrisby/.rbenv/versions/3.3.1/gemsets/fasterbetter-app/gems/aws-sdk-s3-1.164.0/lib/aws-sdk-s3/client.rb:11713:in `list_objects'
/Users/jonathonfrisby/fb/app/lib/tasks/s3.rake:49:in `gc_bucket'
/Users/jonathonfrisby/fb/app/lib/tasks/s3.rake:77:in `block (3 levels) in <top (required)>'

Reproduction Steps

def session_token(env)
  role_arn = get_role(env)
  puts "Getting session credentials for role: #{role_arn}"

  client = Aws::STS::Client.new

  client.assume_role({
                       role_arn:,
                       role_session_name: "s3_gc",
                     })
end

# ...

client = Aws::S3::Client.new(credentials: session_token(env))

client.list_objects(bucket:).contents.each do |object| # <-- Exception happens here.
  # ...
end

Possible Solution

No response

Additional Information/Context

No response

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

aws-sdk-s3 1.164.x and 1.165.x.

Environment details (Version of Ruby, OS environment)

Ruby 3.3.1, macOS 14.6.1

alextwoods commented 1 month ago

Same issue as in: https://github.com/aws/aws-sdk-ruby/issues/3110

In general, we recommend that you use supported credentials objects rather than the responses returned by client calls - in this case, you can use the AssumeRoleCredentials which will give you automatic refreshing of the credentials as well!

Service clients expect credentials to be provided as a Aws::CredentialProvider, eg: see the S3 Client#initialize docs.

MrJoy commented 1 month ago

@alextwoods Thank you for the guidance. I'll take a look into that.

mullermp commented 1 month ago

You should just be able to do: credentials = Aws::AssumeRoleCredentials.new(role_arn: get_role(env), role_session_name: 's3_gc') as a drop in replacement, then create your client with it.

github-actions[bot] commented 1 month ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.