Closed madeddie closed 4 years ago
When testing this it seems that the MaxDuration is not always returned.
For one of my accounts I get the following error message.
An error occurred (ValidationError) when calling the AssumeRoleWithSAML operation: The requested DurationSeconds exceeds the MaxSessionDuration set for this role.
This causes
ERROR:root:'NoneType' object has no attribute 'group'
Traceback (most recent call last):
File "/Users/steve/development/cevo/aws-google-auth/aws_google_auth/__init__.py", line 78, in cli
process_auth(args, config)
File "/Users/steve/development/cevo/aws-google-auth/aws_google_auth/__init__.py", line 278, in process_auth
print("Credentials Expiration: " + format(amazon_client.expiration.astimezone(get_localzone())))
File "/Users/steve/development/cevo/aws-google-auth/aws_google_auth/amazon.py", line 64, in expiration
return self.token['Credentials']['Expiration']
File "/Users/steve/development/cevo/aws-google-auth/aws_google_auth/amazon.py", line 47, in token
self.config.duration)
File "/Users/steve/development/cevo/aws-google-auth/aws_google_auth/amazon.py", line 106, in assume_role
if m.group(1):
AttributeError: 'NoneType' object has no attribute 'group'
I'll add another m is not None
guard here to protect for these cases.
Aw meh, probably has to do with permissions. The AWS documentation about this is lacking. Sorry about the bug.
With the --auto-duration flag the application will try the maximum duration, and if that fails use the maximum duration given in the error message.
Also, the minimum duration allowed by AWS IAM is 900, not anything >0