search

aws / aws-tools-for-powershell

The AWS Tools for PowerShell lets developers and administrators manage their AWS services from the PowerShell scripting environment.
Apache License 2.0
235 stars 77 forks source link

Get-CAAuthorizationToken is throwing error #299

Closed ashishdhingra closed 1 year ago

ashishdhingra commented 1 year ago

Discussed in https://github.com/aws/aws-tools-for-powershell/discussions/296

Originally posted by **rjacquemin** October 6, 2022 ### Describe the bug using powershelltool for some CI scripts since a while Everything was working fine but suddenly `Get-CAAuthorizationToken` is showing error After some investigation look like a breaking change was introduce in version 4.1.165 Error message ``` Get-CAAuthorizationToken: Value cannot be null. (Parameter 'Options property cannot be empty: ClientName') ``` ### Expected Behavior Considering we are logged in with AWS SSO We should be able to get the Auth Token without pbm using aws powershel tool ``` aws sso login aws codeartifact login --tool dotnet --repository xxxx --domain xxxx --domain-owner xxxxx Install-Module -Name AWS.Tools.Installer -Force -MaximumVersion 1.0.2.4 Install-AWSToolsModule AWS.Tools.SSO -CleanUp -Force Install-AWSToolsModule AWS.Tools.SSOOIDC -CleanUp -Force Install-AWSToolsModule AWS.Tools.CodeArtifact -CleanUp -Force Import-Module -Name AWS.Tools.SSO, AWS.Tools.SSOOIDC Get-CAAuthorizationToken -Region us-east-1 -Domain "xxxxx" -DomainOwner "xxxxx" -Select "AuthorizationToken" ``` It was working before but stop working lately ### Current Behavior to facilitate the repro i used docker image ``` aws sso login aws codeartifact login --tool dotnet --repository xxxx --domain xxxx --domain-owner xxxxx docker run --rm -it -v C:\Users\xxxxxx/.aws:/root/.aws:ro mcr.microsoft.com/dotnet/core/sdk:3.1 pwsh ``` ``` Install-Module -Name AWS.Tools.Installer -Force -MaximumVersion 1.0.2.4 Install-AWSToolsModule AWS.Tools.SSO -CleanUp -Force Install-AWSToolsModule AWS.Tools.SSOOIDC -CleanUp -Force Install-AWSToolsModule AWS.Tools.CodeArtifact -CleanUp -Force Import-Module -Name AWS.Tools.SSO, AWS.Tools.SSOOIDC Get-CAAuthorizationToken -Region us-east-1 -Domain "xxxxx" -DomainOwner "xxxxx" -Select "AuthorizationToken" ``` Giving following error ``` Get-CAAuthorizationToken: Value cannot be null. (Parameter 'Options property cannot be empty: ClientName') ``` ### Reproduction Steps Checking with version 4.1.164 is success ``` Install-Module -Name AWS.Tools.Installer -Force -MaximumVersion 1.0.2.4 Install-AWSToolsModule AWS.Tools.SSO -CleanUp -Force -MaximumVersion 4.1.164 Install-AWSToolsModule AWS.Tools.SSOOIDC -CleanUp -Force -MaximumVersion 4.1.164 Install-AWSToolsModule AWS.Tools.CodeArtifact -CleanUp -Force -MaximumVersion 4.1.164 Import-Module -Name AWS.Tools.SSO, AWS.Tools.SSOOIDC Get-CAAuthorizationToken -Region us-east-1 -Domain "xxxxx" -DomainOwner "xxxxx" -Select "AuthorizationToken" ``` Checking with latest is Failed ``` Install-Module -Name AWS.Tools.Installer -Force -MaximumVersion 1.0.2.4 Install-AWSToolsModule AWS.Tools.SSO -CleanUp -Force Install-AWSToolsModule AWS.Tools.SSOOIDC -CleanUp -Force Install-AWSToolsModule AWS.Tools.CodeArtifact -CleanUp -Force Import-Module -Name AWS.Tools.SSO, AWS.Tools.SSOOIDC Get-CAAuthorizationToken -Region us-east-1 -Domain "xxxxx" -DomainOwner "xxxxx" -Select "AuthorizationToken" ``` ### Possible Solution _No response_ ### Additional Information/Context _No response_ ### AWS Tools for PowerShell version used AWS.Tools.Installer 1.0.2.4 AWS.Tools.SSO -CleanUp -Force -MaximumVersion 4.1.164 vs latest AWS.Tools.SSOOIDC -CleanUp -Force -MaximumVersion 4.1.164 vs latest AWS.Tools.CodeArtifact -CleanUp -Force -MaximumVersion 4.1.164 vs latest ### PowerShell version used Name Value ---- ----- PSVersion 7.0.12 PSEdition Core GitCommitId 7.0.12 OS Linux 5.10.102.1-microsoft-standard-WSL2 #1 SMP Wed Mar 2 00:30:59 UTC 2022 Platform Unix PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0 ### Operating System and version Windows 10
ashishdhingra commented 1 year ago

Please refer discussion https://github.com/aws/aws-tools-for-powershell/discussions/296 for more details. Looks like customer is doing SSO login from the host machine and then mounting the credentials folder in docker.

ashishdhingra commented 1 year ago

Similar issue in .NET SDK https://github.com/aws/aws-sdk-net/issues/2477.

CamileDahdah commented 1 year ago

Hello there, My team is working on fixing the bug. We realized that the issue occurs when the cached SSO token files in .aws directory are set to Read Only. The problem is when you pass this docker argument "-v C:\Users\xxxxxx/.aws:/root/.aws:ro", you are setting the .aws directory to read-only because you are using ":ro". For a workaround, you can remove ":ro" from the argument.

CamileDahdah commented 1 year ago

Closing ticket since a fix has been pushed.

Thank you.

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.