FrankFioretti
commented
2 years ago I should also mention that I have deleted everything and recreated it, as well as uninstalling and reinstalling Leapp, with no change.
Open FrankFioretti opened 2 years ago
FrankFioretti
commented
2 years ago I should also mention that I have deleted everything and recreated it, as well as uninstalling and reinstalling Leapp, with no change.
RafPe
commented
2 years ago I was about to open the same exact issue. I can confirm that at this stage there is error when trying to use chained roles.
pusi77
commented
2 years ago On Linux (Fedora) with latest version (0.16.0) this bug is still present.
My logs:
2022-11-03 11:07:32.354] [info] [renderer] Starting Session
[2022-11-03 11:07:32.443] [error] [renderer] [ErrorService] TypeError: Cannot read properties of undefined (reading 'generateCredentialsProxy')
at file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:17819:64
at Generator.next (<anonymous>)
at asyncGeneratorStep (file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:95095:24)
at _next (file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:95117:9)
at file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:95124:7
at new ZoneAwarePromise (file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/polyfills.23a56c6b24ce7905.js:1452:21)
at file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:95113:12
at AwsIamRoleChainedService.generateCredentials (file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:17839:7)
at file:///tmp/.mount_Leapp-BL5xWx/resources/app.asar/dist/leapp-client/main.4fdcabdc2aba1eaa.js:18524:47
at Generator.next (<anonymous>)
andreacavagna01
commented
2 years ago The issue persists, and at the moment, it is not possible to do a double-chain session.
We will add later on information the availability of this feature later on. We are going to add this to the documentation until the feature is not available.
urz9999
commented
1 year ago We will add this information inside the IAM Role Chained section of the docs.
Thanks for pointing it out!
stefanjbergh
commented
1 year ago It looks like this bug still exists in 0.22.1 and the behavior is not yet mentioned in the docs. Looks like this has been open a while, is it on anyone's roadmap to address? I significantly prefer using Leapp over any alternatives but this bug is a killer for me.
powelli
commented
8 months ago Looks like this still exists in 0.25.3 - wasted some time trying to debug my configuration today before assuming it was a bug and coming to check online - would be really useful if this were mentioned in the docs or alerted as unsupported in the UI.
ericvilla
commented
8 months ago Hi @powelli, can you describe the session type you're using; this will help us to debug
Describe the bug When attempting to chain a second role (AWS SSO -> 1st role chain -> 2nd role chain) the above error message is encountered.
Leapp Version 0.12.0
To Reproduce Steps to reproduce the behavior:
Expected behavior Role chaining should continue to function to n number of roles as long as the preceding session has the rights.
Screenshots
Desktop (please complete the following information):
Additional context Essentially I am trying to reuse existing roles in the top level account of my Org. Right now, users sign in to the landing zone using a different IDP and assume the relevant roles in their sub accounts. In order to use AWS SSO/Leapp, I would have to allow AWS SSO to recreate roles instead of using the existing role hierarchy. To work around this, I have the AWS SSO role in the landing zone assume the existing top-level/LZ role, which can then assume the existing roles in all of the sub-accounts. When I attempt to do this in Leapp, however, I get an the above error.