[gdal-dev] errors using IAM instance profile auth in s3
Even Rouault
even.rouault at spatialys.com
Sat Nov 19 06:26:00 PST 2022
Hi Mike,
could you send the output of
curl
http://169.254.169.254/latest/meta-data/iam/security-credentials/iam-grid-s3
Slightly redacted of course, but with the exact formatting. This part of
thee code currently uses a "simple JSON parser"
(https://github.com/OSGeo/gdal/blob/c61d116a469821b769630a112dee7f1a61fed885/port/cpl_aws.cpp#L554),
which is actually just a non JSON-aware string tokenizer, and I suspect
it could be defeated by a new formatting of S3 or something specific to
your credentials.
It could also be that something unhandled by that parser appears inside
quoted strings, like an escaped double quote or some other JSON escaped
character (like an escaped forward slash \/ )
If that was the case we should likely switch to proper JSON
deserialization (that part of the code must predate libjson-c being a
build requirement of GDAL).
Even
--
http://www.spatialys.com
My software is free, but my time generally not.
More information about the gdal-dev
mailing list