Fatal编程技术网
  • ruby/
  • Ruby 使用aws sdk和vault gem进行身份验证时出错

Ruby 使用aws sdk和vault gem进行身份验证时出错

ruby amazon-web-services

Ruby 使用aws sdk和vault gem进行身份验证时出错,ruby,amazon-web-services,hashicorp-vault,Ruby,Amazon Web Services,Hashicorp Vault,我使用and作为概念验证脚本。代码如下: #!/usr/bin/env ruby require 'vault' require 'pp' require 'trollop' require 'aws-sdk' opts = Trollop::options do opt :verify_ssl, "verify ssl connection" opt :address, "Vault Address", :type => :string, :default => "ht

我使用and作为概念验证脚本。代码如下:

#!/usr/bin/env ruby

require 'vault'
require 'pp'
require 'trollop'
require 'aws-sdk'

opts = Trollop::options do
  opt :verify_ssl, "verify ssl connection"
  opt :address, "Vault Address", :type => :string, :default => "http://localhost:8200"
  opt :username, "Username to authenticate against Vault", :type => :string
  opt :password, "Password to authenticate against Vault", :default => ENV['VAULT_PASSWORD'], :type => :string
end

Trollop::die :username, "please supply a username" if ! opts[:username]
Trollop::die :password, "please supply a password" if ! opts[:password]


# Configure vault
Vault.configure do |config|
  config.address = opts[:address]
  config.ssl_verify = opts[:verify_ssl]
end

Vault.auth.userpass(opts[:username], opts[:password])

aws = Vault.logical.read("aws/creds/readonly")

@client = Aws::EC2::Client.new(access_key_id: aws.data[:access_key].to_s, secret_access_key: aws.data[:secret_key].to_s, region: 'us-west-2')
pp @client.describe_instances
很简单。它使用用户名密码对vault进行身份验证,从AWS secret后端检索凭据,然后尝试列出实例

但是,当我运行此程序时,会遇到以下问题:

/Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call': AWS was not able to validate the provided access credentials (Aws::EC2::Errors::AuthFailure)
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/aws-sdk-core/plugins/response_paging.rb:26:in `call'
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/seahorse/client/plugins/response_target.rb:21:in `call'
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/seahorse/client/request.rb:70:in `send_request'
    from /Users/l/.rvm/gems/ruby-2.3.1/gems/aws-sdk-core-2.7.13/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
    from aws.rb:33:in `<main>'
然后修改连接以对信息进行编码:

@client = Aws::EC2::Client.new(access_key_id: "access_key", secret_access_key: "secret_key" ,region: 'us-west-2')
它工作没有任何问题

为什么会发生这种情况?

能否在代码中添加puts调用,以确保在初始化EC2客户端之前设置了puts?确实如此,我可以在调试输出中看到生成的密钥。 
@client = Aws::EC2::Client.new(access_key_id: "access_key", secret_access_key: "secret_key" ,region: 'us-west-2')