search

aws / aws-cli

Universal Command Line Interface for Amazon Web Services
Other
15.32k stars 4.07k forks source link

awscli IAM list-users and list-access-keys doesn't parse max-items to request body #8800

Closed shirady closed 3 weeks ago

shirady commented 1 month ago

Describe the bug

Hello, I'm using a local endpoint and I noticed that when I use the actions IAM list-users and list-access-keys the argument max-items is passing to the CLI but it doesn't parse it in the request body.

Expected Behavior

I would expect to see the max-items in the request body params.

Current Behavior

I don't see the max-items in the request body (as mentioned I can see it passed as argument).

Reproduction Steps

1) iam list-users s3-nc-user-1-iam iam list-users --path-prefix /abc/ --max-items 7 --debug I added the --path-prefix flag to see a flag that passes (and a flag --max-items I think doesn't pass). (s3-nc-user-1-iam is an alias for AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:7005).

In the debug I see AWS CLI list the argument of max-items:

2024-07-07 08:43:35,751 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['--no-verify-ssl', '--endpoint-url', 'https://localhost:7005', 'iam', 'list-users', '--path-prefix', '/abc/', '--max-items', '7', '--debug']

In the debug I don't see the max params passing to the request's body (PathPrefix we can see):

2024-07-07 08:43:35,836 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListUsers) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'aws-cli/2.15.36 Python/3.11.9 Darwin/23.4.0 source/arm64 prompt/off command/iam.list-users'}, 'body': {'Action': 'ListUsers', 'Version': '2010-05-08', 'PathPrefix': '/abc/'}, 'url': 'https://localhost:7005/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x1083b49d0>, 'has_streaming_input': False, 'auth_type': None}}

2) iam list-access-keys: s3-nc-user-1-iam iam list-access-keys --max-items 1 --user-name shira-1001 --debug

In the debug I see AWS CLI list the argument of max-items:

2024-07-07 09:03:15,120 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['--no-verify-ssl', '--endpoint-url', 'https://localhost:7005', 'iam', 'list-access-keys', '--max-items', '1', '--user-name', 'shira-1001', '--debug']

In the debug I don't see the max params passing to the request's body (UserName we can see):

2024-07-07 09:03:15,228 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListAccessKeys) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'aws-cli/2.15.36 Python/3.11.9 Darwin/23.4.0 source/arm64 prompt/off command/iam.list-access-keys'}, 'body': {'Action': 'ListAccessKeys', 'Version': '2010-05-08', 'UserName': 'shira-1001'}, 'url': 'https://localhost:7005/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x106fa89d0>, 'has_streaming_input': False, 'auth_type': None}}

Possible Solution

You can parse the max-items and add it to the request body.

Additional Information/Context

CLI version: aws-cli/2.17.11 Python/3.11.9 Darwin/23.4.0 source/arm64

CLI version used

2.17.11

Environment details (OS name and version, etc.)

MacOS 14.4.1

tim-finnigan commented 1 month ago

Thanks for reaching out. Linking CLI pagination documentation for reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-pagination.html

The behavior you described is expected. The AWS CLI uses a paginate customization to provide consistent pagination across services. For example commands like sqs list-queues expects MaxResults in the API request, but --max-items will still be mapped to that via the CLI. You should see a line like this in your debug logs:

awscli.customizations.paginate - DEBUG - Modifying paging parameters for operation: ListUsers
shirady commented 1 month ago

@tim-finnigan thank you for the comment. I could see awscli.customizations.paginate - DEBUG - Modifying paging parameters for operation: ListUsers in the output. As I understand it, to see the value of this parameter I need to add the flag --no-paginate, correct?

tim-finnigan commented 1 month ago

Thanks for following up. This line shows modifying params because the server response is automatically paginated, but not on client side when --no-paginate specified. Can you give any more details on your use case, or if you have any suggestions regarding the documentation?

github-actions[bot] commented 3 weeks ago

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.