jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From archieprad@gmail.com <archiep...@gmail.com>
Subject Re: Issue with jclouds computeService listNodes() ?
Date Thu, 21 Jun 2018 08:57:32 GMT
This is great! Thank you!

Cheers
Archana

On 2018/06/21 08:39:58, Ignasi Barrera <nacx@apache.org> wrote: 
> FTR, I'm not a user of the SimianArmy, but I've just opened a PR to add
> support for temporary credentials:
> https://github.com/Netflix/SimianArmy/pull/331
> 
> On 21 June 2018 at 10:14, archieprad@gmail.com <archieprad@gmail.com> wrote:
> 
> > Hi Ignasi,
> > Thank you! I will try this out and let you know if it worked.
> >
> > Cheers
> > Archana
> >
> > On 2018/06/21 08:00:01, Ignasi Barrera <ignasi.barrera@gmail.com> wrote:
> > > Hi Archana,
> > >
> > > I see the problem here. When using temporary credentials in AWS, the
> > > session token must be included in a request header [1], so you need to
> > > provide it when configuring the jclouds context with the credentials.
> > >
> > > By default, the "ContextBuilder.credentials" signature does only allow to
> > > pass the access key and secret key, but there is no place to specify that
> > > session token. However, the ContextBuilder provides an alternate
> > mechanism
> > > to configure custom credentials. You can use the
> > > "ContextBuilder.credentialsSupplier" method as follows:
> > >
> > > ContextBuilder.newBuilder("aws-ec2")
> > >    ...
> > >    .credentialsSupplier(new Supplier<Credentials>() {
> > >       @Override
> > >       public Credentials get() {
> > >          return SessionCredentials.builder()
> > >             .accessKeyId("temporary access key")
> > >             .secretAccessKey("temporary secret key")
> > >             .sessionToken("session token")
> > >             .expiration(new Date()) // Change to a proper value
> > >             .build();
> > >       }
> > >    })
> > >    ...
> > >
> > > ‚Äč
> > >
> > > Could you try this?
> > >
> > >
> > > HTH!
> > >
> > > I.
> > >
> > >
> > > [1]
> > > https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#
> > UsingTemporarySecurityCredentials
> > >
> > >
> > > On 21 June 2018 at 09:53, Andrea Turli <andrea.turli@gmail.com> wrote:
> > >
> > > > Mmm very interesting!
> > > >
> > > > The only thing that comes to my mind is:
> > > > - is your account allowed to talk to all the regions? From the
> > stacktrace
> > > > above looks like
> > > > org.jclouds.rest.AuthorizationException: POST https://ec2.us-east-1.
> > > > amazonaws.com/ HTTP/1.1 -> HTTP/1.1 401 Unauthorized
> > > > so maybe your account is not allowed to talk to that region. Can you
> > > > confirm? if not you want to control which regions to target you can use
> > > > `-Djclouds.regions: "us-west-1" in case you want to limit to Oregon.
> > > >
> > > > HTH,
> > > > Andrea
> > > >
> > > > On Thu, Jun 21, 2018 at 9:45 AM archieprad@gmail.com <
> > archieprad@gmail.com>
> > > > wrote:
> > > >
> > > >> Hi Andrea,
> > > >> Thanks for the quick response. I am using an IAM role that has full
> > admin
> > > >> access. Which is why this case is even more perplexing. Do you have
> > any
> > > >> other suggestions to try out?
> > > >>
> > > >> Cheers
> > > >> Archana
> > > >>
> > > >> On 2018/06/20 21:45:31, archieprad@gmail.com <archieprad@gmail.com>
> > > >> wrote:
> > > >> > Hi Ignasi,
> > > >> > So the function that does the authentication uses a context builder
> > and
> > > >> generates a temporary access and secret key. I've read that perhaps
> > Jclouds
> > > >> might not be sending the session token to access aws resources. Do
you
> > > >> think that is what could be happening?
> > > >> >
> > > >> > Cheers,
> > > >> > Archana
> > > >> >
> > > >>
> > > >
> > >
> >
> 

Mime
View raw message