search

aws / aws-toolkit-jetbrains

AWS Toolkit for JetBrains - a plugin for interacting with AWS from JetBrains IDEs
https://plugins.jetbrains.com/plugin/11349-aws-toolkit
Apache License 2.0
744 stars 213 forks source link

AWS toolkit for intellij uses sso credtials successfully for explorer, but not for the debugger #4781

Closed natemarks closed 4 days ago

natemarks commented 1 month ago

In the AWS toolkit UI, I select one of my SSO credentials and confirm that it's working by opening some resources in the explorer. Then I go to one of my tests, configure it to use either the currently selected credential and run the test.

I get this error:

E botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the ListResourceRecordSets operation: The security token included in the request is invalid.

When run pytest from the shell with the same credentials, it succeeds.

Ubuntu 20.04

Your Environment

IntelliJ IDEA 2024.1.4 (Ultimate Edition) Build #IU-241.18034.62, built on June 20, 2024 Licensed to Imprivata, Inc / Nathan Marks You have a perpetual fallback license for this version. Subscription is active until April 20, 2025. Runtime version: 17.0.11+1-b1207.24 amd64 VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o. Linux 5.15.0-117-generic GC: G1 Young Generation, G1 Old Generation Memory: 16192M Cores: 16 Non-Bundled Plugins: org.intellij.plugins.hcl (241.17890.8) aws.toolkit.core (3.22-241) com.jetbrains.space (241.18034.4) com.andrewbrookins.wrap_to_column (1.8.0) org.jetbrains.plugins.go-template (241.14494.150) name.kropp.intellij.makefile (241.14494.150) org.jetbrains.plugins.go (241.17011.2) Pythonid (241.18034.62) com.tang (1.4.14-IDEA242) com.intellij.mermaid (0.0.22+IJ.232) com.intellij.ml.llm (241.18034.12) com.github.copilot (1.5.17.6356) aws.toolkit (3.22-241) Kotlin: 241.18034.62-IJ Current Desktop: ubuntu:GNOME

AWS toolkit 3.22-241

Python 3.10

natemarks commented 1 week ago

I can reproduce the problem with this project.

https://github.com/natemarks/exp-awstoolkit-troubleshoot

The test requires AWS credentials. it works with static IAM credentials, but not with SSO credentials even though the explorer works with the SSO cfredentials

natemarks commented 1 week ago

I also discovered that it fails when i select local static credentials using the toolkit, but that works fine when I put that profile into the AWS_PROFILE environment variable. It seems pretty clear the toolkit can't work for the debugger?

rli commented 5 days ago

The issue is due to the Python plugin failing to copy our run state mutations when the run configuration uses "Autodect" (the default behavior when running from the gutter icons / context menus)

As a workaround, you can manually create a run configuration specifying "pytest" in the configuration dialog https://github.com/aws/aws-toolkit-jetbrains/issues/3155#issuecomment-1125686881

bryceitoc9 commented 4 days ago

Closing as duplicate