search

binbashar / le-docker-leverage-toolbox

Docker image for https://github.com/binbashar/leverage
3 stars 0 forks source link

Bug | Bad sso logout process #48

Closed juanmatias closed 1 year ago

juanmatias commented 1 year ago

Describe the Bug

When using SSO, running the leverage aws sso logout command leads to an inconsistent scenario in which the credentials are unusable.

When running a Terraform command in a layer the profile used by Terraform is created with credentials got from SSO profiles. In this process the credentials are stored in credentials file, and the expiration time is stored in config file.

When logging out the credentials file is deleted, also the sso profiles in config file are deleted, but the profile used by Terraform is left in config file.

When running a new Terraform command, Leverage finds the profile in the config file with a valid expiration date, but there are no credentials in credentials file, thus it fails.

Expected Behavior

The profile should be deleted in both credentials and config file so it can be created later when a new Terraform command is run.

Steps to Reproduce

Steps to reproduce the behavior:

  1. leverage aws configure sso
  2. leverage tf init
  3. leverage aws sso logout
  4. leverage aws configure sso
  5. leverage tf init
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│ 
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│ 
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│   For verbose messaging see aws.Config.CredentialsChainVerboseErrors
│ 
│ 
│ 
╵

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

Additional Context

https://github.com/binbashar/le-docker-leverage-toolbox/blob/83dcaececa06f6f3da85bc7af8fde78b83ff47c2/scripts/aws-sso/aws-sso-logout.sh#L45-L57

exequielrafaela commented 1 year ago