Code Monkey home page Code Monkey logo

aws-sso-creds-helper's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

aelmadho sclarson andreswebs nikhilsatam andrewlubenets robvdhout rodp-ws mattcfox noqcks

aws-sso-creds-helper's Issues

Does not support [profile PROFILE_NAME] syntax, only [PROFILE_NAME]

Current Behavior

Does not support syntax [PROFILE_NAME], only [profile PROFILE_NAME]

If you use a profile setup with [PROFILE_NAME] syntax you get the following

/app/qb-serverless aws-shared_to_dev > ssocreds --profile PROFILE_NAME                                                                            1s root@smartin-qb-serverless-dev 17:50:09
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.10.11
[aws-sso-creds-helper]: Getting SSO credentials for profile PROFILE_NAME
[aws-sso-creds-helper]: Failed to load SSO credentials for PROFILE_NAME
[aws-sso-creds-helper]: No profile found for PROFILE_NAME
[aws-sso-creds-helper]: Run ssocreds with --debug flag for more details.
(node:2511) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)

Expected Behavior

To load the credentials for the valid profile

Steps to Reproduce the Problem

  1. Create a profile with [PROFILE_NAME] syntax which if you do not aws configure list-profiles might not show them.
  2. Run ssocreds --profile PROFILE_NAME

Environment

UnhandledPromiseRejectionWarning: Unhandled promise rejection when using AWS SSO

Hello, thanks for developing this tool, I was trying this out but I encountered the following issue after authenticating on my Chrome browser.

❯ ~ aws --version
aws-cli/2.0.57 Python/3.7.4 Darwin/19.6.0 exe/x86_64

❯ ~ ssocreds -p default
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.3.10
[aws-sso-creds-helper]: Getting SSO credentials for profile default
[aws-sso-creds-helper]: Failed to load SSO credentials for profile default
[aws-sso-creds-helper]: Cached SSO login is expired/invalid, try running `aws sso login` and try again
(node:16712) UnhandledPromiseRejectionWarning: ExpiredCredsError: Cached SSO login is expired/invalid, try running `aws sso login` and try again
    at Object.exports.getSsoCachedLogin (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:34:11)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:80:37
    at Generator.next (<anonymous>)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:8:71
    at new Promise (<anonymous>)
    at __awaiter (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:4:12)
    at Object.exports.run (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:77:59)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:88:27
    at Generator.next (<anonymous>)
    at fulfilled (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:5:58)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:16712) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:16712) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

I tried aws sso login but the issue persists. I never got this working, so any help is appreciated!

Unnecessarily fails if the ~/.aws/sso/cache folder doesn't exist

Current Behavior

When users of this app initially install the app, often their ~/.aws folder is nonexistent or empty. Of course the config file is required, but even when that is supplied, the app fails until they make an empty sso folder in it and then put a cache folder inside that sso folder.Neither folder needs to contain anything (except for /sso containing /cache), but that folder structure needs to exist for ssocreds to run successfully.

Expected Behavior

The desired behavior would be to do the following:

  • if this folder structure is detected to not exist when it as attempted to be read, create it
    • this is fine since the program works just fine when the folders are empty, so creating them as empty folders programmatically should be no problem

Steps to Reproduce the Problem

  1. Delete your ~/.aws/sso folder
  2. Attempt to run ssocreds
  3. Notice the error message that appears: ENOENT: no such file or directory, scandir 'C:\Users\john\.aws\sso\cache

Environment

  • Version: Many versions, including the most recent one: 1.10.1
  • Platform: Windows
  • Node.js Version: bug reported on 16 and 18

When I have time I'd be happy to make PR fixing this, but that won't be for a couple days, so I wanted to report this issue to remind myself.

Default profile not working when using [profile default]

Current Behavior

The default profile only works when using [default] and does not work when using [profile default] as the profile name in .aws\config

Expected Behavior

I would expect it to work when using [profile default]

Steps to Reproduce the Problem

  1. Use [profile default] as the profile name in .aws/config
  2. Run ssocreds or ssocreds -p default
  3. It will error with "No profile found for default"

Environment

  • Version: 1.8.9
  • Platform: Win
  • Node.js Version: 14.17.0

Cached SSO login is expired/invalid, try running `aws sso login` and try again error with latest version of AWS CLI 2.9.4

Current Behavior

With latest version of AWS CLI 2.9.4, running ssocreds -p default failed due to a change of structure in ~/.aws/config when a user specifies SSO session name (Recommended): during aws configure sso process

ssocreds -p <profile_name>                                                                                                
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.9.0
[aws-sso-creds-helper]: Getting SSO credentials for profile <profile_name>
[aws-sso-creds-helper]: Failed to load SSO credentials for <profile_name>
[aws-sso-creds-helper]: Cached SSO login is expired/invalid, try running `aws sso login` and try again
[aws-sso-creds-helper]: Run ssocreds with --debug flag for more details.

Expected Behavior

ssocreds -p <profile_name> 
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.9.0
[aws-sso-creds-helper]: Getting SSO credentials for profile <profile_name>
[aws-sso-creds-helper]: Successfully loaded SSO credentials for profile <profile_name>

Steps to Reproduce the Problem

  1. Install latest version of AWS CLI (2.9.4 was the latest at the time this writing)
  2. Run aws configure sso --profile <profile_name>
  3. Populate SSO session name (Recommended) when it asks
  4. Follow rest of configuration process
  5. Run ssocreds -p <profile_name>
  6. You'd get the error I mentioned above.

The current workaround is to leave SSO session name (Recommended) blank during configuration process to default to previous behaviour.

Environment

  • Version: 1.9.0
  • Platform: Mac
  • Node.js Version: v16.18.1

respect AWS_SHARED_CREDENTIALS_FILE var

Love the tool, minor feature request.

I use

export AWS_SHARED_CREDENTIALS_FILE=foobar

to segregate creds files for multiple environments.

Any chance you could add a feature to respect this var instead of only writing to the default aws location?

Optional flag to set AWS_PROFILE when run

Feature Request

Is your feature request related to a problem? Please describe.
No, just different functionality of the aws cli.

Describe the solution you'd like
setting the AWS_PROFILE environment variable locally in the shell when run to the account that is specified when the -p flag is used.

Describe alternatives you've considered
I often run ssocreds thinking that I will be ready to use whatever aws cli app or tool I am wanting to use, but sometimes it still fails because AWS_PROFILE is not set to the right account, despite having run ssocreds for the correct account. When I realize this is the case, I manually have to run export AWS_PROFILE=the account I want, or the equivalent for whatever shell I'm in.

I've considered forking this repo and adding that feature myself, but I'd rather not have to solely maintain my own fork...

Are you willing to resolve this issue by submitting a Pull Request?

  • Yes, I have the time, and I know how to start.
  • Yes, I have the time, but I don't know how to start. I would need guidance.
  • No, I don't have the time, although I believe I could do it if I had the time...
  • No, I don't have the time and I wouldn't even know how to start.
    Not sure exactly when I'll find the time but I can probably pull this together, especially because there is no rush.

Maybe I'm a fool for submitting this feature and maybe it shows that I completely misunderstand the AWS CLI and related topics. If so, I'm willing to accept that haha. I'm new to all of this, but in my specific use case, it seems like a feature like this would be useful. Any comments? If no one says anything I think I'd like to start working on this sometime soon. Working on CLI apps is fun.

using AWS SSO via Okta Idp

aws2 --profile AdministratorAccess-900359709859 sso login
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.ap-southeast-2.amazonaws.com/

Then enter the code:

XXXXX-XXXX
Successully logged into Start URL: https://d-3131231.awsapps.com/start
Vans-MacBook-Air:bin vhoanguyen$ ssocreds -p AdministratorAccess-03485092385
[aws-sso-creds-helper]: Getting SSO credentials for profile AdministratorAccess-03485092385
[aws-sso-creds-helper]: Failed to load SSO credentials for profile AdministratorAccess-03485092385
[aws-sso-creds-helper]: Cached SSO login is expired/invalid, try running aws sso login and try again

UnauthorizedException: Session token not found or invalid

ssocreds was working well for me for the past few months but today when I attempt to run it, I receive errors about session token not found or invalid.

I confirmed that the aws profile I am using has active credentials as I was able to perform AWS CLI commands. This error occurs for both existing AWS profiles and ones which I have newly added.

aws configure sso --profile prod
SSO start URL [https://redacted.awsapps.com/start#/]:
SSO Region [eu-west-2]:
There are 2 AWS accounts available to you.
Using the account ID redacted
The only role available to you is: Triage
Using the role name "Triage"
CLI default client Region [eu-west-2]:
CLI default output format [json]:

To use this profile, specify the profile name using --profile, as shown:

aws s3 ls --profile prod
2022-03-16 13:54:06 redacted-bucket-name

ssocreds --profile prod --debug
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.8.16
[aws-sso-creds-helper]: ===========
[aws-sso-creds-helper]: SYSTEM INFO
[aws-sso-creds-helper]: ===========
[aws-sso-creds-helper]: AWS CLI Version aws-cli/2.7.7 Python/3.9.13 Darwin/22.1.0 source/arm64 prompt/off
[aws-sso-creds-helper]: OS darwin 22.1.0
[aws-sso-creds-helper]: Node v16.18.0
[aws-sso-creds-helper]: ==============
[aws-sso-creds-helper]: PROFILE CONFIG
[aws-sso-creds-helper]: ==============
[aws-sso-creds-helper]:       Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                     prod           manual    --profile
access_key     ****************G2OR              sso    
secret_key     ****************phNg              sso    
    region                eu-west-2      config-file    ~/.aws/config

[aws-sso-creds-helper]: Getting SSO credentials for profile prod
[aws-sso-creds-helper]: Reading config from /Users/cole.siegel/.aws/config
[aws-sso-creds-helper]: Full profile name for lookup is profile prod
[aws-sso-creds-helper]: Profile data:, {
  "region": "eu-west-2",
  "output": "json",
  "sso_start_url": "https://redacted.awsapps.com/start",
  "sso_region": "eu-west-2",
  "sso_account_id": "redacted",
  "sso_role_name": "Triage"
}
[aws-sso-creds-helper]: Setting AWS.SharedIniFileCredentials to profile prod
[aws-sso-creds-helper]: Found 3 cache files in /Users/cole.siegel/.aws/sso/cache
[aws-sso-creds-helper]: Checking 0d92c2431dc84b346c32051db8c475a0cd0aa25a.json in /Users/cole.siegel/.aws/sso/cache/0d92c2431dc84b346c32051db8c475a0cd0aa25a.json
[aws-sso-creds-helper]: Reading /Users/cole.siegel/.aws/sso/cache/0d92c2431dc84b346c32051db8c475a0cd0aa25a.json
[aws-sso-creds-helper]: Configuration is a credential config
[aws-sso-creds-helper]: Credential is NOT expired
[aws-sso-creds-helper]: Credential start url https://redacted.awsapps.com/start/ matches profile sso start url https://redacted.awsapps.com/start
[aws-sso-creds-helper]: Initialized SSO service object with region eu-west-2
[aws-sso-creds-helper]: Failed to get role credentials
[aws-sso-creds-helper]: Error is NOT an ExpiredCredsError
[aws-sso-creds-helper]: Error is NOT an AwsSdkError
[aws-sso-creds-helper]: Failed to load SSO credentials for prod
[aws-sso-creds-helper]: Session token not found or invalid
[aws-sso-creds-helper]: UnauthorizedException: Session token not found or invalid
    at Object.extractError (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/protocol/json.js:52:27)
    at Request.extractError (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/protocol/rest_json.js:49:8)
    at Request.callListeners (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/request.js:686:14)
    at Request.transition (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/Users/cole.siegel/.config/yarn/global/node_modules/aws-sdk/lib/request.js:688:12)

To resolve the issue, I had to delete my ~/.aws/credentials entries as well as the contents of ~/.aws/sso/cache. After adding the profiles back, I am now able to run ssocreds successfully and use the SDK, although there is a message about invalid JSON.

➜ ~ ssocreds --profile dev
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.8.16
[aws-sso-creds-helper]: Getting SSO credentials for profile dev
[aws-sso-creds-helper]: Ignoring invalid json, SyntaxError: Unexpected token in JSON at position 0
[aws-sso-creds-helper]: Successfully loaded SSO credentials for profile dev
➜ ~ ssocreds --profile prod
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.8.16
[aws-sso-creds-helper]: Getting SSO credentials for profile prod
[aws-sso-creds-helper]: Ignoring invalid json, SyntaxError: Unexpected token in JSON at position 0
[aws-sso-creds-helper]: Successfully loaded SSO credentials for profile prod

Any suggestions as to what could have caused this, or how to properly resolve it? As far as I can see nothing changed recently in this library. Given the AWS profile / SSO process itself is working without issue, I am not sure why ssocreds suddenly fails to retrieve the token. Does the invalid JSON message indicate some other issue?

Environment

  • Version: 1.8.16
  • Platform: Mac
  • Node.js Version: v16.18.0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.