Because a / character is valid in the AWS Secret Access Key value encoding, sometimes the returned value can have two leading forward slashes. This causes the value to be parsed by the new internal/ini parser (introduced by #2210) to be interpreted as a comma, and return an INIParseError.
v1.15.65, issue was introduced in v1.15.59.
go version)?go version go1.11 darwin/amd64
When loading shared credentials (everything default)
SharedConfigLoadError: failed to load config file, ~/.aws/credentials
caused by: INIParseError: invalid state with ASTKind { {4 NONE 0 [61]} true [{expr {1 STRING 0 [97 119 115 95 115 101 99 114 101 116 95 97 99 99 101 115 115 95 107 101 121]} true []}]} and TokenType {7 NONE 0 [47 47 ... ]}
Interpreting the printed values, it is clear that the parser was in the midst of parsing an assignment with the LHS being aws_secret_access_key, then encountered a "comment" token when looking for the RHS of the expression (note that the raw value of the token begins with bytes [47 47], aka "//".
Set a profile in $HOME/.aws/credentials with an aws_secret_access_key value that begins with //, i.e.:
[myprofile]
aws_access_key_id = ASIA0123456789012345
aws_secret_access_key = //01234567890123456789001234567890+abcdefg
package main
import (
"github.com/aws/aws-sdk-go/aws/credentials"
)
func main() {
creds := &credentials.SharedCredentialsProvider{
Profile: "myprofile",
}
if _, err := creds.Retrieve(); err != nil {
panic(err)
}
}
Since the new ini package is internal, I can't import it in a test here directly - however, this test mimics the use case that initially triggered the bug.
Hello @ktravis, thank you for reporting this. You can mitigate this for now by putting " around the credentials until we get #2240 merged.
Awesome, thank you for the quick response!
@ktravis - We just merged in #2240. Please let us know if you have any other issues!
Hi. Just a heads up that this is still impacting us. We use https://github.com/turnerlabs/samlkeygen which populates our credentials file with temporary keys. For example:
[account1:admin]
aws_access_key_id = ASIAYJ4K2VEOKFT3RABC
aws_secret_access_key = hF1P78htExgQKgbB21O5DFsTCVg54ww+3l93uabc
aws_session_token = FQoGZXIvYXdzENf//////////wEaDM1saxMRcsPJ47GosCKoAlFzBAKLYfddIBpcwq6Xw3OIHZR8ZzSsCEGhweQn/W3AW/g+ksEoBq8wFj8zA8ls7bKrDvLosXvCWXdye118EqP+4YLc9M3YndWcWRIWOZ67fcRHvCiIJeq9C9qqSm3pmEg3UgI/PVzPevVEx1kfthqVdeYTTADkTp6wupfQd1QTYvvcy4HZtTYVqu+CXkEBskIcBoxDMyZxE/tDS96YhzrVIHfCALIp73K/cxklL7G/bS9dSKYKWrxfoDwJcUPAQfCb3Ep9qhHxr4/blLx3JRoHZ9MsF+yU4KbvEomQj0GRR2TB/ErQrNJT9I/HK6c/SbuCusKXTnGrCpVCjKc5PZc5sC8UC/ph9jVvfrS7/6Qz+qKNMXey7DBmNVZ1I1Pn0dLAJuUBt546KLCr8asdf
aws_security_token = FQoGZXIvYXdzENf//////////wEaDM1saxMRcsPJ47GosCKoAlFzBAKLYfddIBpcwq6Xw3OIHZR8ZzSsCEGhweQn/W3AW/g+ksEoBq8wFj8zA8ls7bKrDvLosXvCWXdye118EqP+4YLc9M3YndWcWRIWOZ67fcRHvCiIJeq9C9qqSm3pmEg3UgI/PVzPevVEx1kfthqVdeYTTADkTp6wupfQd1QTYvvcy4HZtTYVqu+CXkEBskIcBoxDMyZxE/tDS96YhzrVIHfCALIp73K/cxklL7G/bS9dSKYKWrxfoDwJcUPAQfCb3Ep9qhHxr4/blLx3JRoHZ9MsF+yU4KbvEomQj0GRR2TB/ErQrNJT9I/HK6c/SbuCusKXTnGrCpVCjKc5PZc5sC8UC/ph9jVvfrS7/6Qz+qKNMXey7DBmNVZ1I1Pn0dLAJuUBt546KLC8asdf
last_updated = 2018-11-02T13:48:32Z
expiration = 2018-11-02T22:48:32Z
@jritsema thanks for letting us know about this issue. we'll add this to a test case and work to fix the issue from there.
Hello @jritsema, I believe this has already been fixed, #2247, but hasn't been released yet. Please try using HEAD to see if you are still running into the issue. If you are not, the next release should contain the fix. I am going to go ahead and close the issue. If you are still having issues, please let us know and we will reopen.
I verified that HEAD looks like it fixes it. Thanks @xibz @jasdel!
Most helpful comment
I verified that HEAD looks like it fixes it. Thanks @xibz @jasdel!