ruimarinho / gsts Goto Github PK

View Code? Open in Web Editor NEW

217.0 5.0 38.0 1.9 MB

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.

License: MIT License

JavaScript 100.00%

amazon-services google saml authentication sts sts-credentials aws

gsts's People

Contributors

Stargazers

Watchers

gsts's Issues

Add Okta identity support

Hi @ruimarinho, my company is using Okta integrated with our Google services. This causes gsts to invalidate requests made to Okta resources and the authentication process gets stuck. As a quick workaround, I added the "okta" substring into the allowed identity resources and it worked well.

gsts/index.js

Lines 313 to 317 in d3741f4

    
           if (/google|gstatic|youtube|googleusercontent|googleapis|gvt1/.test(route.request().url())) { 
        
             logger.debug(`Allowing request to "${route.request().url()}"`); 
        
             route.continue(); 
        
             return; 
        
           }

Do you think this would be the proper solution?

Google is detecting puppeteer :(

both with --experimental-u2f-support and not, puppeteer is being blocked.

Does not respect system default browser

Is it expected that gsts would pop Chromium instead of my system default Safari?

role-arn argument is not respected when existing session exists

When I want to change who I am, gsts is very keen to tell me that there's an existing session:

; gsts --aws-role-arn arn:aws:sts::426442959523:role/...
Skipping re-authorization as session is valid until Sat Apr 25 2020 04:54:45 GMT+1000 (Australian Eastern Standard Time). Use --force to ignore.

It would be nice if --force wasn't required in this situation (i.e. that it recognised that this wasn't the current role).

allow setting puppeteer executablePath

For my new aarch machine, puppeteer ships with the x86_64 binary still, and that won't be runnable; thus, I need to override executablePath

Is it possible to support a command line flag for specifying a custom chromium to run instead of puppeteer's default? e.g. executablePath: '/usr/bin/chromium-browser'

Failed to launch chromium because executable doesn't exist

browserType.launchPersistentContext: Failed to launch chromium because executable doesn't exist at /Users/XXXX/Library/Caches/ms-playwright/chromium-844399/chrome-mac/Chromium.app/Contents/MacOS/Chromium
Try re-installing playwright with "npm install playwright"
Note: use DEBUG=pw:api environment variable and rerun to capture Playwright logs.
    at Connection.sendMessageToServer (/usr/local/lib/node_modules/gsts/node_modules/playwright/lib/client/connection.js:69:15)
    at Proxy.<anonymous> (/usr/local/lib/node_modules/gsts/node_modules/playwright/lib/client/channelOwner.js:44:61)
    at /usr/local/lib/node_modules/gsts/node_modules/playwright/lib/client/browserType.js:82:48
    at async BrowserType._wrapApiCall (/usr/local/lib/node_modules/gsts/node_modules/playwright/lib/client/channelOwner.js:72:28)

related: microsoft/playwright#4033

Add option to copy URL instead of opening browser automatically

I use WSL, so GUI support is clunky. I got it to work, but I would like to be able to just copy the authentication URL into my native browser instead of gsts trying to open a browser automatically. Google Cloud's gcloud does this for example.

Would it be possible to implement this flow, enabled by a command line option?

Chromium not launching on macOS Big Sur 11.0.1 / iTerm 2

After attempting to login using iTerm2 gsts gets stuck Logging in and Chromium never launches to continue the login flow.

Expecting value: line 1 column 1 (char 0)

I am trying to install this tool using the credential_process. I have all the values as per the docs. When I run a test command such as aws sts get-caller-identity or aws ec2 describe-instances , I get the following output Expecting value: line 1 column 1 (char 0). I must be missing something.

I am a Linux user if it helps.

gsts clashes with ohmyzsh git plugin

The plugin for git in ohmyzsh causes conflict with this.

https://github.com/ohmyzsh/ohmyzsh/tree/master/plugins/git

You can solve my either 1.) disabling the plugin or 2.) unaliasing at the end of your . files.

chromium window closes after google 2fa has succeeded, before creds fetched

ℹ Request to "https://signaler-pa.googleapis.com/punctual/multi-watch/channel?gsessionid=[snip]&key=[snip]&VER=8&RID=rpc&SID=[snip]&CI=0&AID=0&TYPE=xmlhttp&zx=[snip]&t=1" has failed
ℹ Aborted due to client request
ℹ An unknown error has ocurred while authenticating in headful mode page.waitForResponse: Page closed
=========================== logs ===========================
waiting for response "https://signin.aws.amazon.com/saml"
============================================================
    at /Users/cdueltgen/.volta/tools/image/packages/gsts/lib/node_modules/gsts/index.js:385:18
ℹ Headful instance has exited with code 1

cc @cdueltgen who experienced this problem

Big Sur 11.6.1, gsts 3.0.7

Error `Cannot find module ./credentials-manager`

I used yarn to install gsts.
However, I get this error:

[root@mbp]# gsts
internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module './credentials-manager'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/usr/sbin/gsts:7:28)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)

[root@mbp]#

Plist file generated from --daemon command has invalid option

The plist file generated from the --daemon flag has this option:

      <string>--engine-executable-path=null</string>

This is even the case when --engine-executable-path isn't used.

Which is causing puppeteer to error because it can't find browser null:

TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md

    at onClose (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:750:14)
    at ChildProcess.<anonymous> (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:741:65)
    at ChildProcess.emit (events.js:315:20)
    at ChildProcess.EventEmitter.emit (domain.js:485:12)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:274:12)
    at onErrorNT (internal/child_process.js:468:16)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)
Error: Failed to launch the browser process! spawn null ENOENT

Fixable on my end by just removing that configuration option from the file.
Ran into this issue in 3.0.2, but it might have happened in earlier versions.

multiple daemon entries

as a workaround for this issue (#60), we are exploring the use of gsts --daemon

gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=test_a --aws-role-arn=arn:aws:iam::12345:role/${ROLE} --force --daemon
gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=test_b --aws-role-arn=arn:aws:iam::98765:role/${ROLE} --force --daemon

We have two different AWS accounts, and two different roles. However, running this command only resulted in one io.github.ruimarinho.gsts.plist file being generated, with only the test_b profile. I believe it overwrites the test_a one. Is it possible to have two daemons? One for each profile?

$ cat /Users/donovanhernandez/Library/LaunchAgents/io.github.ruimarinho.gsts.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>io.github.ruimarinho.gsts</string>
    <key>EnvironmentVariables</key>
    <dict>
      <key>PATH</key>
      <string>/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin</string>
    </dict>
    <key>RunAtLoad</key>
    <true/>
    <key>StartInterval</key>
    <integer>600</integer>
    <key>StandardErrorPath</key>
    <string>/usr/local/var/log/gsts.stdout.log</string>
    <key>StandardOutPath</key>
    <string>/usr/local/var/log/gsts.stderr.log</string>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/bin/gsts</string>
      <string>--aws-profile=test_b</string>
      <string>--aws-role-arn=arn:aws:iam::98765:role/REDACTED</string>
      <string>--aws-shared-credentials-file=/Users/donovanhernandez/.aws/credentials</string>
      <string>--force</string>
      <string>--idp-id=REDACTED</string>
      <string>--engine=chromium</string>
      <string>--sp-id=REDACTED</string>
    </array>
  </dict>
</plist>⏎

Saving credentials fails silently if SessionDuration exceeds Maximum CLI/API session duration

was running into #8 before upgrading versions, but now it "succeeds" in terms of not printing any errors but neither updates the creds file or says "Login successful!".

WSL2 Support

I get the following message in WSL2 because WSL does not support X-Windows. As you can interact with chrome via selenium server I figure the same must be possible with puppeteer. If we can configure it to connect to the browser remotely rather than trying to launch chromium it would probably work.

Error: Failed to launch the browser process!
[15561:15561:0520/125002.805120:ERROR:browser_main_loop.cc(1512)] Unable to open X display.


TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md

    at onClose (/home/sam/.nvm/versions/node/v12.16.3/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:750:14)
    at ChildProcess.<anonymous> (/home/sam/.nvm/versions/node/v12.16.3/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:740:61)```

v2.3.0-beta.1 hangs instead of logging in

Need to dig in to this a bit more, but:

gsts \
    --aws-role-arn arn:aws:iam::ACC1:role/ROLE1,arn:aws:iam::ACC1:saml-provider/PROVIDER \
    --aws-session-duration 28800 \
    --sp-id "$OUR_SPID" \
    --idp-id "$OUR_IDPID" \
    --username "$MY_USER" \
    --aws-profile "$MY_AWS_PROFILE" \
    --enable-experimental-u2f-support \
    --verbose

Gives me:

ℹ Attempting to retrieve session expiration credentials
ℹ Parsed SAML assertion {
  attributes: [
    {
      name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
      value: [ 'MY_SESSION_NAME', [length]: 1 ]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/Role',
      value: [
        'arn:aws:iam::ACC1:role/ROLE1,arn:aws:iam::ACC1:saml-provider/PROVIDER',
        ...
        [length]: 3
      ]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/SessionDuration',
      value: [ '28800', [length]: 1 ]
    },
    [length]: 3
  ]
}
ℹ Parsed default IDP SessionDuration attribute with value 28800
ℹ Parsed Role attribute with value [
  Role {
    name: 'ROLE1',
    roleArn: 'arn:aws:iam::ACC1:role/ROLE1',
    principalArn: 'arn:aws:iam::ACC1:saml-provider/PROVIDER',
    sessionDuration: 28800
  },
  ...
  [length]: 3
]
ℹ Found custom role ARN "arn:aws:iam::ACC1:role/ROLE1" with principal ARN "arn:aws:iam::ACC1:saml-provider/PROVIDER"
ℹ An error has ocurred while authenticating Error: connect ETIMEDOUT 169.254.169.254:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1137:16) {
  message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
  errno: 'ETIMEDOUT',
  code: 'CredentialsError',
  syscall: 'connect',
  address: '169.254.169.254',
  port: 80,
  time: 2020-04-24T01:40:03.373Z,
  originalError: {
    message: 'Could not load credentials from any providers',
    errno: 'ETIMEDOUT',
    code: 'CredentialsError',
    syscall: 'connect',
    address: '169.254.169.254',
    port: 80,
    time: 2020-04-24T01:40:03.373Z,
    originalError: {
      message: 'EC2 Metadata roleName request returned error',
      errno: 'ETIMEDOUT',
      code: 'ETIMEDOUT',
      syscall: 'connect',
      address: '169.254.169.254',
      port: 80,
      time: 2020-04-24T01:40:03.373Z,
      originalError: [Object]
    }
  }
}
(node:72095) UnhandledPromiseRejectionWarning: TypeError: logger.fail is not a function
    at Page.<anonymous> (/Users/MY_USER/.nvm/versions/node/v12.16.1/lib/node_modules/gsts/index.js:262:16)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:72095) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:72095) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
ℹ Request to "https://signin.aws.amazon.com/saml" has been aborted

Allow for usage of aws config file for google config like aws-google-auth does

Using the aws config file for the google config helps with managing many profiles that assume a different role each.

Rather than having to remember the role arns for different profiles and pass them to the gsts command it would be handy for gsts to look in the aws config based on the aws-profile that I pass it.

See an example of a config item used for aws-google-auth below along with a link to the part in the code where the file is read and config is set

[profile {profile_name}]
region = {region}
google_config.ask_role = False
google_config.keyring = False
google_config.duration = 3600
google_config.google_idp_id = {idp_id}
google_config.google_sp_id = {sp_id}
google_config.u2f_disabled = False
google_config.google_username = {user_name}
google_config.bg_response = None
google_config.role_arn = arn:aws:iam::{account_id}:role/{role_name}

https://github.com/cevoaustralia/aws-google-auth/blob/19a48a54fa69e5874764b9764da3f6bac6312777/aws_google_auth/configuration.py#L163

The requested DurationSeconds exceeds the MaxSessionDuration set for this role

This script assumes that the value of https://aws.amazon.com/SAML/Attributes/SessionDuration is less than the value of MaxSessionDuration for all roles, which isn't true for my use case, which is multiple roles, but only the dev account allows up to 12 hour sessions (other roles have the default 1 hour limit).

aws-google-auth solved this by allowing the user to specify a command line argument / environment variable to specify the duration.

Would you be open to a PR that would allow specifying an override value for sessionDuration?

Parsed SAML assertion {
  attributes: [
    {
      name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
      value: [Array]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/Role',
      value: [Array]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/SessionDuration',
      value: [Array]
    }
  ]
}
Found SessionDuration attribute 28800
Found Role ARN arn:aws:iam::[account]:role/[role]
Found Principal ARN arn:aws:iam::[account]:saml-provider/[provider]
The requested DurationSeconds exceeds the MaxSessionDuration set for this role.

Why do credentials default to ~/.aws/credentials ?

  --aws-shared-credentials-file  AWS shared credentials file
                                 [default: "/Users/ruimarinho/.aws/credentials"]

This argument enables us to specify a credentials path for gsts to use. I'm confused as to why it globbers the ~/.aws/credentials file rather than creating and using its own file.

gsts uses this file for the storing of temporary credentials, when they expire it renews them. However, when written to this specific file awscli will always prefer the files entry over the credential_process output.

As such, when credentials expire they are not auto renewed.

Flow with using the default ~/.aws/credentials:

Runs an AWS command
gsts gets executed
~/.aws/credentials is generated
Runs an AWS command
~/.aws/credentials is read and credentials from there are used
Credentials expire
Runs an AWS command
Command fails
Runs an AWS command
Command fails
....

Flow with using anything other than ~/.aws/credentials:

Runs an AWS command
gsts gets executed
gsts generates its own credentials file, and returns them to awscli via its --json output
Runs an AWS command
gsts reads its own credentials file and returns them to awscli via its --json output
Credentials expire
Run an AWS command
gsts reads its own credentials file, sees the credentials have expired, renews them, saves them, returns them to awscli via its --json output

I believe defaulting this argument to anything other than ~/.aws/credentials would result in a better user experience.

headless chrome spins forever

Several of our users have reported this issue and now it's happening for me as well. Maybe due to a brew update/upgrade? Not sure at what point it broke, since I only use it when credentials expire.

$ gsts --version
4.0.1

$ aws --version
aws-cli/2.7.2 Python/3.9.13 Darwin/21.4.0 source/x86_64 prompt/off

$ sw_vers
ProductName:	macOS
ProductVersion:	12.3.1
BuildVersion:	21E258

Any ideas on how to further troubleshoot this? When running gsts, the headless chrome window opens, but nothing ever happens. It also never times out. Opens two tabs too. As a workaround, we have added this flag to our refresh script --engine-executable-path '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome'.

If I open a new third tab in that headless chrome and copy/paste that URL, it'll load. Maybe an init issue?

$ gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=REDACTED --aws-role-arn=arn:aws:iam::REDACTED:role/REDACTED --force --verbose
ℹ Attempting to retrieve session expiration credentials
ℹ Credentials file does not exist at /Users/donovanhernandez/.aws/credentials
ℹ Allowing request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false"
ℹ Allowing request to "https://ssl.gstatic.com/accounts/ui/avatar_2x.png"
ℹ Allowing request to "https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_112x36dp.png"
ℹ Allowing request to "https://ssl.gstatic.com/accounts/ui/wlogostrip_230x17_1x.png"
ℹ Allowing request to "https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2"
ℹ Allowing request to "https://accounts.google.com/generate_204?XYTAOQ"
⚠ User is not authenticated, spawning headful instance
ℹ Allowing request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false"

Error: Cannot find module 'agent-base'

I'm trying to set up gsts on a new machine. I have the exact same aws config and gsts install (v4.0.1 from the AUR on Archlinux), but on the new machine I get the following error:

Error when retrieving credentials from custom-process: node:internal/modules/cjs/loader:942
  throw err;
  ^

Error: Cannot find module 'agent-base'
Require stack:
- /usr/lib/node_modules/gsts/node_modules/https-proxy-agent/dist/agent.js
- /usr/lib/node_modules/gsts/node_modules/https-proxy-agent/dist/index.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/lib/common/netUtils.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/lib/server/registry/index.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/lib/server/index.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/lib/inProcessFactory.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/lib/inprocess.js
- /usr/lib/node_modules/gsts/node_modules/playwright-core/index.js
- /usr/lib/node_modules/gsts/node_modules/playwright/index.js
- /usr/lib/node_modules/gsts/index.js
    at Module._resolveFilename (node:internal/modules/cjs/loader:939:15)
    at Module._load (node:internal/modules/cjs/loader:780:27)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/usr/lib/node_modules/gsts/node_modules/https-proxy-agent/dist/agent.js:20:22)
    at Module._compile (node:internal/modules/cjs/loader:1105:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Module._load (node:internal/modules/cjs/loader:827:12)
    at Module.require (node:internal/modules/cjs/loader:1005:19) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/usr/lib/node_modules/gsts/node_modules/https-proxy-agent/dist/agent.js',
    '/usr/lib/node_modules/gsts/node_modules/https-proxy-agent/dist/index.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/lib/common/netUtils.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/lib/server/registry/index.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/lib/server/index.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/lib/inProcessFactory.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/lib/inprocess.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright-core/index.js',
    '/usr/lib/node_modules/gsts/node_modules/playwright/index.js',
    '/usr/lib/node_modules/gsts/index.js'
  ]
}

Node.js v18.1.0

gsts aws page fails to load after successful login

This site can’t be reached

The web page at https://us-east-1.signin.aws.amazon.com/platform/saml/acs/842ef922-c9d6-44b7-9427-962a3ccc2ee6 might be temporarily down or it may have moved permanently to a new web address.
ERR_FAILED


evilroot in ~ λ gsts --version
3.0.6
evilroot in ~ λ node --version
v15.12.0
evilroot in ~ λ uname -a
Darwin Nabuhodonozor.local 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64 i386 MacBookPro11,5 Darwin

More than happy to provide more logs, I checked with every possible engine - same result - AWS page can't be loaded.

Mac Install (Brew?)

I'm keen to make more use of this tool in my team (users of aws-google-auth just now).
The install process however requires npm or yarn which isn't part of the majority of our setups.

Is there a possibility we could make use of something like brew to make installing this easier or would you still need the node env installing on the mac?

Remove profile prefix when saving the aws config

I see that the profile is saved as. [profile sts] instead of just [sts].

This causes the following error to be thrown during compilation -

Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the Java SDK, so you will need to include this prefix in your profile name when you reference this profile from your Java code.

If I remove the profile prefix manually, this error is gone. Is this something we can fix here or the issue should go someplace else?

aws issue link: aws/aws-sdk-java#1707

Thanks!

Autopopulating email causes conflicts

https://share.getcloudapp.com/YEu1Xe1N

FYI: Workaround for AWS Cli V2

Just an FYI in case others run into the same issue. I was running into an issue with the V2 AWS CLI, which I was able to resolve by unsetting LD_LIBRARY_PATH in credential_process.

Workaround

[profile default]
region = us-east-1
credential_process = bash -c "unset LD_LIBRARY_PATH; gsts --aws-role-arn arn:aws:iam::1234:role/Admin --sp-id 1234--idp-id       AB12--username [email protected] --aws-profile default --json"

Error

Error when retrieving credentials from custom-process: Error: Failed to launch the browser process!
/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/linux-722234/chrome-linux/chrome: /usr/local/aws-cli/v2/2.0.34/dist/libz.so.1: no version information available (required by /lib/x86_64-linux-gnu/libcups.so.2)
/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/linux-722234/chrome-linux/chrome: /usr/local/aws-cli/v2/2.0.34/dist/libz.so.1: no version information available (required by /lib/x86_64-linux-gnu/libgio-2.0.so.0)
/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/linux-722234/chrome-linux/chrome: /usr/local/aws-cli/v2/2.0.34/dist/libz.so.1: no version information available (required by /lib/x86_64-linux-gnu/libpng16.so.16)
/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/linux-722234/chrome-linux/chrome: /usr/local/aws-cli/v2/2.0.34/dist/libz.so.1: no version information available (required by /lib/x86_64-linux-gnu/libpng16.so.16)
/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/linux-722234/chrome-linux/chrome: symbol lookup error: /lib/x86_64-linux-gnu/libpng16.so.16: undefined symbol: inflateReset2, version ZLIB_1.2.3.4


TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md

    at onClose (/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:750:14)
    at Interface.<anonymous> (/home/nik/.nvm/versions/node/v14.4.0/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:739:50)
    at Interface.emit (events.js:327:22)
    at Interface.EventEmitter.emit (domain.js:485:12)
    at Interface.close (readline.js:424:8)
    at Socket.onend (readline.js:202:10)
    at Socket.emit (events.js:327:22)
    at Socket.EventEmitter.emit (domain.js:485:12)
    at endReadableNT (_stream_readable.js:1224:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)

Request to aws saml url fails due to disallowed requests to aws static resources

Hi there,

I recently upgraded to v4.0.0 and started hitting this error:

ℹ Initiating request to "https://signin.aws.amazon.com/saml"
ℹ Aborting request to "https://signin.aws.amazon.com/static/js/jquery.min.js"
ℹ Aborting request to "https://signin.aws.amazon.com/static/image/down.png"
ℹ Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has failed
ℹ Aborted due to client request
ℹ An error has ocurred while authenticating page.waitForSelector: Target closed
=========================== logs ===========================
waiting for selector "#saml_form" to be visible
============================================================
    at RouteHandler.handler (/usr/local/lib/node_modules/gsts/index.js:279:22) {
  name: 'Error'
}
✖ An unknown error has ocurred with message "page.waitForSelector: Target closed
=========================== logs ===========================
waiting for selector "#saml_form" to be visible
============================================================". Please try again with --verbose
route.abort: Target page, context or browser has been closed
    at RouteHandler.handler (/usr/local/lib/node_modules/gsts/index.js:306:15) {
  name: 'Error'
}

The authentication succeeds and the token is stored correctly, but the error occurs when trying to access the saml url to confirm that the tool succeeded.

It looks like the check to allow requests to certain urls on line 313 of index.js doesn't include a pattern to match static resources from AWS.

I've fixed it locally by modifying the if block on line 313 to include aws.amazon.com/static, i.e.:

    if (/google|gstatic|youtube|googleusercontent|googleapis|gvt1|aws.amazon.com\/static/.test(route.request().url())) {
      logger.debug(`Allowing request to "${route.request().url()}"`);
      route.continue();
      return;
    }

Thanks for developing this great tool!

Homebrew install is broken

Thanks for a great tool, used it on Ubuntu previously with no issues. Recently moved to Mac and tried to install via Homebrew and got the following error:

❯ brew tap ruimarinho/tap --verbose --debug
/opt/homebrew/Library/Homebrew/shims/shared/git --version
==> Tapping ruimarinho/tap
git clone https://github.com/ruimarinho/homebrew-tap /opt/homebrew/Library/Taps/ruimarinho/homebrew-tap --origin=origin --template=
Cloning into '/opt/homebrew/Library/Taps/ruimarinho/homebrew-tap'...
remote: Enumerating objects: 79, done.
remote: Counting objects: 100% (79/79), done.
remote: Compressing objects: 100% (60/60), done.
remote: Total 79 (delta 19), reused 54 (delta 12), pack-reused 0
Receiving objects: 100% (79/79), 11.16 KiB | 2.79 MiB/s, done.
Resolving deltas: 100% (19/19), done.
/opt/homebrew/Library/Homebrew/brew.rb (Formulary::FromPathLoader): loading /opt/homebrew/Library/Taps/ruimarinho/homebrew-tap/Formula/mota.rb
Warning: Calling bottle :unneeded is deprecated! There is no replacement.
Please report this issue to the ruimarinho/tap tap (not Homebrew/brew or Homebrew/core):
  /opt/homebrew/Library/Taps/ruimarinho/homebrew-tap/Formula/mota.rb:10

Error: Invalid formula: /opt/homebrew/Library/Taps/ruimarinho/homebrew-tap/Formula/mota.rb
formulae require at least a URL
/opt/homebrew/Library/Homebrew/brew.rb (Formulary::FromPathLoader): loading /opt/homebrew/Library/Taps/ruimarinho/homebrew-tap/Formula/gsts.rb
Error: Cannot tap ruimarinho/tap: invalid syntax in tap!
/opt/homebrew/Library/Homebrew/tap.rb:308:in `install'
/opt/homebrew/Library/Homebrew/cmd/tap.rb:67:in `tap'
/opt/homebrew/Library/Homebrew/brew.rb:110:in `<main>'

Homebrew version:

Homebrew 3.3.7
Homebrew/homebrew-core (git revision f37f5a1f6b0; last commit 2021-12-06)
Homebrew/homebrew-cask (git revision 0a72d97737; last commit 2021-12-07)

Security key not detected

For some reason, when chromium is executed by puppeteer, my security key's light never comes on, and tapping it has no effect. I had to use backup codes to log in with gsts.

This is on Ubuntu Linux, gsts version 2.1.0

ERR_CONNECTION_CLOSED

We have a user on macOS Monterey that is unable to initiate the headless chrome browser:

$ gsts --version
4.0.1

$ gsts --clean --idp-id=REDACTED --sp-id=REDACTED --verbose
ℹ Cleaning directory /Users/REDACTED/Library/Application Support/gsts
ℹ Attempting to retrieve session expiration credentials
ℹ Credentials file does not exist at /Users/REDACTED/.aws/credentials
ℹ Allowing request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false"
ℹ Request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false" has failed
ℹ An error ocurred while browsing to the initsso page page.goto: net::ERR_CONNECTION_CLOSED at https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false
=========================== logs ===========================
navigating to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false", waiting until "load"
============================================================
    at /usr/local/Cellar/gsts/4.0.1/libexec/lib/node_modules/gsts/index.js:349:32 {
  name: 'Error'
}

Let me know if any additional logs are needed, that URL loads fine in a regular browser.

Display account aliases for roles

Hi! Currently gsts is capable of displaying roles that can be assumed for all the accounts.
Do you think it'd be possible to also get accounts' aliases so that it'd be easier to operate?

This feature exists in AWS SAML UI (Production and Staging on the screenshot), it'd be awesome to get it available with gsts too!

ROLE_NOT_FOUND_ERROR

Attempting to retrieve session expiration credentials
Session has expired on 2020-04-02T14:23:16.000Z
Parsed SAML assertion { attributes:
   [ { name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
       value: [Array] },
     { name: 'https://aws.amazon.com/SAML/Attributes/Role',
       value: [Array] },
     { name: 'https://aws.amazon.com/SAML/Attributes/SessionDuration',
       value: [Array] } ] }
Found SessionDuration attribute 43200
Found Role ARN arn:aws:iam::[snip]:role/platform
Found Principal ARN arn:aws:iam::[snip]:saml-provider/google
(node:29547) UnhandledPromiseRejectionWarning: ReferenceError: ROLE_NOT_FOUND_ERROR is not defined
    at Page.page.on (/home/lizf/.config/yarn/global/node_modules/gsts/index.js:417:27)
    at process._tickCallback (internal/process/next_tick.js:68:7)
(node:29547) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:29547) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

This still happens when I run --clear and log in again. However, logging in via browser still succeeds at accessing AWS console.

Getting gsts: command not found

I successfully installed gsts using yarn but getting command not found when trying to use gsts.

existing entries in credentials file error

We are unable to refresh tokens automatically if the session is expired. I created a new profile, test123, copy/pasted it, and it worked just fine. The workaround is to run a rm -f ~/.aws/credentials every time this happens, but I don't believe we should have to do this. Is this a bug?

I've tried to automate this but couldn't get it to work:

credential_process = bash -c "rm -f ~/.aws/credentials; gsts --idp-id=REDACTED --sp-id=REDACTED --aws-role-arn=arn:aws:iam::REDACTED:role/REDACTED --json"

$ cat ~/.aws/config
[default]
output = json
region = us-east-1
source_profile = heydonovan

[profile heydonovan]
credential_process = gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=heydonovan --aws-role-arn=arn:aws:iam::REDACTED:role/REDACTED --json
output = json
region = us-east-1

[profile test123]
credential_process = gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=test123 --aws-role-arn=arn:aws:iam::REDACTED:role/REDACTED --json
output = json
region = us-east-1

$ aws sts get-caller-identity --profile heydonovan

An error occurred (ExpiredToken) when calling the GetCallerIdentity operation: The security token included in the request is expired

$ aws sts get-caller-identity --profile test123
{
    "UserId": "REDACTED:REDACTED",
    "Account": "REDACTED",
    "Arn": "arn:aws:sts::REDACED:assumed-role/REDACTED/REDACTED"
}

$ cat ~/.aws/credentials

[heydonovan]
aws_access_key_id=REDACTED
aws_role_arn=arn:aws:iam::REDACTED:role/REDACTED
aws_secret_access_key=REDACTED
aws_session_expiration=2022-03-02T05:58:20.000Z
aws_session_token="REDACTED"

[test123]
aws_access_key_id=REDACTED
aws_role_arn=arn:aws:iam::REDACTED:role/REDACTED
aws_secret_access_key=REDACTED
aws_session_expiration=2022-03-03T04:48:11.000Z
aws_session_token="REDACTED"

Homebrew installation errors: `Failed changing dylib ID` and `Failed to fix install linkage`

Summary

Yo! I just today attempted to install gsts via Homebrew and got some interesting errors:

treykasada@MacBook-Pro ~> brew tap ruimarinho/tap
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/core and homebrew/cask).
==> Updated Formulae
Updated 13 formulae.
==> Updated Casks
modern-csv

==> Tapping ruimarinho/tap
Cloning into '/usr/local/Homebrew/Library/Taps/ruimarinho/homebrew-tap'...
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 5 (delta 0), pack-reused 0
Unpacking objects: 100% (5/5), done.
Tapped 1 formula (30 files, 25.3KB).

treykasada@MacBook-Pro ~> brew install gsts
Updating Homebrew...
==> Installing gsts from ruimarinho/tap
==> Downloading https://github.com/ruimarinho/gsts/archive/v2.4.3.tar.gz
Already downloaded: /Users/treykasada/Library/Caches/Homebrew/downloads/c777c13000c7204d15ee9240640e6af1d279ad6abdbbd302a34b2c42e3cfb889--gsts-2.4.3.tar.gz
==> npm install -ddd --global --build-from-source --cache=/Users/treykasada/Library/Caches/Homebrew/npm_cache --prefix=/usr/local/Cellar/gsts/2.4.3/libexec /private/t
Error: Failed changing dylib ID of /usr/local/Cellar/gsts/2.4.3/libexec/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/mac-722234/chrome-mac/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/80.0.3987.0/Chromium Framework
  from @executable_path/../Frameworks/Chromium Framework.framework/Versions/80.0.3987.0/Chromium Framework
    to /usr/local/opt/gsts/libexec/lib/node_modules/gsts/node_modules/puppeteer/.local-chromium/mac-722234/chrome-mac/Chromium.app/Contents/Frameworks/Chromium Framework.framework/Versions/80.0.3987.0/Chromium Framework
Error: Failed to fix install linkage
The formula built, but you may encounter issues using it or linking other
formulae against it.
==> Summary
🍺  /usr/local/Cellar/gsts/2.4.3: 4,326 files, 327.6MB, built in 32 seconds

treykasada@MacBook-Pro ~ [1]> which gsts
/usr/local/bin/gsts

As you can see, the brew tap works fine, but the brew install seems to indicate problems during installation. Interestingly though, the gsts executable is present after the install, and the scripts I use it in all seem to work in spite of the errors.

Not sure if this is a bug or something cooked with my system, but figured I should raise it anyway. 🙂

Component versions

Homebrew version: 2.6.2
homebrew-core gitref: 7ae83 (last commit 2020-12-16)
homebrew-cask gitref: 81bd71 (last commit 2020-12-16)
macOS version: Big Sur 11.1
Shell: Fish 3.1.2

Tmux captures input for Headful Browser

When launching the headful browser from a tmux session, tmux captures keyboard input so you can't type into any fields in the browser window, makes it hard to enter a password. (I was able to successfully submit the password form when running the exact same command outside of tmux, so I figure that's to blame)

Not sure if there's anything to be tweaked within gsts to fix this or not.

Windows: An error has ocurred while authenticating [Error: EINVAL: invalid argument, mkdir 'C:\C:']

I tried on two Windows machines and found the same error. The error occurs after the Chromium window closes after a successful Google authentication.

C:\WINDOWS\system32>gsts --aws-role-arn arn:aws:iam::123456789:role/GoogleAppsSAML-Admin --sp-id 1234 --idp-id AB12 --username [email protected] --aws-profile default --json --verbose
i Attempting to retrieve session expiration credentials
‼ Found credentials for a different role ARN
‼ User is not authenticated, spawning headful instance
i Pre-filling email with [email protected]
i Parsed SAML assertion {
  attributes: [
    {
      name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
      value: [ '[email protected]', [length]: 1 ]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/Role',
      value: [
        'arn:aws:iam::123456789:role/GoogleAppsSAML-Admin,arn:aws:iam::123456789:saml-provider/GoogleApps',
        'arn:aws:iam::987654321:role/GoogleAppsSAML-Admin,arn:aws:iam::987654321:saml-provider/GoogleApps',
        [length]: 2
      ]
    },
    [length]: 2
  ]
}
i Parsed Role attribute with value [
  Role {
    name: 'GoogleAppsSAML-Admin',
    roleArn: 'arn:aws:iam::123456789:role/GoogleAppsSAML-Admin',
    principalArn: 'arn:aws:iam::123456789:saml-provider/GoogleApps',
    sessionDuration: undefined
  },
  Role {
    name: 'GoogleAppsSAML-Admin',
    roleArn: 'arn:aws:iam::987654321:role/GoogleAppsSAML-Admin',
    principalArn: 'arn:aws:iam::987654321:saml-provider/GoogleApps',
    sessionDuration: undefined
  },
  [length]: 2
]
i Found custom role ARN "arn:aws:iam::123456789:role/GoogleAppsSAML-Admin" with principal ARN "arn:aws:iam::123456789:saml-provider/GoogleApps"
i Role ARN "arn:aws:iam::123456789:role/GoogleAppsSAML-Admin" has been assumed {
  ResponseMetadata: { RequestId: 'REDACTED' },
  Credentials: {
    AccessKeyId: 'REDACTED',
    SecretAccessKey: 'REDACTED',
    SessionToken: 'REDACTED',
    Expiration: 2020-07-27T15:13:38.000Z
  },
  AssumedRoleUser: {
    AssumedRoleId: 'REDACTED:[email protected]',
    Arn: 'arn:aws:sts::123456789:assumed-role/GoogleAppsSAML-Admin/[email protected]'
  },
  Subject: '[email protected]',
  SubjectType: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
  Issuer: 'https://accounts.google.com/o/saml2?idpid=C02nef731',
  Audience: 'https://signin.aws.amazon.com/saml',
  NameQualifier: 'REDACTED'
}
i An error has ocurred while authenticating [Error: EINVAL: invalid argument, mkdir 'C:\C:'] {
  errno: -4071,
  code: 'EINVAL',
  syscall: 'mkdir',
  path: 'C:\\C:'
}
× An unknown error has ocurred with message "EINVAL: invalid argument, mkdir 'C:\C:'". Please try again with --verbose
i Request to "https://signin.aws.amazon.com/saml" has been aborted
i Browser closed outside running context, exiting
i Headful instance has exited with code 0

gsts v3 gets stuck after successful login

Hey @ruimarinho ! Glad to see gsts v3 released, but it seems it introduces a new issue with v3.

Basically, if I first login IAM role 1, then switch to i.e. login IAM role 2 (with the same AWS profile flag, if that matters), the second login does succeed but then, instead of gsts exiting, gsts will get stuck and not exit, which can be mitigated by a force exit if used interactively, but breaks other previously working tools that call gsts commands (as the call gets stuck and doesn't return).

Since v3 is very new and comes with some big changes, I'm not sure that I captured the problem pattern 100% correctly. Let me know if you need more info to reproduce. Thank you!

Error on node 8.11.4

When I run gsts on node 8.11.4 I get the follow error

% gsts
/Users/diego/.nvm/versions/node/v8.11.4/lib/node_modules/gsts/parser.js:11
const REGEX_PATTERN_ROLE = /(?<roleArn>arn:(aws|aws-us-gov|aws-cn):iam:[^:]*:[0-9]+:role\/(?<name>[^,]+))/i;
                           ^

SyntaxError: Invalid regular expression: /(?<roleArn>arn:(aws|aws-us-gov|aws-cn):iam:[^:]*:[0-9]+:role\/(?<name>[^,]+))/: Invalid group
    at Object.<anonymous> (/Users/diego/.nvm/versions/node/v8.11.4/lib/node_modules/gsts/parser.js:11:28)
    at Module._compile (module.js:652:30)
    at Object.Module._extensions..js (module.js:663:10)
    at Module.load (module.js:565:32)
    at tryModuleLoad (module.js:505:12)
    at Function.Module._load (module.js:497:3)
    at Module.require (module.js:596:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/Users/diego/.nvm/versions/node/v8.11.4/lib/node_modules/gsts/credentials-manager.js:7:16)
    at Module._compile (module.js:652:30)

nodejs prior to version 10 doesn't support named regex capture. I understand node 8 is pretty old and you may not be interested in keep the compatibility.

Caching SAML Assertion

Hi there,
I'm considering an option to let gsts write the SAML assertion to disk and use it if possible.
If a non expired assertion is found with matching sp-id and idp-id I suppose it could be used to assume any role without even launching puppeteer.

The use case I'm mainly interested in is to use the assertion with other tools (like aws sts assume-role-with-saml) for debugging and building scripts around gsts to select role ARNs in advance.

What do you think? This is not a feature request, I'm just considering if the project would be open for such contributions.

UnhandledPromiseRejectionWarning Error

Ran into this error:

(node:88139) UnhandledPromiseRejectionWarning: Error
    at Parser.parseSamlResponse (/usr/local/lib/node_modules/gsts/parser.js:36:13)
    at CredentialsManager.assumeRoleWithSAML (/usr/local/lib/node_modules/gsts/credentials-manager.js:30:89)
    at Page.<anonymous> (/usr/local/lib/node_modules/gsts/index.js:184:34)
    at Page.emit (events.js:315:20)
    at Page.EventEmitter.emit (domain.js:485:12)
    at NetworkManager.<anonymous> (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/Page.js:110:68)
    at NetworkManager.emit (events.js:315:20)
    at NetworkManager.EventEmitter.emit (domain.js:485:12)
    at NetworkManager._onRequest (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/NetworkManager.js:234:10)
    at NetworkManager._onRequestPaused (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/NetworkManager.js:210:12)
(node:88139) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)

(node:88139) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

At the same time, Chromium shows this page:

It's stuck in this status, even if I use Ctrl+C to kill the process, and run another gsts command with the --clean flag.

I'm using a newly installed v2.2.0

Please let me know if you need more information to troubleshoot. Thanks!

Potential upcoming breakage - Google blocking login automation?

I've just noticed: https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html

I added the following to gsts, as suggested for testing purposes:

  await page.setExtraHTTPHeaders({
    'Google-Accounts-Check-OAuth-Login': 'true'
  });

Seemed to cause things to fall over, but I may have made a mistake.

Not sure if this is an issue, but since I didn't see an existing one I thought I'd create it (even if it only needs to be closed).

Full exit on errors.RoleNotFoundError

When the following code fires:

if (e instanceof errors.RoleNotFoundError) {
  logger.error(`Role ARN "${argv.awsRoleArn}" not found in the list of available roles ${JSON.stringify(e.roles)}`);
  route.abort();
  return;
}

gsts does not return an error code to the O/S. It appears to hang on macOS and doesn't return to the command prompt.

gsts/index.js

Line 294 in bde055f

    
           logger.error(`Role ARN "${argv.awsRoleArn}" not found in the list of available roles ${JSON.stringify(e.roles)}`);

▶ gsts --version                                                                   
3.0.6

ENOENT when ~/.aws does not exist

We appear to be opening ~/.aws/credentials without first verifying that .aws exists (and creating it if it does not).

Invalid regular expression under ubuntu

When running gsts under ubuntu I get the following error:

/usr/local/lib/node_modules/gsts/parser.js:11
const REGEX_PATTERN_ROLE = /(?<roleArn>arn:(aws|aws-us-gov|aws-cn):iam:[^:]*:[0-9]+:role\/(?<name>[^,]+))/i;
                           ^

SyntaxError: Invalid regular expression: /(?<roleArn>arn:(aws|aws-us-gov|aws-cn):iam:[^:]*:[0-9]+:role\/(?<name>[^,]+))/: Invalid group

i am getting error related to browser not downloaded. The browser is installed and functional

Error: Browser is not downloaded. Run "npm install" or "yarn install"
at ChromeLauncher.launch (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/Launcher.js:236:15)
at module.exports.launch (/usr/local/lib/node_modules/gsts/node_modules/puppeteer/lib/Puppeteer.js:40:27)
at PuppeteerExtra.launch (/usr/local/lib/node_modules/gsts/node_modules/puppeteer-extra/dist/index.cjs.js:129:41)

[BUG] Unable to launch browser on OSX 12

Hello.

Playwright had an update a couple month ago to support OSX 12 here:
microsoft/playwright#7624

gsts needs to update its dependency in order for it to work from 12 onwards. Right now, gsts isn't working because it can't launch the browser.

GSTS fails to spawn headful instance if called directly

This is admittedly a very corner case, but with how gsts respawns itself into a headful instance here:

gsts/index.js

Line 420 in 3d7a1ef

const ui = childProcess.spawn('gsts', args, { stdio: 'inherit' });

It fails if gsts isn't on the PATH. It came up within the context of Volta, which manages global installs and calls the tools directly instead of leaving them on the PATH, but could also come up if a user has gsts installed locally in a project and calls ./node_modules/.bin/gsts, instead of having it globally installed.

Add --list-available-roles

Currently gsts interactively displays a list of roles to chose from when --aws-role-arn is not provided.

For automation, it would be very helpful to get this list in non-interactive way with a new --list-available-roles flag.

This flag could output the list of roles and let gsts exit.

Obeying --json would be a huge plus :)

	if (/google\|gstatic\|youtube\|googleusercontent\|googleapis\|gvt1/.test(route.request().url())) {
	logger.debug(`Allowing request to "${route.request().url()}"`);
	route.continue();
	return;
	}

ruimarinho / gsts Goto Github PK

gsts's People

Contributors

Stargazers

Watchers

Forkers

gsts's Issues

Workaround

Error

Summary

Component versions

Recommend Projects

Recommend Topics

Recommend Org