search

okta / okta-aws-cli

A CLI for having Okta as the IdP for AWS CLI operations
https://github.com/okta/okta-aws-cli
Other
128 stars 34 forks source link

No output when running against a Classic org, error expected #225

Closed wilsonjackson closed 2 months ago

wilsonjackson commented 3 months ago

Hello, I'm trying to prepare for the OIE upgrade for our org by following the procedure in this document to ensure I have things configured correctly. The document says I should receive an error like

"org.okta.com" is a Classic org, okta-aws-cli is an-OIE only tool

But I'm getting no output at all. I've tried running the tool with as much debugging output as possible and this is what I see: 

> okta-aws-cli web --org-domain XXXXXXXXXX.okta.com --oidc-client-id 0oa17XXXXXXXXXX --open-browser --debug --debug-api-calls

2024/07/23 16:15:34 [DEBUG]  API Request Details:
---[ REQUEST ]---------------------------------------
GET /.well-known/okta-organization HTTP/1.1
Host: XXXXXXXXXX.okta.com
Accept: application/json
User-Agent: okta-aws-cli/2.3.0 (go1.22.5; darwin; arm64)
X-Okta-Aws-Cli-Operation: web

-----------------------------------------------------
2024/07/23 16:15:34 [DEBUG]  API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Connection: close
Accept-Ch: Sec-CH-UA-Platform-Version
Cache-Control: no-cache, no-store
Content-Security-Policy: frame-ancestors 'self'
Content-Type: application/json
Date: Tue, 23 Jul 2024 23:15:34 GMT
Expires: 0
P3p: CP="HONK"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=315360000; includeSubDomains
X-Content-Type-Options: nosniff
X-Okta-Request-Id: 4637411da0dfb376e4097fd51bc1f714
X-Xss-Protection: 0

{
 "id": "00ohvXXXXXXXXXX",
 "cell": "ok7",
 "_links": {
  "organization": {
   "href": "https://XXXXXXXXXX.okta.com"
  }
 },
 "pipeline": "v1",
 "settings": {
  "analyticsCollectionEnabled": true,
  "bugReportingEnabled": true,
  "omEnabled": true,
  "pssoEnabled": false,
  "desktopMFAEnabled": false,
  "itpEnabled": false
 }
}
-----------------------------------------------------

And that's all I'm getting. No opened browser, not even a non-zero exit code. Any ideas what I'm doing wrong?

I did create a ~/.okta/okta.yaml which currently contains

awscli:
  idps: {}
  roles: {}

because I saw warnings, but I don't have any aliases I want to set up.

monde commented 2 months ago

Addressed in #231 and will be in next release this week.