[Cyberduck-trac] [Cyberduck] #11719: S3 connection with credentials file on Windows

Cyberduck trac at cyberduck.io
Thu Jul 1 12:54:50 UTC 2021 

#11719: S3 connection with credentials file on Windows
----------------------------+-------------------
    Reporter:  tp_oaknorth  |      Owner:
        Type:  defect       |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  s3           |    Version:  7.9.1
    Severity:  normal       |   Keywords:
Architecture:               |   Platform:
----------------------------+-------------------
 Hello there

 I am trying to connect from Windows to AWS S3 using temporary credentials
 that are in %USERPROFILE%\.aws\credentials. These credentials work with
 the AWS CLI and another third party tool but with CyberDuck I get the
 following error:

 {{{
 The AWS Access Key Id you provided does not exist in our records
 }}}

 I am using the following Cyberduck profile
 https://trac.cyberduck.io/wiki/help/en/howto/s3#Connectingusingcredentialsin.awscredentials
 and for ''Profile Name in ~/.aws/credentials'' I specify the profile that
 I configured (test_s3_profile). My .aws/credentials file looks like this:
 {{{
 [profile test_s3_profile]
 aws_access_key_id=EXAMPLEKEYID
 aws_secret_access_key=EXAMPLESECRETKEY
 aws_session_token=EXAMPLETOKEN
 }}}

 The errors I see in the logs are:
 {{{
 2021-07-01 08:50:10,668 [background-7] DEBUG
 ch.cyberduck.core.sts.STSCredentialsConfigurator - Look for profile name
 test_s3_profile in
 Local{path='C:\Users\ImageBuilderAdmin\.aws\credentials'}
 2021-07-01 08:50:10,676 [background-7] WARN
 ch.cyberduck.core.sts.STSCredentialsConfigurator - Failure reading
 Local{path='C:\Users\ImageBuilderAdmin\.aws\credentials'}
 java.lang.IllegalArgumentException: Invalid property format: no '='
 character is found on line 1
         at
 com.amazonaws.auth.profile.internal.AbstractProfilesConfigFileScanner.parsePropertyLine(AbstractProfilesConfigFileScanner.java:160)
         at
 com.amazonaws.auth.profile.internal.AbstractProfilesConfigFileScanner.run(AbstractProfilesConfigFileScanner.java:119)
         at
 ch.cyberduck.core.sts.STSCredentialsConfigurator$ProfilesConfigFileLoaderHelper.parseProfileProperties(STSCredentialsConfigurator.java:302)
         at
 ch.cyberduck.core.sts.STSCredentialsConfigurator.configure(STSCredentialsConfigurator.java:91)
         at ch.cyberduck.core.s3.S3Session.login(S3Session.java:175)
         at
 ch.cyberduck.core.KeychainLoginService.authenticate(KeychainLoginService.java:175)
         at
 ch.cyberduck.core.LoginConnectionService.authenticate(LoginConnectionService.java:180)
         at
 ch.cyberduck.core.LoginConnectionService.connect(LoginConnectionService.java:171)
         at
 ch.cyberduck.core.LoginConnectionService.check(LoginConnectionService.java:110)
         at
 ch.cyberduck.core.pool.StatelessSessionPool.borrow(StatelessSessionPool.java:59)
         at
 ch.cyberduck.core.threading.SessionBackgroundAction.run(SessionBackgroundAction.java:118)
         at
 ch.cyberduck.core.threading.SessionBackgroundAction$1.call(SessionBackgroundAction.java:103)
         at
 ch.cyberduck.core.threading.DefaultRetryCallable.call(DefaultRetryCallable.java:50)
         at
 ch.cyberduck.core.threading.SessionBackgroundAction.call(SessionBackgroundAction.java:105)
         at
 ch.cyberduck.core.threading.BackgroundCallable.run(BackgroundCallable.java:94)
         at
 ch.cyberduck.core.threading.BackgroundCallable.call(BackgroundCallable.java:58)
         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
         at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
         at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:618)
         at
 ch.cyberduck.core.threading.NamedThreadFactory$1.run(NamedThreadFactory.java:59)
         at java.lang.Thread.run(Thread.java:955)
 2021-07-01 08:50:10,678 [background-7] DEBUG
 ch.cyberduck.core.shared.WorkdirHomeFeature - No workdir set for bookmark
 Host{protocol=Profile{parent=s3, vendor=s3-cli, description=S3
 (Credentials from AWS Command Line Interface), image=null}, port=443,
 hostname='s3.amazonaws.com',
 credentials=Credentials{user='test_s3_profile',
 oauth='Tokens{accessToken='null', refreshToken='null'}', token='',
 identity=null}, uuid='b6754e17-a0df-48f2-8921-55eda692de6c',
 nickname='null', defaultpath='null', workdir=null, labels=null}
 }}}

 I also see the following in the logs which suggests that the profile name
 is being sent as the access_key_id.
 {{{
 2021-07-01 08:50:11,276 [background-7] DEBUG
 ch.cyberduck.core.threading.DefaultFailureDiagnostics - Determine cause
 for failure BackgroundException{class=class
 ch.cyberduck.core.exception.LoginFailureException, file=Path{path='/',
 type=[directory, volume]}, message='Listing directory / failed.',
 detail='The AWS Access Key Id you provided does not exist in our
 records.', cause='org.jets3t.service.S3ServiceException: Service Error
 Message. -- ResponseCode: 403, ResponseStatus: Forbidden, XML Error
 Message: <?xml version="1.0"
 encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><Message>The AWS
 Access Key Id you provided does not exist in our
 records.</Message><AWSAccessKeyId>test_s3_profile</AWSAccessKeyId><RequestId>0HGDVF9PG4H3Z1EY</RequestId><HostId>lHoHceCje4e4GMBFFRY3gsVmxhiacEydfMk41eQFe1gO0uPGdE+NHKUvC3cdQs2c+YZXRvD6D1U=</HostId></Error>'}
 }}}

 I also tried to rename the profile to ''default'' in the credentials file
 and not specify the profile in Cyberduck but the logs then show this (note
 the blank profile name):
 {{{
 2021-07-01 09:15:11,419 [background-10] DEBUG
 ch.cyberduck.core.sts.STSCredentialsConfigurator - Look for profile name
 in Local{path='C:\Users\ImageBuilderAdmin\.aws\credentials'}
 2021-07-01 09:15:11,420 [background-10] WARN
 ch.cyberduck.core.sts.STSCredentialsConfigurator - Failure reading
 Local{path='C:\Users\ImageBuilderAdmin\.aws\credentials'}
 java.lang.IllegalArgumentException: Invalid property format: no '='
 character is found on line 1
         at
 com.amazonaws.auth.profile.internal.AbstractProfilesConfigFileScanner.parsePropertyLine(AbstractProfilesConfigFileScanner.java:160)

 ...

 2021-07-01 09:15:12,654 [background-10] WARN
 ch.cyberduck.core.threading.BackgroundCallable - Failure
 BackgroundException{class=class
 ch.cyberduck.core.exception.InteroperabilityException, file=Path{path='/',
 type=[directory, volume]}, message='Listing directory / failed.',
 detail='The authorization header is malformed; a non-empty Access Key
 (AKID) must be provided in the credential.',
 cause='org.apache.http.client.HttpResponseException: status code: 400,
 reason phrase: The authorization header is malformed; a non-empty Access
 Key (AKID) must be provided in the credential.'} running background task
 java.lang.Exception
         at
 ch.cyberduck.core.threading.BackgroundCallable.<init>(BackgroundCallable.java:36)
         at
 ch.cyberduck.core.threading.DefaultBackgroundExecutor.execute(DefaultBackgroundExecutor.java:67)
         at
 ch.cyberduck.core.AbstractController.background(AbstractController.java:71)
         at
 ch.cyberduck.core.threading.BackgroundCallable$1.run(BackgroundCallable.java:74)
         at cli.System.Delegate.DynamicInvokeImpl(Unknown Source)
         at
 cli.System.Windows.Forms.Control.InvokeMarshaledCallbackDo(Unknown Source)
         at
 cli.System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Unknown
 Source)
         at cli.System.Threading.ExecutionContext.RunInternal(Unknown
 Source)
         at cli.System.Threading.ExecutionContext.Run(Unknown Source)
         at cli.System.Threading.ExecutionContext.Run(Unknown Source)
         at
 cli.System.Windows.Forms.Control.InvokeMarshaledCallback(Unknown Source)
         at
 cli.System.Windows.Forms.Control.InvokeMarshaledCallbacks(Unknown Source)
         at cli.System.Windows.Forms.Control.WndProc(Unknown Source)
         at cli.System.Windows.Forms.Form.WndProc(Unknown Source)
         at cli.System.Windows.Forms.NativeWindow.Callback(Unknown Source)
         at
 cli.System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(Unknown
 Source)
         at
 cli.System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(Unknown
 Source)
         at
 cli.System.Windows.Forms.Application$ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Unknown
 Source)
         at
 cli.System.Windows.Forms.Application$ThreadContext.RunMessageLoopInner(Unknown
 Source)
         at
 cli.System.Windows.Forms.Application$ThreadContext.RunMessageLoop(Unknown
 Source)
         at cli.Ch.Cyberduck.Ui.Program.Main(Unknown Source)
 }}}

 Am I doing something incorrectly or is there a bug in how the credentials
 file is being parsed or the credentials sent to S3?

 Many thanks,

 Thanh

--
Ticket URL: <https://trac.cyberduck.io/ticket/11719>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list