Using roleArn results in error 'Access key cannot be null'

[nmwilk]

Found in 1.3

Using roleArn instead of accessKey & secretKey, as follows:

authentication {
    roleArn "arn:aws:iam::[redacted]:role/[role_name]"
}

results in Access key cannot be null error when executing devicefarmUpload.

Adding an accessKey then results in Secret key cannot be null.

Adding an accessKey & secretKey means the plugin attempts to use them over the roleArn (I used dummy keys when attempting this).

[bradley-curran]

Thanks for submitting this issue.

I'm looking into the bug now. Have you seen this issue in previous versions of the plugin? (v1.2 etc)

[nmwilk]

No, the plugin is new to me and 1.3 is the first one I've tried.

[bradley-curran]

I've reproduced the issue locally on v1.3 using the following in my module build.gradle

devicefarm {
    projectName "Test"

    authentication {
        roleArn "arn:aws:iam::000000000000:role/MyRole"
    }
}

[wturney]

Any update on this issue? Appears to affect 1.2 as well.

[bradley-curran]

Once the above PR is merged I'll create 1.4 so you can use the fixed version.

If you need this quickly you can checkout the PR and build from source.

If you decide to build from source let me know if you have any problems.

[wturney]

I appreciate the response. Wound up forking it and adding a fallback to the default credential provider chain if no explicit overrides are provided via configuration.

    public AWSDeviceFarm initializeApiClient(final DeviceFarmExtension extension) {
        final AWSDeviceFarmClientBuilder clientBuilder = AWSDeviceFarmClientBuilder.standard();
        final Authentication authentication = extension.getAuthentication();
        final AWSCredentialsProvider credentialsProvider = getAwsCredentialsProvider(authentication);
        final ClientConfiguration clientConfiguration = new ClientConfiguration()
                .withUserAgentSuffix(String.format(extension.getUserAgent(), pluginVersion));
        return clientBuilder.withCredentials(credentialsProvider)
                .withClientConfiguration(clientConfiguration)
                .withRegion("us-west-2")
                .build();
    }

    private AWSCredentialsProvider getAwsCredentialsProvider(Authentication authentication) {
        AWSCredentialsProvider credentialsProvider;
        if (authentication != null && authentication.isValid()) {
            if (authentication.getRoleArn() != null) {
                credentialsProvider = new STSAssumeRoleSessionCredentialsProvider
                        .Builder(authentication.getRoleArn(), RandomStringUtils.randomAlphanumeric(8))
                        .build();
            } else {
                BasicAWSCredentials credentials = new BasicAWSCredentials(authentication.getAccessKey(), authentication.getSecretKey());
                credentialsProvider = new STSSessionCredentialsProvider(credentials);
            }
        } else {
            credentialsProvider = DefaultAWSCredentialsProviderChain.getInstance();
        }
        return credentialsProvider;
    }

[bradley-curran]

That's definitely another way of resolving the issue.

As far as I can tell, the devicefarmUpload task will work even if you don't provide an authentication closure, correct?

[ollyjshaw]

👍 Great to see this issue progressing. It will help us use it more idiomati Any ideas on a release? Thanks.

[rivercartwright]

I would also like a release of 1.4 with the roleArn fix please. Any idea when?

[anandkiran2007]

Is this issue fixed ?

[shariyatha]

any update on this or workaround. ?

[igor-brishkoski]

seeing this as well