S3 Control Client - Unable to Parse URI

[aaronlippold]

Describe the bug

I seem to have run into #2619 or something akin to it.

@public_access_account_config = @aws.storage_control_client.get_public_access_block(account_id: @account_id).public_access_block_configuration

Expected Behavior

To return a hash

Current Behavior

RuntimeError: Couldn't parse the specified URI.
from libraries/aws_s3_bucket.rb:101:in `rescue in block in prevent_public_access_by_account?'
Caused by Aws::S3Control::Errors::InvalidURI: Couldn't parse the specified URI.
from /Users/alippold/.rvm/gems/ruby-3.0.4/gems/aws-sdk-core-3.186.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call'

Reproduction Steps

Same as #2619 but use get vs put funtion

Possible Solution

No response

Additional Information/Context

No response

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

I am using aws-sdk-s3control (1.43.0) with aws-sdk-core (3.186.0)

Environment details (Version of Ruby, OS environment)

ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [arm64-darwin22] OSX 13.6.2 (22G320)

[mullermp]

Thanks for opening an issue. Can you share with me a minimal reproduction? With the latest SDK, I'm able to do this successfully:

[7] pry(Aws)> s3control.get_public_access_block(account_id: '<account id>')
=> #<struct Aws::S3Control::Types::GetPublicAccessBlockOutput
 public_access_block_configuration=
  #<struct Aws::S3Control::Types::PublicAccessBlockConfiguration block_public_acls=true, ignore_public_acls=true, block_public_policy=true, restrict_public_buckets=true>>

[mullermp]

A full stack trace could also be helpful.

[aaronlippold]

Let me see if I can get a deeper trace

inspec> s3control_client = Aws::S3Control::Client.new(region: 'us-east-1')
=> #<Aws::S3Control::Client>
inspec> ls s3control_client = Aws::S3Control::Client.new(region: 'us-east-1').get_bucket_policy(account_id: '916481805664', bucket: 'aaronl-inspec-nonpub')
Aws::S3Control::Errors::InvalidURI: Couldn't parse the specified URI.
from /Users/alippold/.rvm/gems/ruby-3.0.4/gems/aws-sdk-core-3.186.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call'
inspec> 

[aaronlippold]

So it seems I may have a pinning issue:

Its seems like my train-aws library is pinning me to aws-sdk-s3control v1.43.0

For awareness. this is part of the InSpec AWS Resource pack updates I am working on to enable full validation of the CIS Foundations Benchmark v2.0.0 so the underlying setup of the ruby environment and the gem stack is rooted there.

When I test strait outside of bundler with gem installs of aws-sdk-core and aws-sdk-s3control I am using:

➜  inspec-aws git:(al_resource_updates*)gem install aws-sdk-core aws-sdk-s3control
Successfully installed aws-sdk-core-3.190.0
Successfully installed aws-sdk-s3control-1.74.0
2 gems installed

Test with this outside bundler the pinned gems

require 'aws-sdk-core'
require 'aws-sdk-s3control'

s3control_client = Aws::S3Control::Client.new()
s3control_client.put_public_access_block(
  public_access_block_configuration: {
    block_public_acls: true,
    ignore_public_acls: true,
    block_public_policy: true,
    restrict_public_buckets: true,
  },
  account_id: aws_account)

puts s3control_client.get_public_access_block(account_id: aws_account )

Working as expected

{:public_access_block_configuration=>{:block_public_acls=>true, :ignore_public_acls=>true, :block_public_policy=>true, :restrict_public_buckets=>true}}

But when pinned to 1.43.0 we get the parse error.

aws-sdk-core (3.190.0, 3.189.0, 3.188.0, 3.186.0, 3.181.0, 3.171.0, 3.168.4, 3.168.3, 3.166.0)
➜  inspec-aws git:(al_resource_updates*)gem list aws-sdk-s3control

*** LOCAL GEMS ***

aws-sdk-s3control (1.74.0, 1.70.0, 1.43.0)
➜  inspec-aws git:(al_resource_updates*)gem uninstall aws-sdk-s3control

Select gem to uninstall:
 1. aws-sdk-s3control-1.43.0
 2. aws-sdk-s3control-1.70.0
 3. aws-sdk-s3control-1.74.0
 4. All versions
> 1

You have requested to uninstall the gem:
        aws-sdk-s3control-1.43.0

train-aws-0.2.36 depends on aws-sdk-s3control (~> 1.43.0)
train-aws-0.2.24 depends on aws-sdk-s3control (~> 1.43.0)
If you remove this gem, these dependencies will not be met.
Continue with Uninstall? [yN]  n
ERROR:  While executing gem ... (Gem::DependencyRemovalException)
    Uninstallation aborted due to dependent gem(s)
➜  inspec-aws git:(al_resource_updates*)gem uninstall aws-sdk-s3control

Select gem to uninstall:
 1. aws-sdk-s3control-1.43.0
 2. aws-sdk-s3control-1.70.0
 3. aws-sdk-s3control-1.74.0
 4. All versions
> 2
Successfully uninstalled aws-sdk-s3control-1.70.0
➜  inspec-aws git:(al_resource_updates*)

Questions

1. Now that we know the version is pinned, do we know which version of the gem has the fix so I can at least try to push to that version.
2. Is there a way - if for some reason I can't 'unpin' for a bit - that I can work around the issue in the creation of the client by removing a plugin or manually setting the URI correctly myself.

Actions

Looking into (1) now :)

[aaronlippold]

I verified that updating to the latest released gem fixes the issue form 1.41.0. Thank you for your quick reply to my issue.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.