创建 boto3 sts 客户端时出现无效 Header 值错误
Invalid Header Value Error when creating boto3 sts client
我正在使用内部 IDP 进行身份验证,然后使用 SAML 断言来承担与 boto3 sts 客户端一起使用的角色。与 IDP 的交互很好,并且能够在身份验证成功后生成 SAML 断言,但是当我尝试生成 sts 客户端“client = boto3.client('sts')”时,botocore 抛出 Invalid header value 错误.
错误来自我们的出口代理服务器。
File "/usr/local/lib/python3.8/dist-packages/aws_authentication/credentials.py", line 219, in decode_saml_assertion
client = boto3.client('sts')
File "/usr/local/lib/python3.8/dist-packages/boto3/__init__.py", line 93, in client
return _get_default_session().client(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/boto3/session.py", line 258, in client
return self._session.create_client(
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 826, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 430, in get_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1975, in load_credentials
creds = provider.load()
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1028, in load
metadata = fetcher.retrieve_iam_role_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 486, in retrieve_iam_role_credentials
role_name = self._get_iam_role(token)
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 518, in _get_iam_role
return self._get_request(
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 427, in _get_request
response = self._session.send(request.prepare())
File "/usr/local/lib/python3.8/dist-packages/botocore/httpsession.py", line 356, in send
raise HTTPClientError(error=e)
botocore.exceptions.HTTPClientError: An HTTP Client raised an unhandled exception: Invalid header value b'---- proxy error response ----'
发生此问题是因为在 botocore 包中 _fetch_metadata_token 函数 Link is connecting to the url http://169.254.169.254/latest/api/token Link 用于获取元数据令牌。
为了成功连接到 169.254.169.254,我已将其添加到 no_proxy,这样出口 proxy_server 就不会阻塞连接。
no_proxy=localhost,169.254.169.254
将元数据端点 169.254.169.254 添加到 no_proxy 后,我能够连接到 sts 并生成客户端。
我正在使用内部 IDP 进行身份验证,然后使用 SAML 断言来承担与 boto3 sts 客户端一起使用的角色。与 IDP 的交互很好,并且能够在身份验证成功后生成 SAML 断言,但是当我尝试生成 sts 客户端“client = boto3.client('sts')”时,botocore 抛出 Invalid header value 错误.
错误来自我们的出口代理服务器。
File "/usr/local/lib/python3.8/dist-packages/aws_authentication/credentials.py", line 219, in decode_saml_assertion
client = boto3.client('sts')
File "/usr/local/lib/python3.8/dist-packages/boto3/__init__.py", line 93, in client
return _get_default_session().client(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/boto3/session.py", line 258, in client
return self._session.create_client(
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 826, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 430, in get_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1975, in load_credentials
creds = provider.load()
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1028, in load
metadata = fetcher.retrieve_iam_role_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 486, in retrieve_iam_role_credentials
role_name = self._get_iam_role(token)
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 518, in _get_iam_role
return self._get_request(
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 427, in _get_request
response = self._session.send(request.prepare())
File "/usr/local/lib/python3.8/dist-packages/botocore/httpsession.py", line 356, in send
raise HTTPClientError(error=e)
botocore.exceptions.HTTPClientError: An HTTP Client raised an unhandled exception: Invalid header value b'---- proxy error response ----'
发生此问题是因为在 botocore 包中 _fetch_metadata_token 函数 Link is connecting to the url http://169.254.169.254/latest/api/token Link 用于获取元数据令牌。
为了成功连接到 169.254.169.254,我已将其添加到 no_proxy,这样出口 proxy_server 就不会阻塞连接。
no_proxy=localhost,169.254.169.254
将元数据端点 169.254.169.254 添加到 no_proxy 后,我能够连接到 sts 并生成客户端。