Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58842

Error assuming IAM role in Jenkins (es_ES)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      While using amazon-ecs-plugin and aws-credentials-plugin, we are trying to assume an IAM role to describe ECS clusters. We noticed this in logs:

      Exception searching clusters for credentials=Test, regionName=eu-west-1:com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: 1 validation error detected: Value 'Jenkins ' at 'roleSessionName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w+=,.@-]* (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 20e28d0c-b8ff-11e9-8b33-4d7def127bc0)
      

      Looks like roleSessionName is wrong, as it includes a whitespace which breaks the assumeRole action. It doesn't happen in other languages. Forcing Jenkins to use en_GB locales (Using locale plugin for example) fixes it.

      This is the Jenkins file which contains the bad property

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          https://github.com/jenkinsci/aws-credentials-plugin/blob/921d77ada871bd05587148456b7845ffa9022c98/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java#L202 FTR. Depending on a localized field for AWS session name is a pretty bad idea to start with

           

          https://github.com/jenkinsci/jenkins/pull/4145/ works it around, but the fix should be applied in the AWS Credentials Plugin

           

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/aws-credentials-plugin/blob/921d77ada871bd05587148456b7845ffa9022c98/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java#L202  FTR. Depending on a localized field for AWS session name is a pretty bad idea to start with   https://github.com/jenkinsci/jenkins/pull/4145/  works it around, but the fix should be applied in the AWS Credentials Plugin    

            People

            Assignee:
            roehrijn2 Jan Roehrich
            Reporter:
            diegombeltran Diego M. Beltrán
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: