Open MatthiasPdx opened 4 years ago
Hi Justin, I'm not a new user. Before 1.5, I used 1.3...something and it didn't work then either. I have never gotten it to work nor anybody of my friends. Therefore, I don't think it's a regression.
Can you elaborate on how I can apply #888? Is this fix going to be part of a public version soon?
Thank you!
888? Is this fix going to be part of a public version soon?
Yes.
Hi @MatthiasPdx when the next toolkit is released, if your issue is not resolved, it should at least have more verbose logging that you will be able to share in the issue to better identify the issue.
To confirm, are the credentials contents you have shared in the original post located in ~/.aws/credentials
or ~/.aws/config
? If they aren't in ~/.aws/credentials
I recommend renaming the file to that first, and restarting VS Code to see if the toolkit has success in using the profiles.
@awschristou, yes I have my files
I'll be waiting for the next version of the toolkit to report back. Thank you!
The toolkit v1.6.0 is now released. It contains verbose logging when selecting credentials in the toolkit.
If you continue to get errors when trying to use credentials in the toolkit, set your AWS Toolkit logging to verbose, then try to select credentials in the toolkit. The generated logs should help to explain if the credentials were considered invalid.
I'll leave this ticket open a short while in case you have a chance to try it out and report back.
Thank you! I updated, reloaded VSC and connected with verbose logging. I'm still seeing the error. The logs show:
Error: unable to get local issuer certificate at TLSSocket.onConnectSecure (_tls_wrap.js:1317:34) at TLSSocket.emit (events.js:200:13) at TLSSocket.EventEmitter.emit (domain.js:471:20) at TLSSocket._finishInit (_tls_wrap.js:792:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:606:12)
Full log: aws_toolkit_20200207T155025.log
Do you have a suggestion as to what I should try? Again, aws cli is working from command-line form the same machine so connection can be established in general.
Thank you for looking into it.
@justinmk3, the user in #917 describes "After connecting to AWS, I try to expand...". For me the error shows earlier after clicking on 'Connect to AWS' and 'profile:default.
Error: unable to get local issuer certificate
From https://github.com/nodejs/node/issues/3742#issuecomment-155546646 ,
The error itself just means that a TLS certificate in the chain is signed by an unknown CA, presumably the cert your proxy uses.
@MatthiasPdx are you on a corporate managed computer or network?
HTTP_PROXY
or HTTPS_PROXY
environment variables?Related vscode doc: https://code.visualstudio.com/updates/v1_30#_network-proxy-support-for-extensions
VScode exposes some related settings:
http.proxy
http.proxyAuthorization
http.proxyStrictSSL
: you can set this to false (security risk), and see if that fixes the issue. But a better solution is to fix your certificate chain.http.proxySupport
http.systemCertificates
What are the values of those settings in your vscode?
Tracking issue: https://github.com/aws/aws-toolkit-vscode/issues/185
I am running into the same issue. Anyone tried squid locally to handle a custom CA bundle?
@lmayorga1980 are you able to answer the questions above: https://github.com/aws/aws-toolkit-vscode/issues/899#issuecomment-589500847
Is there any update on this by chance?
I'm seeing still the similar issue:
2020-06-01 11:20:58 [ERROR]: Error trying to connect to AWS with Credentials Provider profile:default. Toolkit will now disconnect from AWS. [Error: ENOENT: no such file or directory, open '/~/.aws/credentials'
at Object.openSync (fs.js:447:3)
at Object.func (electron/js2c/asar.js:140:31)
at Object.func [as openSync] (electron/js2c/asar.js:140:31)
at Object.readFileSync (fs.js:349:35)
at Object.fs.readFileSync (electron/js2c/asar.js:542:40)
at Object.fs.readFileSync (electron/js2c/asar.js:542:40)
at Object.readFileSync (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:106298)
at constructor.o [as parseFile] (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:972231)
at constructor.loadFrom (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:972660)
at Object.getProfilesFromSharedConfig (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:119539)
at constructor.load (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:2018768)
at constructor.coalesceRefresh (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:968205)
at constructor.refresh (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:2019720)
at constructor.get (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:968031)
at e (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:969255)
at constructor.resolve (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:969299)
at /Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:117753
at new Promise (<anonymous>)
at constructor.resolvePromise (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:117690)
at f.<anonymous> (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:686763)
at Generator.next (<anonymous>)
at /Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:685304
at new Promise (<anonymous>)
at n (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:685049)
at f.getCredentials (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:686458)
at t.CredentialsStore.<anonymous> (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:6301739)
at Generator.next (<anonymous>)
at o (/Users/mike.russell/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.10.0/dist/extension.js:2:6301158)] {
errno: -2,
syscall: 'open',
code: 'ENOENT',
path: '/~/.aws/credentials'
}
are you able to answer the questions above: #899 (comment)
@irishgordo
For what it's worth, I've just had the same error as the OP
$ code --version
1.51.1
e5a624b788d92b8d34d1392e4c4d9789406efe8f
x64
$ aws --version
aws-cli/1.18.180 Python/3.6.9 Linux/5.4.0-53-generic botocore/1.19.20
AWS Toolkit 1.15.0
What solved the problem for me was to change the profile entries in ~/.aws/config from
[profileX]
to
[profile profileX]
@eugenevd that's pretty clever!
The workstation that I was using where I had seen that previous error I no longer have in my possession. So on my end, I'm not able to provide any updates on this, apologies. Perhaps this is a non-issue / this issue can be closed?
Go to Visual Studio -> Settings icon -> Settings -> search for Proxy -> Remove http proxy if any -> uncheck Http: Proxy Strict SSL -> restart Visual studio code
This solved my problem.
If at all you are not able to do it. Try removing proxy from settings.. Go out of VPN and then try it again.
Or else check if u are setting any http proxy in your environmental variables. Remove it and try
hi
@MatthiasPdx did you find any way to have aws-toolkit-vscode accept and use a custom CA ? (sorry for digging, but it seems the problem remains 2 years later...)
I have the exact same problem : Do you know if it's configured to use a proxy? YES Or a custom CA or root certificate? YES Are you setting HTTP_PROXY or HTTPS_PROXY environment variables? YES
2022-01-11 15:33:41 [ERROR]: Error getting AccountId: [Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket.EventEmitter.emit (domain.js:467:12)
at TLSSocket._finishInit (_tls_wrap.js:932:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)] {
code: 'NetworkingError',
region: 'eu-west-1',
hostname: 'sts.eu-west-1.amazonaws.com',
retryable: true,
time: 2022-01-11T14:33:41.436Z
}
did you find any way to have aws-toolkit-vscode accept and use a custom CA ?
2022-01-11 15:33:41 [ERROR]: Error getting AccountId: [Error: unable to get local issuer certificate
@alxrdn That means vscode/nodejs/electron can't find the configured certificates on the system. On Windows, this vscode extension may help (not associated with AWS): https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca
Describe the bug
Error suggesting invalid profile on machine with existing credentials file in use with aws cli
To Reproduce
After installing and ctrl+shift+p -> connect to AWS on a machine that already has a credentials file in the home directory, the user is given a list of profiles in the credentials file. Selecting either of my profiles returns an error "Credentials profile is invalid"
Expected behavior
AWS connects to that profile.
Screenshots
Desktop (please complete the following information):
Additional context
I read through https://github.com/aws/aws-toolkit-vscode/issues/705 which shows the same symptoms but following the recommended steps of reinstalling the latest VSCode, restarting it and having lower case credential key names didn't work for me.
Here is the content of my credential file with altered keys:
Please let me know if you have any suggestions.
Thank you!