Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2378

pymongo-auth-aws uses POST for auth token request instead of PUT

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: pymongo-auth-aws-1.0.2
    • Component/s: None
    • Labels:
      None

      Description

      As reported in https://developer.mongodb.com/community/forums/t/temporary-mongodb-aws-credentials-could-not-be-obtained/9505, pymongo-auth-aws uses POST for auth token request which is not allowed in some AWS configurations (IMDSv2). This causes the following authentication failure:

       File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 810, in authenticate
          auth.authenticate(credentials, self)
        File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 673, in authenticate
          auth_func(credentials, sock_info)
        File "/usr/lib64/python2.7/site-packages/pymongo/auth_aws.py", line 85, in _authenticate_aws
          exc, pymongo_auth_aws.__version__))
      pymongo.errors.OperationFailure: temporary MONGODB-AWS credentials could not be obtained (pymongo-auth-aws version 1.0.1)
      

      Instead we need to use a PUT request as documented in the auth spec:

      $ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30"`
      $ ROLE_NAME=`curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ -H "X-aws-ec2-metadata-token: $TOKEN"`
      $ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE_NAME -H "X-aws-ec2-metadata-token: $TOKEN"
      

        Attachments

          Activity

            People

            Assignee:
            shane.harvey Shane Harvey
            Reporter:
            shane.harvey Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: