aws_ssm.Connection._get_boto_client lose access_key, token when using aws profile
dlscjf151 opened this issue · 0 comments
dlscjf151 commented
Summary
I'm using ansible with aws ssm connection. I authenticated with aws credential profile, but encountered error on s3 client initializing
....
File "/.venv/lib/python3.11/site-packages/botocore/signers.py", line 199, in sign
auth.add_auth(request)
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 437, in add_auth
self._inject_signature_to_request(request, signature)
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 440, in _inject_signature_to_request
auth_str = ['AWS4-HMAC-SHA256 Credential=%s' % self.scope(request)]
^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 388, in scope
print('/'.join(scope))
^^^^^^^^^^^^^^^
TypeError: sequence item 0: expected str instance, NoneType found
fatal: [*************]: FAILED! => {
"msg": "Unexpected failure during module execution: sequence item 0: expected str instance, NoneType found",
"stdout": ""
}
I printed debug log at fail point, access_key and token was None
ReadOnlyCredentials(access_key=None, secret_key='******************', token=None)
Because of this, scope becomes [None, '20240514', 'ap-northeast-2', 's3', 'aws4_request'] and raise error doing join None type
Issue Type
Bug Report
Component Name
ansible_collections.community.aws.plugins.connection.aws_ssm.Connection._get_boto_client
Ansible Version
$ ansible --version
ansible [core 2.16.6]
config file = /ansible.cfg
configured module search path = ['/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = .venv/lib/python3.11/site-packages/ansible
ansible collection location = /.ansible/collections:/usr/share/ansible/collections
executable location = /.venv/bin/ansible
python version = 3.11.8 (v3.11.8:db85d51d3e, Feb 6 2024, 18:02:37) [Clang 13.0.0 (clang-1300.0.29.30)] (/.venv/bin/python3.11)
jinja version = 3.1.4
libyaml = True
Collection Versions
$ ansible-galaxy collection list
Collection Version
---------------------------------------- -------
amazon.aws 7.5.0
ansible.netcommon 5.3.0
ansible.posix 1.5.4
ansible.utils 2.12.0
ansible.windows 2.3.0
arista.eos 6.2.2
awx.awx 23.9.0
azure.azcollection 1.19.0
check_point.mgmt 5.2.3
chocolatey.chocolatey 1.5.1
cisco.aci 2.9.0
cisco.asa 4.0.3
cisco.dnac 6.13.3
cisco.intersight 2.0.8
cisco.ios 5.3.0
cisco.iosxr 6.1.1
cisco.ise 2.8.1
cisco.meraki 2.18.0
cisco.mso 2.6.0
cisco.nxos 5.3.0
cisco.ucs 1.10.0
cloud.common 2.1.4
cloudscale_ch.cloud 2.3.1
community.aws 7.2.0
community.azure 2.0.0
community.ciscosmb 1.0.7
community.crypto 2.19.0
community.digitalocean 1.26.0
community.dns 2.9.0
community.docker 3.9.0
community.general 8.6.0
community.grafana 1.8.0
community.hashi_vault 6.2.0
community.hrobot 1.9.2
community.library_inventory_filtering_v1 1.0.1
community.libvirt 1.3.0
community.mongodb 1.7.3
community.mysql 3.9.0
community.network 5.0.2
community.okd 2.3.0
community.postgresql 3.4.0
community.proxysql 1.5.1
community.rabbitmq 1.3.0
community.routeros 2.15.0
community.sap 2.0.0
community.sap_libs 1.4.2
community.sops 1.6.7
community.vmware 4.3.0
community.windows 2.2.0
community.zabbix 2.3.1
containers.podman 1.13.0
cyberark.conjur 1.2.2
cyberark.pas 1.0.25
dellemc.enterprise_sonic 2.4.0
dellemc.openmanage 8.7.0
dellemc.powerflex 2.3.0
dellemc.unity 1.7.1
f5networks.f5_modules 1.28.0
fortinet.fortimanager 2.4.0
fortinet.fortios 2.3.6
frr.frr 2.0.2
gluster.gluster 1.0.2
google.cloud 1.3.0
grafana.grafana 2.2.5
hetzner.hcloud 2.5.0
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 2.0.0
ibm.storage_virtualize 2.3.1
infinidat.infinibox 1.4.5
infoblox.nios_modules 1.6.1
inspur.ispim 2.2.0
inspur.sm 2.3.0
junipernetworks.junos 5.3.1
kubernetes.core 2.4.2
lowlydba.sqlserver 2.3.2
microsoft.ad 1.5.0
netapp.aws 21.7.1
netapp.azure 21.10.1
netapp.cloudmanager 21.22.1
netapp.elementsw 21.7.0
netapp.ontap 22.11.0
netapp.storagegrid 21.12.0
netapp.um_info 21.8.1
netapp_eseries.santricity 1.4.0
netbox.netbox 3.17.0
ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.1.0
openstack.cloud 2.2.0
openvswitch.openvswitch 2.1.1
ovirt.ovirt 3.2.0
purestorage.flasharray 1.27.0
purestorage.flashblade 1.17.0
purestorage.fusion 1.6.1
sensu.sensu_go 1.14.0
splunk.es 2.1.2
t_systems_mms.icinga_director 2.0.1
telekom_mms.icinga_director 1.35.0
theforeman.foreman 3.15.0
vmware.vmware_rest 2.3.1
vultr.cloud 1.12.1
vyos.vyos 4.1.0
wti.remote 1.0.5 AWS SDK versions
$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.34.104
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /.venv/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.34.104
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /.venv/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
Configuration
$ ansible-config dump --only-changed
CONFIG_FILE() = /ansible.cfg
PAGER(env: PAGER) = lessOS / Environment
M1 Mac
Steps to Reproduce
playbook.yml
---
- name: 'Main Playbook'
hosts: 'aws_ec2'
gather_facts: true
roles:
- role: 'check_disk_storage'
vars.yml
---
ansible_python_interpreter: '/usr/bin/python3'
ansible_connection: 'aws_ssm'
ansible_aws_ssm_bucket_name: '********'Expected Results
successfully connect to s3 and ec2 instance
Actual Results
....
File "/.venv/lib/python3.11/site-packages/botocore/signers.py", line 199, in sign
auth.add_auth(request)
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 437, in add_auth
self._inject_signature_to_request(request, signature)
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 440, in _inject_signature_to_request
auth_str = ['AWS4-HMAC-SHA256 Credential=%s' % self.scope(request)]
^^^^^^^^^^^^^^^^^^^
File "/.venv/lib/python3.11/site-packages/botocore/auth.py", line 388, in scope
print('/'.join(scope))
^^^^^^^^^^^^^^^
TypeError: sequence item 0: expected str instance, NoneType found
fatal: [*************]: FAILED! => {
"msg": "Unexpected failure during module execution: sequence item 0: expected str instance, NoneType found",
"stdout": ""
}Code of Conduct
- I agree to follow the Ansible Code of Conduct