-
Notifications
You must be signed in to change notification settings - Fork 530
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When there are AWS credentials in the environment, the session is ignored. #1507
Comments
@wmaiouiru I am not able to reproduce this locally on my laptop. If I pass an empty boto3 session to Env, the logs show that boto3 finds credentials in my shared credentials file (expected) and hands them to Rasterio. >>> import rasterio
>>> from rasterio.session import AWSSession
>>> import logging
>>> import boto3
>>> logging.basicConfig(level=logging.DEBUG)
>>> with rasterio.Env(AWSSession(boto3.Session())) as env:
... print(env.options)
...
DEBUG:botocore.hooks:Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
DEBUG:botocore.hooks:Changing event name from before-call.apigateway to before-call.api-gateway
DEBUG:botocore.hooks:Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
DEBUG:botocore.hooks:Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
DEBUG:botocore.hooks:Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
DEBUG:botocore.hooks:Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
DEBUG:botocore.hooks:Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
DEBUG:botocore.hooks:Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
DEBUG:botocore.hooks:Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section
DEBUG:botocore.hooks:Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
DEBUG:botocore.hooks:Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable config_file from defaults.
DEBUG:botocore.session:Loading variable credentials_file from defaults.
DEBUG:botocore.session:Loading variable data_path from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable credentials_file from defaults.
DEBUG:botocore.session:Loading variable config_file from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable metadata_service_timeout from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable metadata_service_num_attempts from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.credentials:Looking for credentials via: env
DEBUG:botocore.credentials:Looking for credentials via: assume-role
DEBUG:botocore.credentials:Looking for credentials via: shared-credentials-file
INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials
DEBUG:rasterio.env:Entering env context: <rasterio.env.Env object at 0x1188c27f0>
DEBUG:rasterio.env:Starting outermost env
DEBUG:rasterio.env:No GDAL environment exists
DEBUG:rasterio.env:New GDAL environment <rasterio._env.GDALEnv object at 0x1188c2ba8> created
DEBUG:rasterio._env:Logging error handler pushed.
DEBUG:rasterio._env:All drivers registered.
DEBUG:rasterio._env:Started GDALEnv <rasterio._env.GDALEnv object at 0x1188c2ba8>.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable region from config file with value 'us-west-2'.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable region from config file with value 'us-west-2'.
DEBUG:rasterio.env:Entered env context: <rasterio.env.Env object at 0x1188c27f0>
{'AWS_ACCESS_KEY_ID': '***', 'AWS_SECRET_ACCESS_KEY': '***', 'AWS_REGION': 'us-west-2'}
DEBUG:rasterio.env:Exiting env context: <rasterio.env.Env object at 0x1188c27f0>
DEBUG:rasterio.env:Cleared existing <rasterio._env.GDALEnv object at 0x1188c2ba8> options
DEBUG:rasterio._env:Stopping GDALEnv <rasterio._env.GDALEnv object at 0x1188c2ba8>.
DEBUG:rasterio._env:Error handler popped.
DEBUG:rasterio._env:Stopped GDALEnv <rasterio._env.GDALEnv object at 0x1188c2ba8>.
DEBUG:rasterio.env:Exiting outermost env
DEBUG:rasterio.env:Exited env context: <rasterio.env.Env object at 0x1188c27f0> If I pass an access key and a secret key to >>> with rasterio.Env(AWSSession(boto3.Session(aws_access_key_id='foo', aws_secret_access_key='bar'))) as env:
... print(env.options)
...
DEBUG:botocore.hooks:Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
DEBUG:botocore.hooks:Changing event name from before-call.apigateway to before-call.api-gateway
DEBUG:botocore.hooks:Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
DEBUG:botocore.hooks:Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
DEBUG:botocore.hooks:Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
DEBUG:botocore.hooks:Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
DEBUG:botocore.hooks:Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
DEBUG:botocore.hooks:Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
DEBUG:botocore.hooks:Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section
DEBUG:botocore.hooks:Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
DEBUG:botocore.hooks:Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable config_file from defaults.
DEBUG:botocore.session:Loading variable credentials_file from defaults.
DEBUG:botocore.session:Loading variable data_path from defaults.
DEBUG:rasterio.env:Entering env context: <rasterio.env.Env object at 0x1188da518>
DEBUG:rasterio.env:Starting outermost env
DEBUG:rasterio.env:No GDAL environment exists
DEBUG:rasterio.env:New GDAL environment <rasterio._env.GDALEnv object at 0x1188da8d0> created
DEBUG:rasterio._env:Logging error handler pushed.
DEBUG:rasterio._env:All drivers registered.
DEBUG:rasterio._env:Started GDALEnv <rasterio._env.GDALEnv object at 0x1188da8d0>.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable region from config file with value 'us-west-2'.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable profile from defaults.
DEBUG:botocore.session:Loading variable region from config file with value 'us-west-2'.
DEBUG:rasterio.env:Entered env context: <rasterio.env.Env object at 0x1188da518>
{'AWS_ACCESS_KEY_ID': 'foo', 'AWS_SECRET_ACCESS_KEY': 'bar', 'AWS_REGION': 'us-west-2'}
DEBUG:rasterio.env:Exiting env context: <rasterio.env.Env object at 0x1188da518>
DEBUG:rasterio.env:Cleared existing <rasterio._env.GDALEnv object at 0x1188da8d0> options
DEBUG:rasterio._env:Stopping GDALEnv <rasterio._env.GDALEnv object at 0x1188da8d0>.
DEBUG:rasterio._env:Error handler popped.
DEBUG:rasterio._env:Stopped GDALEnv <rasterio._env.GDALEnv object at 0x1188da8d0>.
DEBUG:rasterio.env:Exiting outermost env
DEBUG:rasterio.env:Exited env context: <rasterio.env.Env object at 0x1188da518> I'm using boto3==1.9.6 and botocore==1.12.6. |
@sgillies Thank you for the follow-up.
The following is my logs.
|
@wmaiouiru thanks for reporting! This is looking like a bug to me. I'll follow up here with news about the fix. |
I'm seeing similar behavior, however instead of the specified AWS profile, rasterio picks up the
I'm on MacOSX Sierra 10.12.6 |
I think this is because src = rasterio.DatasetReader(rasterio.path.parse_path(url)) |
@wmaiouiru @fungjj92 I've got the fix in d5f2cd6. Sorry about the bug! |
I'm seeing this behavior again, in the current version (1.3.4), every time I call |
@ygesher-pw no, that's just botocore logging that it found credentials in the environment. It's not a sign that rasterio is ignoring the session in favor of credentials in the environment. |
If I remember well this see: boto/botocore#2191 edit: 🤦 no this is totally unrelated but at least it shows one possible fix if you want to remove the logs 😅 import logging
logging.getLogger("botocore.credentials").disabled = True |
Ok, then perhaps I need to open a separate issue. As far I understand, this log line means that every time I open a raster, rasterio starts a new boto session. That doesn't seem right for many reasons. And since this gets logged no matter how many times I open a raster in the same process, it feels like it's related to the issue originally reported in this thread. |
It's only if you try to open an S3 path and you can easily avoid this by creating a session and using it like from boto3.session import Session as boto3_session
import rasterio
from rasterio.session import AWSSession
session = boto3_session()
aws_session = AWSSession(session=session)
with rasterio.Env(aws_session):
with rasterio.open(...) as src:
.... |
@ygesher-pw current behaviour is "as intended", original issue and it's duplicate were about doing this work even when operating within an already activated environment as listed in the code sample provided by Vincent ( One could argue that |
Ok in this case I'll open a new issue, since I see this when opening local files! |
I can't reproduce locally 🤷 @ygesher-pw please provide a full reproductible example and mention how you installed rasterio and your system 🙏 |
Update: If you use
|
I apologize, I think I've been barking up the wrong tree. The code snippet that logs this line has both a |
Ok after a little additional debugging I successfully isolated the line responsible - it's actually |
Expected behavior and actual behavior.
Expected: After setting boto3 credentials, rasterio environment should use the boto3 credentials.
Actual: Instead, when there are AWS credentials in the environment, the session credentials is ignored.
Steps to reproduce the problem.
Code in Rasterio: 1.0.3
with rasterio.Env(aws_access_key_id=access_key, aws_secret_access_key=secret_access_key):
Code in Rasterio: 1.0.8
from rasterio.session import AWSSession
boto3_session = boto3.Session(aws_access_key_id=access_key, aws_secret_access_key=secret_access_key)
with rasterio.Env(AWSSession(boto3_session)):
Local Dev Message when invoking rasterio.open:
Found credentials in shared credentials file: ~/.aws/credentials
Python AWS Lambda Message when invoking rasterio.open:
Found credentials in environment variables.
Checking
rasterio.env.getenv()
, the correct credentials are there, but when opening the image, I receive the following error:[ERROR] - '/vsis3/<s3-bucket>/<path-name>' not recognized as a supported file format.
In Python AWS Lambda deployed using serverless.yml, the credentials are changed even after setting the enviroment variable in Makefile.
--env AWS_ACCESS_KEY_ID=<id>\ --env AWS_SECRET_ACCESS_KEY=<key>\
Setting the image to be publically accessible in s3 without using the session credentials, both Python AWS Lambda and local dev works.
Operating system
Dev: Ubuntu 16.04
Production: AWS Lambda Python 3.6
Rasterio version and provenance
rasterio[s3]==1.0.3
rasterio[s3]==1.0.8
The text was updated successfully, but these errors were encountered: