fix connect timeout while getting IAM creds in Docker

[aiudirog]

Description of Change

While trying to use S3FS in a Docker container on my EC2, I found that AioIMDSFetcher._fetch_metadata_token() was throwing a ConnectTimeoutError trying to connect to the metadata service with PUT http://169.254.169.254/latest/api/token/. This came from an aiohttp.ServerTimeoutError while trying to submit the PUT.

When I compared the logs to plain botocore, I found that it instead encountered a ReadTimeoutError, which it ignored and moved on to trying GET http://169.254.169.254/latest/meta-data/iam/security-credentials/, which succeeded. This error was redirected from a urllib3.ReadTimeoutError instead of a ConnectTimeoutError.

I believe this particular difference comes from aiohttp and urllib3 handling the server connection issue differently. By handling the ConnectTimeoutError, aiobotocore is able to successfully get the credentials from the metadata service while in Docker.

Note that this issue does not occur outside of Docker, even with an identical virtual env.

Assumptions

• A ConnectTimeoutError from the metadata service shouldn't bubble up and end attempts to resolve credentials

Checklist for All Submissions

• I have added change info to CHANGES.rst
• If this is resolving an issue (needed so future developers can determine if change is still necessary and under what conditions) (can be provided via link to issue with these details):
  • Detailed description of issue
  • Alternative methods considered (if any)
  • How issue is being resolved
  • How issue can be reproduced
• If this is providing a new feature (can be provided via link to issue with these details):
  • Detailed description of new feature
  • Why needed
  • Alternatives methods considered (if any)

Checklist when updating botocore and/or aiohttp versions

• I have read and followed CONTRIBUTING.rst
• I have updated test_patches.py where/if appropriate (also check if no changes necessary)
• I have ensured that the awscli/boto3 versions match the updated botocore version

[lgtm-com]

This pull request introduces 1 alert when merging 215089f into a5920f6 - view on LGTM.com

new alerts:

• 1 for Unused import

[thehesiod]

we still do need to support ConnectTimeoutError: https://github.com/boto/botocore/blob/develop/botocore/httpsession.py#L478. so probably need something a little more refined

[aiudirog]

Digging through the source code, it looks like we can differentiate by looking at the message:

• Connection timeout - https://github.com/aio-libs/aiohttp/blob/8e92c4c7c305f914c17f41539da20822ea7baddf/aiohttp/client.py#L505
• Read timeout - https://github.com/aio-libs/aiohttp/blob/8e92c4c7c305f914c17f41539da20822ea7baddf/aiohttp/client_proto.py#L197

How about:

if str(e).lower().startswith('connect'):
    raise ConnectTimeoutError(...)
else:
    raise ReadTimeoutError(...)

[aiudirog]

@thehesiod Are there any other changes you would like me to make?

[thehesiod]

my apologies for delay, just been crazy here

[codecov]

Codecov Report

Merging #941 (1ef7820) into master (a5920f6) will decrease coverage by 0.03%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #941      +/-   ##
==========================================
- Coverage   86.77%   86.74%   -0.04%     
==========================================
  Files          55       55              
  Lines        5295     5297       +2     
==========================================
  Hits         4595     4595              
- Misses        700      702       +2     

Flag	Coverage Δ
unittests	86.74% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
aiobotocore/httpsession.py	79.66% <0.00%> (-1.38%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a5920f6...1ef7820. Read the comment docs.