search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
919 stars 262 forks source link

TypeError: string indices must be integers, not 'str' after MFA response #470

Closed ccarstens closed 2 months ago

ccarstens commented 2 months ago

Expected Behavior

An AWS session should be stored in ~/.aws/credentials

Current Behavior

I receive the following python error message

gimme-aws-creds --profile my-profile
Using inherited config: DEFAULT
Okta Classic login flow enabled
Using password from keyring for my@email.com
Multi-factor Authentication required.
Okta Verify App: SmartPhone_IPhone: iPhone selected
Okta Verify push sent...
Authentication Success! Calling Gimme-Creds Server...
Traceback (most recent call last):
  File "/opt/homebrew/bin/gimme-aws-creds", line 17, in <module>
    GimmeAWSCreds().run()
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 453, in run
    self._run()
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 876, in _run
    for data in self.iter_selected_aws_credentials():
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 845, in iter_selected_aws_credentials
    aws_results = executor.map(generate_credentials_prepare_data, self.aws_selected_roles)
                                                                  ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 727, in aws_selected_roles
    selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles)
                                                                    ^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 718, in aws_roles
    self.saml_data['SAMLResponse'],
    ^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 709, in saml_data
    self._cache['saml_data'] = saml_data = self.okta.get_saml_response(self.aws_app['links']['appLink'], self.auth_session)
                                                                       ^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 702, in aws_app
    self._cache['aws_app'] = aws_app = self._get_selected_app(self.conf_dict.get('aws_appname'), self.aws_results)
                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/gimme-aws-creds/2.8.2_2/libexec/lib/python3.12/site-packages/gimme_aws_creds/main.py", line 331, in _get_selected_app
    if app["name"] == aws_appname:
       ~~~^^^^^^^^

Possible Solution

Steps to Reproduce (for bugs)

  1. run gimme-aws-creds --profile your-profile
  2. respond to the 2FA push notification

Context

My .okta_aws_login_config was set up ~1.5 years ago and has always worked since.

Your Environment

I'm grateful if you can point me in any direction that leads to a solution! :)

ccarstens commented 2 months ago

I just realised there was an issue with my gimme_creds_server, it's updated and I'm able to login now.