Panic when using EcsContainer and AWS_CONTAINER_CREDENTIALS_FULL_URI #4572

rnett · 2022-09-27T19:51:58Z

Describe the bug

According to the AWS docs AWS_CONTAINER_CREDENTIALS_FULL_URI should be used when AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set. However the SDK does not seem to do this. Instead, it panics.

Expected Behavior

When EcsContainer is used as the credential source but AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set, the SDK falls back to using AWS_CONTAINER_CREDENTIALS_FULL_URI.

Current Behavior

It panics when EcsContainer is used as the credential source but AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set:

panic: SharedConfigErr: EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set

goroutine 1 [running]:
github.com/aws/aws-sdk-go/aws/session.Must(...)
        github.com/aws/[email protected]/aws/session/session.go:381
github.com/weaveworks/eksctl/pkg/eks.(*ClusterProvider).newSession(0xc0005cc1e0, 0xc0001b59a8)
        github.com/weaveworks/eksctl/pkg/eks/api.go:514 +0x6e5
github.com/weaveworks/eksctl/pkg/eks.New({0x549dac8, 0xc00012c008}, 0xc0001b59a8, 0xc00027afc0)
        github.com/weaveworks/eksctl/pkg/eks/api.go:150 +0xda
github.com/weaveworks/eksctl/pkg/ctl/cmdutils.(*Cmd).NewCtl(0xc0001b5970)

Reproduction Steps

Use eksctl version 0.112.0 on Cloud Shell with the following config in ~/.aws/config:

[profile test]
    role_arn = // some role to assume
    credential_source = EcsContainer

then run

export AWS_PROFILE=test
 eksctl create cluster --name test

I don't expect the actual command to matter.

Possible Solution

Respect the documented behavior.

Additional Information/Context

No response

AWS Go SDK V2 Module Versions Used

Whatever eksctl version 0.112.0 uses.

Compiler and Version used

Whatever eksctl version 0.112.0 uses.

Operating System and version

Linux, 4.14.287-215.504.amzn2.x86_64 (AWS Cloud Shell)

The text was updated successfully, but these errors were encountered:

RanVaknin · 2023-11-29T07:49:37Z

Hi @rnett,

Sorry for the long response time. It looks like the behavior you described does match the credential provider code here.

There is no fallback case.

However I do see that in v2 we do have that fallback functionality, so I encourage you to use v2.

Thanks,
Ran~

github-actions · 2024-05-23T20:44:09Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

rnett added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 27, 2022

Purnaak self-assigned this Sep 28, 2022

skmcgrail transferred this issue from aws/aws-sdk-go-v2 Sep 29, 2022

RanVaknin unassigned Purnaak Oct 18, 2022

RanVaknin added the p2 This is a standard priority issue label Mar 29, 2023

yenfryherrerafeliz self-assigned this Aug 30, 2023

RanVaknin assigned RanVaknin and unassigned yenfryherrerafeliz Sep 25, 2023

yenfryherrerafeliz self-assigned this Oct 2, 2023

RanVaknin unassigned yenfryherrerafeliz Nov 29, 2023

RanVaknin added p3 This is a minor priority issue queued This issues is on the AWS team's backlog and removed needs-triage This issue or PR still needs to be triaged. labels Nov 29, 2023

RanVaknin removed the p2 This is a standard priority issue label May 23, 2024

RanVaknin closed this as not planned Won't fix, can't repro, duplicate, stale May 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Panic when using EcsContainer and AWS_CONTAINER_CREDENTIALS_FULL_URI #4572

Panic when using EcsContainer and AWS_CONTAINER_CREDENTIALS_FULL_URI #4572

rnett commented Sep 27, 2022

RanVaknin commented Nov 29, 2023

github-actions bot commented May 23, 2024