botocore icon indicating copy to clipboard operation
botocore copied to clipboard
verified publisher icon boto

Config syntax parsing and signature_version in S3

Open galactose opened this issue 8 years ago • 2 comments

Discovered I had a syntactically incorrect ~/.aws/config INI file, the following snippet was in it.

[default]
output = json
region = ap-southeast-2
s3 = signature_version = s3v4

When attempting to get a client to S3 I got the following traceback:

  File "s3_sse_key_compromise.py", line 37, in handler
    print session.client('s3')
  File "/usr/local/lib/python2.7/site-packages/boto3/session.py", line 263, in client
    aws_session_token=aws_session_token, config=config)
  File "/usr/local/lib/python2.7/site-packages/botocore/session.py", line 836, in create_client
    client_config=config, api_version=api_version)
  File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 70, in create_client
    verify, credentials, scoped_config, client_config, endpoint_bridge)
  File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 224, in _get_client_args
    verify, credentials, scoped_config, client_config, endpoint_bridge)
  File "/usr/local/lib/python2.7/site-packages/botocore/args.py", line 45, in get_client_args
    endpoint_url, is_secure, scoped_config)
  File "/usr/local/lib/python2.7/site-packages/botocore/args.py", line 103, in compute_client_args
    service_name, region_name, endpoint_url, is_secure)
  File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 300, in resolve
    resolved, service_name, region_name, endpoint_url, is_secure)
  File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 317, in _create_endpoint
    if self._is_s3_dualstack_mode(service_name):
  File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 351, in _is_s3_dualstack_mode
    enabled = self.scoped_config.get('s3', {}).get(
AttributeError: 'str' object has no attribute 'get'

When I finally realised that the syntax of my INI was incorrect I fixed it in the following manner

[default]
output = json
region = ap-southeast-2
s3 =
    signature_version = s3v4

This fixed my error, is s3 = signature_version = s3v4 considered syntactically incorrect? If so should the config syntax issue be caught before it gets to the point where the s3 key is queried for a dictionary and fails when it gets a string? This took a bit of time to work out where the source of my problems were and it would be good to get a clearer error message.

galactose avatar Mar 20 '17 04:03 galactose

Yea, that's because the INI format isn't particularly expressive, so we've had to layer on additional conventions to deal with more complex data types. I do think that it would be a great feature to validate the configuration though, so I'm going to mark this as a feature request for that.

dstufft avatar Mar 20 '17 18:03 dstufft

This still appears to be an issue.

stobrien89 avatar Oct 22 '21 22:10 stobrien89

Greetings! It looks like this issue hasn’t been active in longer than one year. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

github-actions[bot] avatar Oct 22 '22 23:10 github-actions[bot]