pplu / aws-sdk-perl

A community AWS SDK for Perl Programmers
Other
171 stars 94 forks source link

IoT AttachPrincipalPolicy bug #205

Open asgard311 opened 7 years ago

asgard311 commented 7 years ago

I am trying to attach a policy to a principal after getting the identity from Cognito using GetOpenIdTokenForDeveloperIdentity.

Each time i try and call it though i get 'Credential should be scoped to correct service: 'execute-api'.'

However, when i use the aws client to run attachprinicpalpolicy it works so i know that i am not missing any permissions.

any help would be appreciated.

the full code

use Paws::IoT;

my $paws = Paws->new();

my $cog = $paws->service('CognitoIdentity');

my $tok = $cog->GetOpenIdTokenForDeveloperIdentity(IdentityPoolId=>'POOL0-ID',
    Logins=>{'XXXXX.XXX.XXX'=>'email@example.com'});

my $id = $tok->IdentityId;

my $iot = $paws->service('IoT');
$iot->AttachPrincipalPolicy(PolicyName=>'policy-name',Principal=>$id);
pplu commented 7 years ago

Hello,

Can you provide the difference between a request generated by Paws and a request generated with the aws client?

asgard311 commented 7 years ago

from Paws: $VAR1 = bless( { 'content' => '{}', 'url' => ' https://iot.us-east-1.amazonaws.com/principal-policies/dmchataccess', 'headers' => bless( { 'principal' => 'us-east-1:9b13c1fd-aee5-40c7-82ed-d51e41af7e0d', 'date' => '20171031T163846Z', '::std_case' => { 'principal' => 'Principal', 'x-amz-date' => 'X-Amz-Date',

'x-amz-content-sha256' => 'X-Amz-Content-Sha256' }, 'host' => ' iot.us-east-1.amazonaws.com', 'authorization' => 'AWS4-HMAC-SHA256 Credential=AKIAJHXHSFBTMTC7HQGQ/20171031/us-east-1/iot/aws4_request,SignedHeaders=date;host;principal;x-amz-content-sha256;x-amz-date,Signature=b6b2ee6e1725c7366774afcbe53470a4a991545c807149ceb64ee085a47ec761', 'x-amz-date' => '20171031T163846Z', 'x-amz-content-sha256' => '44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a' }, 'HTTP::Headers' ), 'parameters' => {}, 'method' => 'PUT', 'uri' => '/principal-policies/dmchataccess' }, 'Paws::Net::APIRequest' );

from aws client:

2017-10-31 12:39:46,553 - MainThread - botocore.auth - DEBUG - CanonicalRequest: PUT /principal-policies/dmchataccess

host:iot.us-east-1.amazonaws.com x-amz-date:20171031T163946Z x-amzn-iot-principal:us-east-1:9b13c1fd-aee5-40c7-82ed-d51e41af7e0d

host;x-amz-date;x-amzn-iot-principal e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2017-10-31 12:39:46,553 - MainThread - botocore.auth - DEBUG - StringToSign: AWS4-HMAC-SHA256 20171031T163946Z 20171031/us-east-1/execute-api/aws4_request ce82a0bddbd526d7f20fb9788597f77e95a9111e91c5815aa21a9e55683382ca

2017-10-31 12:39:46,553 - MainThread - botocore.auth - DEBUG - Signature: 8ea6d2ab6b9888744965b4d51979ba8d63cfc3c5dc0e23f6fcda780ac94b70e4

Thank you,

Asaf

On Tue, Oct 31, 2017 at 12:34 PM, Jose Luis Martinez < notifications@github.com> wrote:

Hello,

Can you provide the difference between a request generated by Paws and a request generated with the aws client?

  • To see what Paws is sending to the server: put a 'use Data::Dumper; print Dumper($requestObj);` in Paws::Net::Caller.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pplu/aws-sdk-perl/issues/205#issuecomment-340821491, or mute the thread https://github.com/notifications/unsubscribe-auth/ABeP19wbRflQo8yuohAkMvPk3s3vVl-Wks5sx0v_gaJpZM4QLpEt .