search

common-fate / granted

The easiest way to access your cloud.
https://granted.dev
MIT License
957 stars 90 forks source link

Granted deletes profiles when updating registries #568

Closed sosheskaz closed 7 months ago

sosheskaz commented 7 months ago

Often, granted will remove the configured profiles, and is unable to bootstrap them again until granted registry sync is manually run.

It seems like Granted is trying to refresh the registry, failing for some reason, but still continuing to write the config file.

This is scary, because it creates a situation where if source control is unavailable for some reason, it can render a user unable to access AWS via their normal channels. While workarounds are possible, it would be better if Granted did not destroy the AWS configuration.

My guess is that it is opening the ~/.aws/config file for writing before the operation has finished, leaving it in a state where it cannot recover the previous file. A preferable solution would be to create a temp file or directory, and then mv it into place of the aws config iff there is a diff and the registry sync step completed successfully.

sosheskaz commented 7 months ago

How to replicate:

  1. Disconnect your machine from the internet.
  2. granted registry sync
  3. cat ~/.aws/config
sosheskaz commented 7 months ago

Dupe of https://github.com/common-fate/granted/issues/386