Default configuration failing in Github Actions #1266
Description
Describe the bug
Credential chains are supposed to return the "no credentials provided" error variant when they successfully check for credentials and find none.
This currently fails for the default chain in Github Actions: ImdsCredentialsProvider is reporting an error caused by the IMDS API returning HTTP status 411.
My guess is that this is caused by header changes made by the HTTP proxy used in Github Actions.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
The default configuration works in normal circumstances.
The SDK can be configured to work around common third-party errors.
Current Behavior
Error: ProviderError(ProviderError { source: FailedToLoadToken(FailedToLoadToken { source: ServiceError(ServiceError { source: TokenError { kind: InvalidToken }, raw: Response { status: StatusCode(411), headers: Headers { headers: {"content-type": HeaderValue { _private: H1("text/html; charset=us-ascii") }, "server": HeaderValue { _private: H1("Microsoft-HTTPAPI/2.0") }, "date": HeaderValue { _private: H1("Tue, 25 Mar 2025 16:48:52 GMT") }, "connection": HeaderValue { _private: H1("close") }, "content-length": HeaderValue { _private: H1("344") }} }, body: SdkBody { inner: Once(Some(b"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"[http://www.w3.org/TR/html4/strict.dtd\](http://www.w3.org/TR/html4/strict.dtd/)">\r\n<HTML><HEAD><TITLE>Length Required</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Length Required</h2>\r\n<hr><p>HTTP Error 411. The request must be chunked or have a content length.</p>\r\n</BODY></HTML>\r\n")), retryable: true }, extensions: Extensions { extensions_02x: Extensions, extensions_1x: Extensions } } }) }) })
Formatted:
(By Claude, my editor-fu isn't good enough to do it quickly for Rust's debug format 🙈)
Error: ProviderError(
ProviderError {
source: FailedToLoadToken(
FailedToLoadToken {
source: ServiceError(
ServiceError {
source: TokenError {
kind: InvalidToken
},
raw: Response {
status: StatusCode(411),
headers: Headers {
headers: {
"content-type": HeaderValue { _private: H1("text/html; charset=us-ascii") },
"server": HeaderValue { _private: H1("Microsoft-HTTPAPI/2.0") },
"date": HeaderValue { _private: H1("Tue, 25 Mar 2025 16:48:52 GMT") },
"connection": HeaderValue { _private: H1("close") },
"content-length": HeaderValue { _private: H1("344") }
}
},
body: SdkBody {
inner: Once(
Some(
b"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n
<HTML><HEAD><TITLE>Length Required</TITLE>\r\n
<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n
<BODY><h2>Length Required</h2>\r\n
<hr><p>HTTP Error 411. The request must be chunked or have a content length.</p>\r\n
</BODY></HTML>\r\n"
)
),
retryable: true
},
extensions: Extensions {
extensions_02x: Extensions,
extensions_1x: Extensions
}
}
}
)
}
)
}
)
Reproduction Steps
Run this in a Github workflow:
use aws_credential_types::provider::ProvideCredentials;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
let credentials_provider = sdk_config
.credentials_provider()
.ok_or("No credentials provider")?;
let _credentials = credentials_provider.provide_credentials().await?;
Ok(())
}Repo with reproduction: https://github.com/Kinrany/aws-sdk-imds-github-actions-repro
Possible Solution
No response
Additional Information/Context
No response
Version
aws-credential-types v1.2.2
aws-config v1.6.0
Environment details (OS name and version, etc.)
Github Actions