Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-5747

We do not seem to support loading MONGODB-AWS credentials from .aws/credentials

XMLWordPrintableJSON

    • 3
    • 0
    • Not Needed
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      What problem are you facing?

      In testing mongosh (both manually and by adding tests) to see if AWS credentials can be loaded from the credentials file I cannot get it to work. It is my understanding that by default it should use the credentials for the default profile and that you should be able to specify a different profile using the AWS_PROFILE.

      See the linked mongosh ticket as to why you would want to do this.

      What driver and relevant dependency versions are you using?

      mongosh 2.0.2 or just latest main, driver version 6.2.0

      Steps to reproduce?

      add credentials to ~/.aws/credentials file according to the sample here:
      https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-credential-providers/#sample-files

      then to connect with the default credentials:

      ~/mongo/mongosh % mongosh "mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS"
(node:27910) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Current Mongosh Log ID:	654e08c6d34a3a3912bc33b2
Connecting to:		mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS&appName=mongosh+2.0.2
MongoAWSError: Could not obtain temporary MONGODB-AWS credentials

      or with a specific profile:

      ~/mongo/mongosh % AWS_PROFILE=user1 mongosh "mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS"
(node:27923) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Current Mongosh Log ID:	654e08e419405ae64e7fb322
Connecting to:		mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS&appName=mongosh+2.0.2
MongoAWSError: Could not obtain temporary MONGODB-AWS credentials

      example of my ~/.aws/credentials file:

      ~/mongo/mongosh % cat ~/.aws/credentials
[default]
aws_access_key_id=redacted
aws_secret_access_key=redacted

[user1]
aws_access_key_id=redacted
aws_secret_access_key=redacted

[invalid]
aws_access_key_id=invalid
aws_secret_access_key=invalid

      specifying the same AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY env vars connects fine:

      ~/mongo/mongosh % env
..blah..
AWS_ACCESS_KEY_ID=redacted
AWS_SECRET_ACCESS_KEY=redacted

~/mongo/mongosh % mongosh "mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS"
(node:27976) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Current Mongosh Log ID:	654e093cb683e1d2bf23c04d
Connecting to:		mongodb+srv://mongosh.e06dc.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS&appName=mongosh+2.0.2
Using MongoDB:		4.4.25
Using Mongosh:		2.0.2

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
(node:27976) [DEP0174] DeprecationWarning: Calling promisify on a function that returns a Promise is likely a mistake.
Atlas mongosh-shard-0 [primary] test>

      The driver uses fromNodeProviderChain which from what I can tell should just work because it should read from the ini files.

        1.
        		 6.x: Make AWS token optional NODE-5944 Sub-task Closed Alena Khineika 6.4.0
        2.
        		 [v5.x BACKPORT] Make AWS session token optional NODE-5945 Sub-task Closed Alena Khineika 5.10.0
        3.
        		 Fix env var restoration in tests NODE-5992 Sub-task Closed Alena Khineika 6.5.0

            Assignee:
            alena.khineika@mongodb.com Alena Khineika
            Reporter:
            leroux.bodenstein@mongodb.com Le Roux Bodenstein
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: