Issue with Multiple AWS Accounts in One Project Results in Amazon Returning 403

[thorrsson]

Rundeck AWS Plugin Issue with Multiple AWS Accounts in One Project

Error as Displayed in the UI

Request: /resources/nodesFragment?inlinepaging=true&project=PROJECT1&declarenone=true&expanddetail=true&max=20&nodeIncludeName=.*&page=0&fullresults=true&nodeExcludePrecedence=true&view=table
Message: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. 
Caused by: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. 
Class: FrameworkController 
At Line: [401] 

from service.log

ERROR GrailsExceptionResolver: Exception occurred when processing request: [POST] /resources/nodesFragment
Stacktrace follows:
Status Code: 403, AWS Request ID: 5425a0ee-f810-4bde-9390-e0bffec2683b, AWS Error Code: SignatureDoesNotMatch, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    at com.amazonaws.http.HttpClient.handleErrorResponse(HttpClient.java:490)
    at com.amazonaws.http.HttpClient.execute(HttpClient.java:196)
    at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:3804)
    at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:452)
    at com.dtolabs.rundeck.plugin.resources.ec2.InstanceToNodeMapper.query(InstanceToNodeMapper.java:140)
    at com.dtolabs.rundeck.plugin.resources.ec2.InstanceToNodeMapper.performQuery(InstanceToNodeMapper.java:78)
    at com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.getNodes(EC2ResourceModelSource.java:178)
    at com.dtolabs.rundeck.core.common.FrameworkProject.getNodeSet(FrameworkProject.java:440)
    at com.dtolabs.rundeck.core.common.FrameworkProject$getNodeSet.call(Unknown Source)
    at rundeck.controllers.FrameworkController.nodesdata(FrameworkController.groovy:203)
    at rundeck.controllers.FrameworkController$_closure5.doCall(FrameworkController.groovy:401)
    at rundeck.controllers.FrameworkController$_closure5.call(FrameworkController.groovy)

from stacktrace.log

2013-12-03 16:52:51,949 [656575672@qtp-407862970-10] ERROR StackTrace  - Sanitizing stacktrace:
Status Code: 403, AWS Request ID: af58d83c-a1d6-41a0-82c5-2806639ed554, AWS Error Code: SignatureDoesNotMatch, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    at com.amazonaws.http.HttpClient.handleErrorResponse(HttpClient.java:490)
    at com.amazonaws.http.HttpClient.execute(HttpClient.java:196)
    at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:3804)
    at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:452)
    at com.dtolabs.rundeck.plugin.resources.ec2.InstanceToNodeMapper.query(InstanceToNodeMapper.java:140)
    at com.dtolabs.rundeck.plugin.resources.ec2.InstanceToNodeMapper.performQuery(InstanceToNodeMapper.java:78)
    at com.dtolabs.rundeck.plugin.resources.ec2.EC2ResourceModelSource.getNodes(EC2ResourceModelSource.java:178)
    at com.dtolabs.rundeck.core.common.FrameworkProject.getNodeSet(FrameworkProject.java:440)
    at com.dtolabs.rundeck.core.common.FrameworkProject$getNodeSet.call(Unknown Source)
    at rundeck.controllers.FrameworkController.nodesdata(FrameworkController.groovy:203)
    at rundeck.controllers.FrameworkController$_closure5.doCall(FrameworkController.groovy:401)
    at rundeck.controllers.FrameworkController$_closure5.call(FrameworkController.groovy)

project.properties

#Dec 1 21:05:39 UTC 2013
service.NodeExecutor.default.provider=jsch-ssh
project.ssh-keypath=/var/lib/rundeck/.ssh/id_rsa
project.name=PROJECT1
project.resources.file=/var/rundeck/projects/PROJECT1/etc/resources.xml
service.FileCopier.default.provider=jsch-scp
resources.source.1.type=aws-ec2
resources.source.1.config.accessKey=KEY1
resources.source.1.config.secretKey=SECRET1 
resources.source.1.config.runningOnly=True
resources.source.1.config.useDefaultMapping=True
resources.source.1.config.mappingParams=username.default\=rd
resources.source.2.type=aws-ec2
resources.source.2.config.accessKey=KEY2
resources.source.2.config.secretKey=SECRET2 
resources.source.2.config.runningOnly=True
resources.source.2.config.useDefaultMapping=True
resources.source.2.config.mappingParams=username.default\=rd
resources.source.3.type=aws-ec2
resources.source.3.config.accessKey=KEY3
resources.source.3.config.secretKey=SECRET3 
resources.source.3.config.runningOnly=True
resources.source.3.config.useDefaultMapping=True
resources.source.3.config.mappingParams=username.default\=rd

[thorrsson]

Forgot to add: Plugin Version 1.3 Rundeck version: 1.6.2-1

[thorrsson]

Seems this has nothing to do with multiple accounts, but instead an errant space at the end of the secret key in my chef template... I can close this if you want, or leave it open if you think it best to make sure the string for the key is sane...

[gschueler]

i'll close it and file one about trimming secret key value

[gschueler]

filed as #13