Running aws-azure-login on docker container in WSL 2

[mchassy]

• Windows build, Docker version, etc ...

Windows version and build Version 2004 (OS Build 19035.1) Docker Edge version 2.1.6.1 Ubuntu 18.04 on WSL 2

• What you're doing and what's happening:

I am setting up a model for a dev laptop for my company. One part of that is being able to use single sign on to access our aws accounts. There is a node.js utility called aws-azure-login which allows you to do this from the terminal. Installing the tool into a given system is pretty hairy because of all of the dependencies and I struggled a few days trying to make this work in WSL 1. Finally, I found a containerised version which worked immediately. But when I switched to WSL 2, it stopped working.

Method of accessing docker from the WSL

export DOCKERPATH="/mnt/c/Program\ Files/Docker/Docker/resources/bin"
alias docker="$DOCKERPATH/docker.exe"

Method of invoking aws-azure-login config

docker run --rm -it -v ~/.aws:/root/.aws sportradar/aws-azure-login --configure

This works fine.

Method of invoking aws-azure-login

docker run --rm -it -v ~/.aws:/root/.aws sportradar/aws-azure-login

• What's wrong / what should be happening instead:

What should happen: the SSO should succeed.

❯ docker run --rm -it -v ~/.aws:/root/.aws sportradar/aws-azure-login
Logging in with profile 'default'...
Using AWS SAML endpoint https://signin.aws.amazon.com/saml
? Username: mark.chassy@virtualclarity.com
? Password: [hidden]
We've sent a notification to your mobile device. Please open the Microsoft Authenticator app to respond.
Unable to recognize page state! A screenshot has been dumped to aws-azure-login-unrecognized-state.png. If this problem persists, try runn
ing with --mode=gui or --mode=debug

Attempt with --mode=gui

❯ docker run --rm -it -v ~/.aws:/root/.aws sportradar/aws-azure-login --mode=gui
Logging in with profile 'default'...
Using AWS SAML endpoint https://signin.aws.amazon.com/saml
Error: Failed to launch chrome!

(chrome:15): Gtk-WARNING **: cannot open display:

TROUBLESHOOTING: https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md

    at onClose (/aws-azure-login/node_modules/puppeteer/lib/Launcher.js:348:14)
    at ChildProcess.helper.addEventListener (/aws-azure-login/node_modules/puppeteer/lib/Launcher.js:338:60)
    at emitTwo (events.js:131:20)
    at ChildProcess.emit (events.js:214:7)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:198:12)

Attempt with --mode=debug

Logging in with profile 'default'...
Using AWS SAML endpoint https://signin.aws.amazon.com/saml
Error: Failed to launch chrome!

(chrome:15): Gtk-WARNING **: cannot open display:

TROUBLESHOOTING: https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md

    at onClose (/aws-azure-login/node_modules/puppeteer/lib/Launcher.js:348:14)
    at ChildProcess.helper.addEventListener (/aws-azure-login/node_modules/puppeteer/lib/Launcher.js:338:60)
    at emitTwo (events.js:131:20)
    at ChildProcess.emit (events.js:214:7)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:198:12)

• Strace

https://gist.github.com/mchassy/865a65f2b00959394b6f3b44f1606673.js

[sirredbeard]

Error: Failed to launch chrome!

This seems to be your problem. It is trying to open a web browser for you to enter your credentials on on the Linux side. But you don't have a browser or X server set up in WSL.

There are a few things you can do here, in order from easiest to hardest:

1. Find another way to authenticate against AWS. A token you download perhaps.
2. You could install wslutilities and run wslview --register which will create a fake browser entry in WSL which will point to your default Windows browser and might work https://github.com/wslutilities/wslu
3. You could install a browser on WSL, an X server on Windows, link them together, and actually launch Chrome and authenticate completely on the Linux side, this side will be complicated to set up

[mchassy]

I spent a couple weeks trying to set up WSL to do everything I needed. I had to install aws-azure-login on the Windows part of the machine, but not as a container. Not really a satisfactory solution. Even getting docker to integrate nicely meant using edge versions of both Docker and WSL. I'm sure that in 12 months, this will all work much better. But in the meantime, I have switched to a Linux native laptop, and I am much happier that way.