search

ruimarinho / gsts

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.
MIT License
212 stars 37 forks source link

Windows: An error has ocurred while authenticating [Error: EINVAL: invalid argument, mkdir 'C:\C:'] #32

Closed nikking closed 3 years ago

nikking commented 3 years ago

I tried on two Windows machines and found the same error. The error occurs after the Chromium window closes after a successful Google authentication.

C:\WINDOWS\system32>gsts --aws-role-arn arn:aws:iam::123456789:role/GoogleAppsSAML-Admin --sp-id 1234 --idp-id AB12 --username foo@bar.com --aws-profile default --json --verbose
i Attempting to retrieve session expiration credentials
‼ Found credentials for a different role ARN
‼ User is not authenticated, spawning headful instance
i Pre-filling email with foo@bar.com
i Parsed SAML assertion {
  attributes: [
    {
      name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
      value: [ 'foo@bar.com', [length]: 1 ]
    },
    {
      name: 'https://aws.amazon.com/SAML/Attributes/Role',
      value: [
        'arn:aws:iam::123456789:role/GoogleAppsSAML-Admin,arn:aws:iam::123456789:saml-provider/GoogleApps',
        'arn:aws:iam::987654321:role/GoogleAppsSAML-Admin,arn:aws:iam::987654321:saml-provider/GoogleApps',
        [length]: 2
      ]
    },
    [length]: 2
  ]
}
i Parsed Role attribute with value [
  Role {
    name: 'GoogleAppsSAML-Admin',
    roleArn: 'arn:aws:iam::123456789:role/GoogleAppsSAML-Admin',
    principalArn: 'arn:aws:iam::123456789:saml-provider/GoogleApps',
    sessionDuration: undefined
  },
  Role {
    name: 'GoogleAppsSAML-Admin',
    roleArn: 'arn:aws:iam::987654321:role/GoogleAppsSAML-Admin',
    principalArn: 'arn:aws:iam::987654321:saml-provider/GoogleApps',
    sessionDuration: undefined
  },
  [length]: 2
]
i Found custom role ARN "arn:aws:iam::123456789:role/GoogleAppsSAML-Admin" with principal ARN "arn:aws:iam::123456789:saml-provider/GoogleApps"
i Role ARN "arn:aws:iam::123456789:role/GoogleAppsSAML-Admin" has been assumed {
  ResponseMetadata: { RequestId: 'REDACTED' },
  Credentials: {
    AccessKeyId: 'REDACTED',
    SecretAccessKey: 'REDACTED',
    SessionToken: 'REDACTED',
    Expiration: 2020-07-27T15:13:38.000Z
  },
  AssumedRoleUser: {
    AssumedRoleId: 'REDACTED:foo@bar.com',
    Arn: 'arn:aws:sts::123456789:assumed-role/GoogleAppsSAML-Admin/foo@bar.com'
  },
  Subject: 'foo@bar.com',
  SubjectType: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
  Issuer: 'https://accounts.google.com/o/saml2?idpid=C02nef731',
  Audience: 'https://signin.aws.amazon.com/saml',
  NameQualifier: 'REDACTED'
}
i An error has ocurred while authenticating [Error: EINVAL: invalid argument, mkdir 'C:\C:'] {
  errno: -4071,
  code: 'EINVAL',
  syscall: 'mkdir',
  path: 'C:\\C:'
}
× An unknown error has ocurred with message "EINVAL: invalid argument, mkdir 'C:\C:'". Please try again with --verbose
i Request to "https://signin.aws.amazon.com/saml" has been aborted
i Browser closed outside running context, exiting
i Headful instance has exited with code 0
ruimarinho commented 3 years ago

@nikking I never tested this on Windows so there might be some rough edges to fix. Are you able to edit the credentials-manager.js file inside the installed package? If so, can you try adding a console.log here https://github.com/ruimarinho/gsts/blob/master/credentials-manager.js#L37 (logging dir) and https://github.com/ruimarinho/gsts/blob/master/credentials-manager.js#L182 (logging path and dirname(path)).

nikking commented 3 years ago

Thanks, I was able to get it working by replacing your mkdirP function with fs.promises.mkdir. So line 182 could be:

await ffs.promises.mkdir(dirname(path), { recursive: true });

Is this something you'd take a PR for?

ruimarinho commented 3 years ago

Actually I would appreciate if you could help me fix the current version so I can ship v2.4.2 with the existing ffs implementation (which was made to be node v8 compliant), and then revert it completely with the launch of v2.5.0 as I don't want to continue supporting it (https://github.com/ruimarinho/gsts/commit/362d1db0fb0029781d304b16aee95010aa7e2163).

My suspicion is that we cannot use join('/', …) but instead we need to use path.separator in order to make Windows-friendly. Could you give that a go?

ruimarinho commented 3 years ago

@nikking I have fixed the issue. Will be submitting a PR soon.

ruimarinho commented 3 years ago

Fixed in https://github.com/ruimarinho/gsts/commit/cd18055658ca053e45e8b4be67cd60f4f860e40a.