search

aws / git-remote-codecommit

An implementation of Git Remote Helper that makes it easier to interact with AWS CodeCommit
Apache License 2.0
271 stars 38 forks source link

Unable to use with Federated user access via aws-azure-login #28

Closed heyitsmepatg closed 3 years ago

heyitsmepatg commented 3 years ago

I am on Windows 10 environment with the following configuration:

python version: Python 3.7.4 (tags/v3.7.4:e09359112e, Jul 8 2019, 20:34:20) [MSC v.1916 64 bit (AMD64)] on win32 aws cli version: aws-cli/2.1.29 Python/3.8.8 Windows/10 exe/AMD64 prompt/off

Output from pip install git-remote-code-commit:

PS C:\Users\usa-pgorospe\code\test> pip install git-remote-codecommit       
Requirement already satisfied: git-remote-codecommit in c:\python37\lib\site-packages (1.15.1)
Requirement already satisfied: botocore>=1.17.0 in c:\python37\lib\site-packages (from git-remote-codecommit) (1.20.18)
Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in c:\python37\lib\site-packages (from botocore>=1.17.0->git-remote-codecommit) (0.9.4)
Requirement already satisfied: urllib3<1.27,>=1.25.4 in c:\python37\lib\site-packages (from botocore>=1.17.0->git-remote-codecommit) (1.25.6)
Requirement already satisfied: python-dateutil<3.0.0,>=2.1 in c:\python37\lib\site-packages (from botocore>=1.17.0->git-remote-codecommit) (2.8.0)
Requirement already satisfied: six>=1.5 in c:\python37\lib\site-packages (from python-dateutil<3.0.0,>=2.1->botocore>=1.17.0->git-remote-codecommit) (1.12.0)

When I attempt to clone or fetch or otherwise access the remote for my repo, I get the following error: The following profile does not have credentials configured: default. You must configure the access key and secret key for the profile. For more information, see Configure an AWS CLI Profile in the AWS CLI User Guide.

I gain access to my aws_access_key and aws_secret_key via aws-azure-login.

However, I have run aws configure many times, and have a profile configured with an access key, secret key, and session token for an assumed role (it has admin permissions to the environment, and I can read and write to my repo from the Management Console)

My .aws/config looks like this:

[default]
azure_tenant_id=[#]
azure_app_id_uri=[link]
azure_default_username=usa-[username]
azure_default_role_arn=arn:aws:iam::[account-id]:role/[role-id]
azure_default_duration_hours=12
azure_default_remember_me=false
region = us-east-1

My .aws/credentials look like this:

[default]
aws_access_key_id=[access_key]
aws_secret_access_key=[secret_key}
aws_session_token=[session_token]
aws_expiration=[timestamp]

Another thing to note is that the Powershell environment is based on a different user (elevated user) than the main Windows account user.

Don't know why I am getting this issue...any advice?

heyitsmepatg commented 3 years ago

Looks like the issue had to do with having a $AWS_PROFILE environment variable set. It was set to default. Removing the environment variable eliminated the git-remote-codecommit script error (underlying error being in botocore being unable to find the credentials for an AWS profile)