Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dapr AWS SSO not picking up AWS_CREDENTIALS_PROFILES_FILE to read credentials #1145

Closed
subash89 opened this issue Sep 14, 2021 · 4 comments
Closed

Dapr AWS SSO not picking up AWS_CREDENTIALS_PROFILES_FILE to read credentials #1145

subash89 opened this issue Sep 14, 2021 · 4 comments
Labels
stale

Comments

@subash89
Copy link

Steps to recreate:

  1. In your ~/.aws/config provide a AWS_PROFILE which will do external credential source.(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html)
    In my case, it dumps credentials to a custom path directed via AWS_CREDENTIALS_PROFILES_FILE ~/.aws/myorg-credentials

  2. Now when start daprd and app with dynamod state component, and when app tries to read a value from dynamodb state, it fails with following. It dos not honor read credentials from AWS_CREDENTIALS_PROFILES_FILE. If I manually copy creds to ~/.aws/credentials it works fine.

io.dapr.exceptions.DaprException: INTERNAL: fail to get key1 from state store mydynamodb: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
at io.dapr.exceptions.DaprException.propagate(DaprException.java:168)
at io.dapr.client.DaprClientGrpc$2.onError(DaprClientGrpc.java:727)
at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:478)
at io.grpc.internal.DelayedClientCall$DelayedListener$3.run(DelayedClientCall.java:463)
@daixiang0
Copy link
Member

/CC @CodeMonkeyLeet

@CodeMonkeyLeet
Copy link
Contributor

CodeMonkeyLeet commented Sep 15, 2021
edited

I'm not particularly familiar with the AWS authentication provider in Dapr, but just looking at credential handling suggests that it only works with static credentials provided through the component metadata fields (AccessKey, SecretKey and SessionToken like in dynamodb).

I'm not sure if this would work differently for the underlying aws-go-sdk, but it seems like there would need to be an epic similar to #1103 for Azure; AWS components already do at least all seem to go through the common auth component, but expanding the support to other AWS auth configurations is also probably something that could use contributor help with.

@dapr-bot
Copy link
Collaborator

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

@dapr-bot dapr-bot added the stale label Oct 15, 2021
@dapr-bot
Copy link
Collaborator

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@subash89 @daixiang0 @CodeMonkeyLeet @dapr-bot