Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: github.com/hashicorp/aws-sdk-go-base@v0.4.0 #22994

Merged
merged 1 commit into from
Oct 11, 2019
Merged

deps: github.com/hashicorp/aws-sdk-go-base@v0.4.0 #22994

merged 1 commit into from
Oct 11, 2019

Conversation

salekseev
Copy link
Contributor

@salekseev salekseev commented Oct 3, 2019

Closes #22992

Updated via:

go get github.com/hashicorp/aws-sdk-go-base@v0.4.0
go mod tidy
go mod vendor

@hashicorp-cla
Copy link

hashicorp-cla commented Oct 3, 2019

CLA assistant check
All committers have signed the CLA.

@salekseev salekseev changed the title deps: github.com/hashicorp/aws-sdk-go-base@32092207b56dff39357e66a1a155500ea67b2340 deps: github.com/hashicorp/aws-sdk-go-base@v0.4.0 Oct 4, 2019
@salekseev salekseev marked this pull request as ready for review October 4, 2019 13:19
@salekseev
Copy link
Contributor Author

salekseev commented Oct 4, 2019

Unfortunately it does not seem to have fixed it fully yet:

2019/10/04 13:45:40 [INFO] Terraform version: 0.12.10 dev
2019/10/04 13:45:40 [INFO] Go runtime version: go1.13
2019/10/04 13:45:40 [INFO] CLI args: []string{"/usr/local/bin/terraform", "init", "-backend-config=backend.conf.json", "-backend-config=skip_metadata_api_check=true", "-backend-config=role_arn=arn:aws:iam::506696741821:role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63"}
2019/10/04 13:45:40 [DEBUG] Attempting to open CLI config file: /root/.terraformrc
2019/10/04 13:45:40 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019/10/04 13:45:40 [INFO] TF_CLI_ARGS_init value: "-lock-timeout=60s -get-plugins=false -upgrade"
2019/10/04 13:45:40 [INFO] CLI command args: []string{"init", "-lock-timeout=60s", "-get-plugins=false", "-upgrade", "-backend-config=backend.conf.json", "-backend-config=skip_metadata_api_check=true", "-backend-config=role_arn=arn:aws:iam::506696741821:role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63"}
Upgrading modules...
2019/10/04 13:45:40 [TRACE] ModuleInstaller: installing child modules for . into .terraform/modules
2019/10/04 13:45:40 [DEBUG] Module installer: begin aws_arn_s3
2019/10/04 13:45:40 [TRACE] ModuleInstaller: discarding previous record of aws_arn_s3 prior to reinstall
2019/10/04 13:45:40 [TRACE] ModuleInstaller: cleaning directory .terraform/modules/aws_arn_s3 prior to install of aws_arn_s3
2019/10/04 13:45:40 [TRACE] ModuleInstaller: aws_arn_s3 has local path "./vendor/modules/aws_arn/s3"
2019/10/04 13:45:40 [TRACE] ModuleInstaller: aws_arn_s3 uses directory from parent: vendor/modules/aws_arn/s3
2019/10/04 13:45:40 [DEBUG] Module installer: aws_arn_s3 installed at vendor/modules/aws_arn/s3
- aws_arn_s3 in vendor/modules/aws_arn/s3
2019/10/04 13:45:40 [TRACE] modsdir: writing modules manifest to .terraform/modules/modules.json

Initializing the backend...
2019/10/04 13:45:40 [TRACE] Meta.Backend: merging -backend-config=... CLI overrides into backend configuration
2019/10/04 13:45:40 [TRACE] Meta.Backend: built configuration for "s3" backend with hash value 704415183
2019/10/04 13:45:40 [TRACE] Preserving existing state lineage "ab31e638-ffd5-92b9-6ce4-616ffbc5d359"
2019/10/04 13:45:40 [TRACE] Preserving existing state lineage "ab31e638-ffd5-92b9-6ce4-616ffbc5d359"
2019/10/04 13:45:40 [TRACE] Meta.Backend: working directory was previously initialized for "s3" backend
2019/10/04 13:45:40 [TRACE] backendConfigNeedsMigration: configuration values have changed, so migration is required
2019/10/04 13:45:40 [TRACE] Meta.Backend: backend configuration has changed (from type "s3" to type "s3")
2019/10/04 13:45:40 [WARN] backend config has changed since last init
Backend configuration changed!

Terraform has detected that the configuration specified for the backend
has changed. Terraform will now check for existing state in the backends.


2019/10/04 13:45:40 [INFO] Setting AWS metadata API timeout to 100ms
2019/10/04 13:45:40 [INFO] Attempting to use session-derived credentials
2019/10/04 13:45:40 [INFO] Successfully derived credentials from session
2019/10/04 13:45:40 [INFO] AWS Auth provider used: "WebIdentityCredentials"
2019/10/04 13:45:40 [INFO] Attempting to AssumeRole arn:aws:iam::506696741821:role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63 (SessionName: "", ExternalId: "", Policy: "")

Error: The role "arn:aws:iam::506696741821:role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63" cannot be assumed.

  There are a number of possible causes of this - the most common are:
    * The credentials used in order to assume the role are invalid
    * The credentials do not have appropriate permission to assume the role
    * The role ARN is not valid

yet

bash-5.0# aws sts get-caller-identity
{
    "UserId": "AROAXL6L2WO67FSV3GV6S:botocore-session-1570196523",
    "Account": "506696741821",
    "Arn": "arn:aws:sts::506696741821:assumed-role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63/botocore-session-1570196523"
}
bash-5.0# set | grep AWS
AWS_DEFAULT_REGION=us-east-1
AWS_ROLE_ARN=arn:aws:iam::506696741821:role/eksctl-ncod-dev-addon-iamserviceaccount-ncc-Role1-M10K4IFFYZ63
AWS_SDK_LOAD_CONFIG=1
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token

Copy link
Contributor

@mildwonkey mildwonkey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going to request a second approval from someone with more direct familiarity, but LGTM!

@aeschright aeschright self-requested a review October 11, 2019 16:42
Copy link

@aeschright aeschright left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @salekseev for submitting this! We'll have to leave that bug open -- there are some additional issues we're working on for aws-sdk-go-base but this update will fix some of the assume_role problems people are having.

@ghost
Copy link

ghost commented Nov 11, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Nov 11, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
5 participants