bug: aws credentials lost after upgrade to 0.16

[pjstevns]

Describe the Bug

Since upgrading to 0.16 all access to aws fails when wrapped by aws-vault

Any plugin that needs access to aws after authorization through aws-vault fails.

I tried (use daily): awscli, terraform, opentofu

Only workaround is to drop using the mentioned tools as plugins, and fall back to system installed versions.

Steps to Reproduce

1. install asdf 0.16 as usual
2. install binary aws-vault
3. asdf plugin add opentofu
4. asdf install opentofu
5. run: aws-vault exec myaws-profile -- tofu plan

Expected Behaviour

expected outcome should list the changes to be applied

Up until 0.15 wrapping plugins in aws-vault authorization would work fine, since 0.16 there are always issues with the security token.

Actual Behaviour

aws-vault exec myaws-profile -- tofu init -reconfigure

Initializing the backend...
Initializing modules...
╷
│ Error: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 5fb815e1-eba6-4d50-abdd-2e689fcb6c80, api error InvalidClientTokenId: The security token included in the request is invalid.

using the awscli plugin results in similar errors when for example listing buckets.

Environment

OS:
Linux tenkai 6.8.0-1009-oem #9-Ubuntu SMP PREEMPT_DYNAMIC Thu Jul 11 10:15:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

SHELL:
GNU bash, version 5.2.21(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

BASH VERSION:
5.2.21(1)-release

ASDF VERSION:
v0.16.0

ASDF INTERNAL VARIABLES:
ASDF_DEFAULT_TOOL_VERSIONS_FILENAME=.tool-versions
ASDF_DATA_DIR=/home/paul/.asdf
ASDF_CONFIG_FILE=/home/paul/.asdfrc

ASDF INSTALLED PLUGINS:
1password-cli https://github.com/NeoHsu/asdf-1password-cli.git     f5d5aab8ed39e54e4b17eccc21743ae96729a804
awscli        https://github.com/MetricMike/asdf-awscli.git        c26bbb4040c84a913648cd8d1717b6b2ebd20826
direnv        https://github.com/asdf-community/asdf-direnv.git    951acd38bf9aa2258a00a5d87cc9d971fd344a60
nodejs        https://github.com/asdf-vm/asdf-nodejs.git           93bd217ba74f05080eebb7d8e1c146a385b01d7f
opentofu      https://github.com/virtualroot/asdf-opentofu.git     fa2e38597e8d26cec5a6bdf3188e20f5cc1fa337
task          https://github.com/particledecay/asdf-task.git       0831b3c2a6383b46a99c225aa8ae76db03cbbd1a
terraform     https://github.com/asdf-community/asdf-hashicorp.git 22eb1c4a16adcde39aaaf89fbb5d9404a1601fce
zoxide        https://github.com/nyrst/asdf-zoxide                 8ed95c97ca31ea91020afa03c26849ec12dac584

asdf plugins affected (if relevant)

opentofu
terraform
awscli

[Stratus3D]

This appears to be an issue with the https://github.com/MetricMike/asdf-awscli plugin. Please report this issue there, or see #1866.

[pjstevns]

I'm afraid your conclusion seems a bit premature.

This problem started with asdf 0.16 (clean install)

My steps to reproduce do not rely on asdf-awscli

It only happens when one of the aws-vault wrapped tools is running through shims (tested awscli, terraform and opentofu)

kindly re-open this issue, please.

[Stratus3D]

@pjstevns have you checked the awscli plugin's issue tracker for similar issues? If none are listed I'd suggest open an issue there as well. Unless you can point to a specific change in behavior in asdf core that caused this I'm going to leave this issue closed.