wnkz / aws-sso Goto Github PK

Mainly useful when using the JSON export / credential_process option, this would avoid making a new STS assume_role_with_saml call for every command.

Related:

• #5

With AWS SSO now supporting MFA, this would be nice to be included in this tool.

https://aws.amazon.com/about-aws/whats-new/2019/10/increase-aws-single-sign-on-security-with-multi-factor-authentication-using-authenticator-apps/

Getting this error on install on Mac Catalina.

Collecting keyring<20.0.0,>=19.0.0 (from awssso)
Could not find a version that satisfies the requirement keyring<20.0.0,>=19.0.0 (from awssso) (from versions: 0.1, 0.2, 0.3, 0.4, 0.5, 0.5.1, 0.6.2, 0.7, 0.7.1, 0.8, 0.8.1, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.1, 1.1.1, 1.1.2, 1.2.dev0, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.4, 1.5, 1.6, 1.6.1, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 2.1.1, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1, 3.2, 3.2.1, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, 4.0, 4.1, 4.1.1, 5.0, 5.1, 5.2, 5.2.1, 5.3, 5.4, 5.5, 5.5.1, 5.6, 5.7, 5.7.1, 6.0, 6.1, 6.1.1, 7.0, 7.0.1, 7.0.2, 7.1, 7.1.1, 7.1.2, 7.2, 7.3, 7.3.1, 8.0, 8.0.1, 8.1, 8.1.1, 8.2, 8.3, 8.4, 8.4.1, 8.5, 8.5.1, 8.6, 8.6.1, 8.7, 9.0, 9.1, 9.2, 9.2.1, 9.3, 9.3.1, 10.0, 10.0.1, 10.0.2, 10.1, 10.2, 10.3, 10.3.1, 10.3.2, 10.3.3, 10.4.0, 10.5.0, 10.5.1, 10.6.0, 11.0.0, 11.1.0, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0, 12.2.1, 13.0.0, 13.1.0, 13.2.0, 13.2.1, 15.0.0, 15.1.0, 15.2.0, 16.0.0, 16.0.1, 16.0.2, 16.1.0, 16.1.1, 17.0.0, 17.1.0, 17.1.1, 18.0.0, 18.0.1)
No matching distribution found for keyring<20.0.0,>=19.0.0 (from awssso)

Ran into a problem when configuring awssso:

$ awssso configure
[?] URL: https://########.awsapps.com/start/
[?] AWS CLI profile: profile_name
[?] Username: [email protected]
[?] Password: *****************
Traceback (most recent call last):
File "/usr/local/bin/awssso", line 10, in
sys.exit(main())
File "/usr/local/lib/python3.7/site-packages/awssso/cli.py", line 222, in main
func(args)
File "/usr/local/lib/python3.7/site-packages/awssso/cli.py", line 79, in configure
instances = sso.get_instances()
File "/usr/local/lib/python3.7/site-packages/awssso/ssoclient.py", line 18, in get_instances
return [i for i in r.json()['result'] if i['applicationName'] == 'AWS Account']
KeyError: 'result'

This is probably an edge case, so "close/wontfix" is totally cool :).

I often have separate Firefox container tabs open to multiple different AWS accounts. When using the awssso -c login option, I pipe the output to pbcopy and then paste it in a container tab. A bit hacky but it works. When awssso needs to refresh a token though, all the "Refreshing token" spinner output ends up in the clipboard with the console login URL.

I'm thinking this issue could be avoided by adding stream=sys.stderr to the Halo initialization... but I'm not sure if that's desirable in general or just useful to me.

Hey guys,

Thanks for supplying such a great tool but unfortunately the AWS UI has changed and the selenium script stopped working.

New UI looks different and takes email first and then password:

Regards TT

Related: #13

Hey there, I've been trying to run a test with this tool in our environment and when running the awssso configure command, we get consistent timeouts for the initial token fetch, when running in non-headless we can see that the page for us barely loads before the script throws a timeout exception. On average for us it takes around 9 seconds to load the page due to it being in an un-cached Chrome session.

Looking through the code, we found the timeout for selenium has been set to 5 seconds, and believe that this isn't enough for our purposes, in this situation, what I'd probably recommend is not to statically set the timeout, but default to 5 seconds for those with non-ghetto internet (ie: you don't live in Australia) if the variable isn't set by the user. This would have solved our issue fairly well.

Logs:

Traceback (most recent call last):
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/bin/awssso", line 8, in
exit(main())
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/cli.py", line 222,
(args)
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/cli.py", line 75, gure
ets, cfg.configdir, args.force_refresh, args.headless, args.spinner
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/cli.py", line 51, _or_refresh_token
n, expiry_date = __refresh_token(url, username, password, config_dir, headless, spinner)
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/cli.py", line 27, resh_token
rn driver.refresh_token(username, password)
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/ssodriver.py", lin refresh_token
.login(username, password)
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/ssodriver.py", linn login
sername = self._find_element_by_id('wdc_username')
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/awssso/ssodriver.py", lin _find_element_by_id
isibility_of_element_located((By.ID, element_id))
/Users/lw/.local/share/virtualenvs/aws-sso-rEpgPrYI/lib/python3.7/site-packages/selenium/webdriver/suppory", line 80, in until
e TimeoutException(message, screen, stacktrace)
.common.exceptions.TimeoutException: Message:

when i open my sso start page, enter my credentials there is no checkbox on the mfa code entering page.
since ssodriver.py always wants to find this element, it fails.
when i move that line to the "if trusted_device" branch, and default the trusted device to False, i can proceed.
disclaimer: I use the (standard?) aws sso mfa way where aws sends us emails with a code.