Bad credentials hard to debug about paws HOT 9 CLOSED

paws.common 0.5.6 is on its way to the cran. closing this ticket, thanks for raising this and all the help in implementing it :)

from paws.

Hi @jonocarroll, I apologise if I have miss understood anything. Is this asking for a better error message to help debug potential missing credentials i.e.

Sys.setenv(AWS_PROFILE = "not_my_profile")
s3 <- paws::s3()
s3$download_file("some_bucket", "mtcars.csv", tmp)
# Error : Missing credentials from profile `note_my_profile`. Please review you config file....

Or if it listed what is missing? Please correct me if I haven't captured it correctly :)

from paws.

I see that paws.common:::Request() contains

        if (is.null(credentials[[aws_profile]])) {
            return(NULL)
        }

but this just allows the loop over providers in paws.common:::get_credentials() to fall through to no_credentials()

I'd like to suggest that in Request() (or even earlier in the chain) where is.null(credentials[[aws_profile]]) and the request is not specifically anonymous, that the error be generated with a meaningful message and traceback, perhaps something like

Error: Profile 'not_my_profile' not found in credentials file
Error in read_credentials(): Profile 'not_my_profile' not found
Error: 'not_my_profile' is not a named profile in `~/.aws/credentials`

This is a different error to not setting AWS_PROFILE at all, finding the profile but not the associated keys or their values, and the credentials themselves being insufficient.

from paws.

Ah I see, we could add more information to the logger so a user could get more information. I will have a little look at this over the next few days :)

from paws.

@jonocarroll Here is an initial implementation for debugging credentials:

remotes::install_github("DyfanJones/paws/paws.common", ref = "cred_logging")

options("paws.log_level" = 3L)
s3 <- paws::s3(list(credentials = list(profile = "dummy")))
s3$list_buckets()
#> INFO [2023-02-22 12:10:52.370]: Profile 'dummy' not found in '/Users/dyfanjones/.aws/credentials'
#> INFO [2023-02-22 12:10:52.381]: Profile 'profile dummy' not found in '/Users/dyfanjones/.aws/config'
#> INFO [2023-02-22 12:10:52.405]: Unable to obtain access_key_id, secret_access_key or session_token
#> INFO [2023-02-22 12:10:52.434]: Unable to obtain iam role
#> Error: No credentials provided

^{Created on 2023-02-22 with reprex v2.0.2}

Please have a go and provide some feedback :)

from paws.

FWIW, I wasn't aware of the paws.log_level option - perhaps I should have looked for that. This is an improvement and using call. = FALSE leads to a less obscure message, but in terms of "what does the user do with this info?" I worry that a user who thinks they added credentials (with an invalid profile) still needs more to resolve a fallthrough to "no credentials", keeping in mind that they don't necessarily know that it's a fallthrough.

If intercepting this scenario earlier in the process isn't attractive, could I suggest

stop("No compatible credentials provided. Use `options("paws.log_level" = 3L)` for more info")

since that nicely provides the actionable information.

from paws.

I see what you mean. If users aren't aware of logging option then they might struggle setting up there environment. Made a slight modification to the branch.

remotes::install_github("DyfanJones/paws/paws.common", ref = "cred_logging")

Default error message.

s3 <- paws::s3(list(credentials = list(profile = "dummy")))
s3$list_buckets()
#> Error: No compatible credentials provided. Use `options("paws.log_level" = 3L)` for more information.

Updated error message after log_level has been set to 3L.

options("paws.log_level" = 3L)
s3 <- paws::s3(list(credentials = list(profile = "dummy")))
s3$list_buckets()
#> INFO [2023-02-23 09:56:41.736]: Profile 'dummy' not found in '/Users/dyfanjones/.aws/credentials'
#> INFO [2023-02-23 09:56:41.749]: Profile 'profile dummy' not found in '/Users/dyfanjones/.aws/config'
#> INFO [2023-02-23 09:56:41.767]: Unable to obtain access_key_id, secret_access_key or session_token
#> INFO [2023-02-23 09:56:43.834]: Unable to obtain iam role
#> Error: No compatible credentials provided.

from paws.

I like that; it's actionable and makes it clear what went wrong. Thanks so much!

from paws.

@williazo Thanks for all your help with this. I will push this to the cran next week :) in the mean time it will be accessible through r-universe.

install.packages('paws.common', repos = c('https://paws-r.r-universe.dev', 'https://cloud.r-project.org'))

I will keep this ticket open until the cran release 😄

from paws.