Spaces and single quotes in configuration profile names are improperly handled #1097

djsweet · 2024-03-09T19:14:51Z

Describe the bug

If a configuration profile name ever includes single quotes, or escapes within the single quotes, the AWS SDK for Rust cannot resolve the profile definition, and all client operations in the SDK immediately fail with a DispatchFailure.

Expected Behavior

The AWS SDK for Rust should support all of the string escape conventions as the AWS CLI, so I should be able to use profile definitions in ~/.aws/config like so:

[profile 'My MacBook Pro']
# ...

[profile 'my-macbook-pro']

And then run my code with

$ AWS_PROFILE=my-macbook-pro cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.13s
     Running `target/debug/aws-dynamodb-quickstart`
Tables:
Found 0 tables
$ AWS_PROFILE="My MacBook Pro" cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.13s
     Running `target/debug/aws-dynamodb-quickstart`
Tables:
Found 0 tables

Current Behavior

If my ~/.aws/config looks like

[profile 'My MacBook Pro']
# ...

[profile 'my-macbook-pro']

Then attempting to use the AWS SDK for Rust always fails with a DispatchError:

$ AWS_PROFILE=my-macbook-pro cargo run               
    Finished dev [unoptimized + debuginfo] target(s) in 0.15s
     Running `target/debug/aws-dynamodb-quickstart`
[src/main.rs:31] e = DispatchFailure(
    DispatchFailure {
        source: ConnectorError {
            kind: Other(
                None,
            ),
            source: InvalidConfiguration(
                InvalidConfiguration {
                    source: "ProfileFile provider could not be built: profile `my-macbook-pro` was not defined: could not find source profile my-macbook-pro referenced from the root profile",
                },
            ),
            connection: Unknown,
        },
    },
)
Error: ()
$ AWS_PROFILE="My MacBook Pro" cargo run               
    Finished dev [unoptimized + debuginfo] target(s) in 0.06s
     Running `target/debug/aws-dynamodb-quickstart`
[src/main.rs:31] e = DispatchFailure(
    DispatchFailure {
        source: ConnectorError {
            kind: Other(
                None,
            ),
            source: InvalidConfiguration(
                InvalidConfiguration {
                    source: "ProfileFile provider could not be built: profile `My MacBook Pro` was not defined: could not find source profile My MacBook Pro referenced from the root profile",
                },
            ),
            connection: Unknown,
        },
    },
)
Error: ()

Reproduction Steps

I roughly have the following contents in my ~/.aws/config, with the identifying information removed:

[profile 'My MacBook Pro']
sso_session = My AWS Access
sso_account_id = # ...
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session 'My AWS Access']
sso_start_url = # ...
sso_region = us-east-1
sso_registration_scopes = sso:account:access

[profile my-macbook-pro]
sso_session = my-aws-access
sso_account_id = # ...
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session my-aws-access]
sso_start_url = # ...
sso_region = us-east-1
sso_registration_scopes = sso:account:access

[profile 'Someone'"'"'s MacBook Pro']
sso_session = Someone's AWS Access
sso_account_id = # ...
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session 'Someone'"'"'s AWS Access']
sso_start_url = # ...
sso_region = us-east-1
sso_registration_scopes = sso:account:access

These profile names result from using spaces and single quotes in aws configure sso.

My Cargo.toml is

[package]
name = "aws-dynamodb-quickstart"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
aws-sdk-dynamodb = "1.16.1"
tokio = { version = "1", features = ["full"] }

And src/main.rs is

use aws_config::meta::region::RegionProviderChain;
use aws_config::BehaviorVersion;
use aws_sdk_dynamodb::Client;

#[tokio::main]
async fn main() -> Result<(), ()> {
    let region_provider = RegionProviderChain::default_provider()
        .or_else("us-east-1");
    let config = aws_config::defaults(BehaviorVersion::latest())
        .region(region_provider)
        .load()
        .await;

    let client = Client::new(&config);

    let paginator = client.list_tables().into_paginator().items().send();
    let maybe_table_names = paginator.collect::<Result<Vec<_>, _>>().await;

    match maybe_table_names {
        Ok(table_names) => {
            println!("Tables:");

            for name in &table_names {
                println!("  {}", name);
            }
        
            println!("Found {} tables", table_names.len());
            Ok(())
        },
        Err(e) => {
            dbg!(e);
            Err(())
        }
    }
}

Attempting to use my-macbook-pro as a profile works:

AWS_PROFILE=my-macbook-pro cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.13s
     Running `target/debug/aws-dynamodb-quickstart`
Tables:
Found 0 tables

unless I add otherwise unnecessary quotes to the profile name like so

[profile 'my-macbook-pro']

This still functions properly with the AWS CLI:

AWS_PROFILE=my-macbook-pro aws dynamodb list-tables
{
    "TableNames": []
}

but fails when trying to use the AWS SDK for Rust:

$ AWS_PROFILE=my-macbook-pro cargo run               
    Finished dev [unoptimized + debuginfo] target(s) in 0.15s
     Running `target/debug/aws-dynamodb-quickstart`
[src/main.rs:31] e = DispatchFailure(
    DispatchFailure {
        source: ConnectorError {
            kind: Other(
                None,
            ),
            source: InvalidConfiguration(
                InvalidConfiguration {
                    source: "ProfileFile provider could not be built: profile `my-macbook-pro` was not defined: could not find source profile my-macbook-pro referenced from the root profile",
                },
            ),
            connection: Unknown,
        },
    },
)
Error: ()

The same happens for the My MacBook Pro and Someone's MacBook Pro profiles:

$ AWS_PROFILE="My MacBook Pro" aws dynamodb list-tables
{
    "TableNames": []
}
$ AWS_PROFILE="My MacBook Pro" cargo run               
    Finished dev [unoptimized + debuginfo] target(s) in 0.06s
     Running `target/debug/aws-dynamodb-quickstart`
[src/main.rs:31] e = DispatchFailure(
    DispatchFailure {
        source: ConnectorError {
            kind: Other(
                None,
            ),
            source: InvalidConfiguration(
                InvalidConfiguration {
                    source: "ProfileFile provider could not be built: profile `My MacBook Pro` was not defined: could not find source profile My MacBook Pro referenced from the root profile",
                },
            ),
            connection: Unknown,
        },
    },
)
Error: ()
$ AWS_PROFILE="Someone's MacBook Pro" cargo run               
    Finished dev [unoptimized + debuginfo] target(s) in 0.06s
     Running `target/debug/aws-dynamodb-quickstart`
[src/main.rs:31] e = DispatchFailure(
    DispatchFailure {
        source: ConnectorError {
            kind: Other(
                None,
            ),
            source: InvalidConfiguration(
                InvalidConfiguration {
                    source: "ProfileFile provider could not be built: profile `Someone's MacBook Pro` was not defined: could not find source profile Someone's MacBook Pro referenced from the root profile",
                },
            ),
            connection: Unknown,
        },
    },
)
Error: ()
$ AWS_PROFILE="Someone's MacBook Pro" aws dynamodb list-tables
{
    "TableNames": []
}

Possible Solution

No response

Additional Information/Context

The profile line parser implementation only strips the first "[" and last "]" from the line, so internally the profile is represented as

profile 'My MacBook Pro'

But the SDK is attempting to resolve profile My MacBook Pro, which is not present in the data HashMap.

Version

aws-dynamodb-quickstart v0.1.0 (/Users/djsweet/Scratch/aws-dynamodb-quickstart)
├── aws-config v1.1.7
│   ├── aws-credential-types v1.1.7
│   │   ├── aws-smithy-async v1.1.7
│   │   ├── aws-smithy-runtime-api v1.1.7
│   │   │   ├── aws-smithy-async v1.1.7 (*)
│   │   │   ├── aws-smithy-types v1.1.7
│   │   ├── aws-smithy-types v1.1.7 (*)
│   ├── aws-runtime v1.1.7
│   │   ├── aws-credential-types v1.1.7 (*)
│   │   ├── aws-sigv4 v1.1.7
│   │   │   ├── aws-credential-types v1.1.7 (*)
│   │   │   ├── aws-smithy-http v0.60.6
│   │   │   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   │   │   ├── aws-smithy-types v1.1.7 (*)
│   │   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-smithy-async v1.1.7 (*)
│   │   ├── aws-smithy-http v0.60.6 (*)
│   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-types v1.1.7
│   │   │   ├── aws-credential-types v1.1.7 (*)
│   │   │   ├── aws-smithy-async v1.1.7 (*)
│   │   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   │   ├── aws-smithy-types v1.1.7 (*)
│   ├── aws-sdk-sso v1.15.0
│   │   ├── aws-credential-types v1.1.7 (*)
│   │   ├── aws-runtime v1.1.7 (*)
│   │   ├── aws-smithy-async v1.1.7 (*)
│   │   ├── aws-smithy-http v0.60.6 (*)
│   │   ├── aws-smithy-json v0.60.6
│   │   │   └── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-smithy-runtime v1.1.7
│   │   │   ├── aws-smithy-async v1.1.7 (*)
│   │   │   ├── aws-smithy-http v0.60.6 (*)
│   │   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-types v1.1.7 (*)
│   ├── aws-sdk-ssooidc v1.15.0
│   │   ├── aws-credential-types v1.1.7 (*)
│   │   ├── aws-runtime v1.1.7 (*)
│   │   ├── aws-smithy-async v1.1.7 (*)
│   │   ├── aws-smithy-http v0.60.6 (*)
│   │   ├── aws-smithy-json v0.60.6 (*)
│   │   ├── aws-smithy-runtime v1.1.7 (*)
│   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-types v1.1.7 (*)
│   ├── aws-sdk-sts v1.15.0
│   │   ├── aws-credential-types v1.1.7 (*)
│   │   ├── aws-runtime v1.1.7 (*)
│   │   ├── aws-smithy-async v1.1.7 (*)
│   │   ├── aws-smithy-http v0.60.6 (*)
│   │   ├── aws-smithy-json v0.60.6 (*)
│   │   ├── aws-smithy-query v0.60.6
│   │   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-smithy-runtime v1.1.7 (*)
│   │   ├── aws-smithy-runtime-api v1.1.7 (*)
│   │   ├── aws-smithy-types v1.1.7 (*)
│   │   ├── aws-smithy-xml v0.60.6
│   │   ├── aws-types v1.1.7 (*)
│   ├── aws-smithy-async v1.1.7 (*)
│   ├── aws-smithy-http v0.60.6 (*)
│   ├── aws-smithy-json v0.60.6 (*)
│   ├── aws-smithy-runtime v1.1.7 (*)
│   ├── aws-smithy-runtime-api v1.1.7 (*)
│   ├── aws-smithy-types v1.1.7 (*)
│   ├── aws-types v1.1.7 (*)
├── aws-sdk-dynamodb v1.16.1
│   ├── aws-credential-types v1.1.7 (*)
│   ├── aws-runtime v1.1.7 (*)
│   ├── aws-smithy-async v1.1.7 (*)
│   ├── aws-smithy-http v0.60.6 (*)
│   ├── aws-smithy-json v0.60.6 (*)
│   ├── aws-smithy-runtime v1.1.7 (*)
│   ├── aws-smithy-runtime-api v1.1.7 (*)
│   ├── aws-smithy-types v1.1.7 (*)
│   ├── aws-types v1.1.7 (*)

Environment details (OS name and version, etc.)

macOS Sonoma 14.2.1

Logs

No response

The text was updated successfully, but these errors were encountered:

rcoh · 2024-03-11T14:21:17Z

Hello and thanks for the detailed bug report!

Although this is technically supported by the CLI, you'll note that multi-word quoted strings are not found anywhere in the documentation. When other SDKs implemented support for the shared configuration file, a decision was explicitly made to not support quoted profile names.

This decision was made to avoid adding complexity to the parsers written for other languages and because building an identical implementation would be challenging.

See this quote from the documentation:

A section definition is a line that applies a name to a collection of settings. Section definition lines start and end with square brackets ([ ]). Inside the brackets, there is a section type identifier and a custom name for the section. You can use letters, numbers, hyphens ( - ), and underscores ( _ ), but no spaces.

I'd suggest avoiding using this format of profile names—I suspect it won't work in many SDKs.

If there's a reason why you explicitly need this functionality in Rust (and other SDKs), we want to understand why.

github-actions · 2024-03-21T15:02:30Z

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.

djsweet · 2024-03-22T14:56:39Z

Hello again! It seems that this is a bug in aws-cli and not the Rust SDK based on the linked documentation. This can be closed, but I'll likely be referencing this in a follow-up report to aws-cli.

github-actions · 2024-03-25T13:59:44Z

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

djsweet added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 9, 2024

rcoh added response-requested Waiting on additional info and feedback. Will move to 'closing-soon' in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Mar 11, 2024

github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Mar 21, 2024

github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to 'closing-soon' in 7 days. labels Mar 22, 2024

rcoh closed this as completed Mar 25, 2024

dscpinheiro mentioned this issue Jul 22, 2024

SSO fails with "Failed to find sso_session" aws/aws-sdk-net#3393

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Spaces and single quotes in configuration profile names are improperly handled #1097

Spaces and single quotes in configuration profile names are improperly handled #1097

djsweet commented Mar 9, 2024

rcoh commented Mar 11, 2024

github-actions bot commented Mar 21, 2024

djsweet commented Mar 22, 2024

github-actions bot commented Mar 25, 2024