2.3.3 — `ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter` Fails in China

[kyleVsteger]

Environment

• Elixir & Erlang versions (elixir --version):

  Erlang/OTP 24 [erts-12.3.2] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1]
  Elixir 1.13.4 (compiled with Erlang/OTP 22)

• ExAws version mix deps |grep ex_aws

• ex_aws (Hex package) (mix) locked at 2.3.3 (ex_aws) 140f65eb
• ex_aws_s3 (Hex package) (mix) locked at 2.3.3 (ex_aws_s3) 0044f0b6
• ex_aws_sts (Hex package) (mix) locked at 2.3.0 (ex_aws_sts) f14e4c7d

• HTTP client version. IE for hackney do mix deps | grep hackney

• hackney 1.18.1 (Hex package) (rebar3) locked at 1.18.1 (hackney) a4ecdaff

Summary

I was unable to authenticate using the ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter in cn-northwest-1 after updating from 2.2.10 -> 2.3.3.

Current behavior

Config

config :ex_aws,
  access_key_id: [
    {:system, "AWS_ACCESS_KEY_ID"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  secret_access_key: [
    {:system, "AWS_SECRET_ACCESS_KEY"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter,
  region: "cn-northwest-1"

Stacktrace

** (exit) exited in: GenServer.call(ExAws.Config.AuthCache, {:refresh_awscli_config, "myprofile", 30000}, 30000)
    ** (EXIT) an exception was raised:
        ** (RuntimeError) sso not found in partition aws-cn
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:175: ExAws.Config.Defaults.fetch_or/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:147: ExAws.Config.Defaults.do_host/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:89: ExAws.Config.Defaults.get/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:70: ExAws.Config.build_base/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:54: ExAws.Config.http_config/2
            (ex_aws 2.3.3) lib/ex_aws/credentials_ini/file.ex:15: ExAws.CredentialsIni.File.security_credentials/1
            (ex_aws 2.3.3) lib/ex_aws/config.ex:158: ExAws.Config.awscli_auth_credentials/2
            (ex_aws 2.3.3) lib/ex_aws/config/auth_cache.ex:65: ExAws.Config.AuthCache.refresh_awscli_config/3

Expected behavior

Authentication should work in the China region as it did in previous releases.

Thanks @bernardd! Please let me know if you need any other info!

[bernardd]

Hi @kyleVsteger - apologies this took so long. Life happened etc etc, and also it wasn't quite the trivial fix I thought it might have been. If you can try v2.3.4 and let me know if it resolves this, that would be great, thanks.

[kyleVsteger]

I'll put this on my list of things to check during our cooldown cycle. Thanks @bernardd!