ruimarinho / gsts

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.
MIT License
222 stars 38 forks source link

gsts v3 gets stuck after successful login #41

Closed limewxr closed 3 years ago

limewxr commented 3 years ago

Hey @ruimarinho ! Glad to see gsts v3 released, but it seems it introduces a new issue with v3.

Basically, if I first login IAM role 1, then switch to i.e. login IAM role 2 (with the same AWS profile flag, if that matters), the second login does succeed but then, instead of gsts exiting, gsts will get stuck and not exit, which can be mitigated by a force exit if used interactively, but breaks other previously working tools that call gsts commands (as the call gets stuck and doesn't return).

Since v3 is very new and comes with some big changes, I'm not sure that I captured the problem pattern 100% correctly. Let me know if you need more info to reproduce. Thank you!

limewxr commented 3 years ago

A separate note: although I installed v3 using homebrew, when running gsts command for the first time it throws an error, and asks me to install playwright using the command npm install playwright, which works.

The error was: browserType.launchPersistentContext: Failed to launch chromium because executable doesn't exist at XXXXXXXXXX Try re-installing playwright with "npm install playwright"

ruimarinho commented 3 years ago

Hi @limewxr! Thanks for the feedback, always helpful :)

I just tried brew upgrade ruimarinho/tap/gsts and it installed playwright successfully here, so I am bit unsure on where the root cause may be... if you could try re-installing it by issuing brew reinstall gsts that would be great.

In terms of your IAM role switch, are you using --aws-role-arn? Does DEBUG=* gsts --verbose --force yield anything relevant?

limewxr commented 3 years ago

Thanks @ruimarinho ! I just tried to use homebrew to uninstall and then install gsts again, then tried those gsts commands that have been working for months (with --verbose, with and without DEBUG=*), here are some outputs that might be useful:

==============

with --verbose, and without DEBUG=* I can see

ℹ Login successful and credentials stored in "/Users/XXXXXXX/.aws/credentials" under AWS profile "default" with role ARN "arn:aws:iam::XXXXXXXXXX:role/XXXXXXXXX"
ℹ Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has been aborted
ℹ Request to "https://signin.aws.amazon.com/static/image/down.png" has been aborted

and gsts apparently gets stuck at this point.

==============

with --verbose, and with DEBUG=* There are too many lines of outputs that I can not copy paste here, but the last few lines are

  pw:api   "networkidle" event fired +497ms
  pw:channel:event {
  pw:channel:event   guid: 'Frame@18f08b97adf1fcc35ecfc8e8fd86cdcf',
  pw:channel:event   method: 'loadstate',
  pw:channel:event   params: { add: 'networkidle' }
  pw:channel:event } +496ms
  pw:protocol ◀ RECV {"method":"Page.lifecycleEvent","params":{"frameId":"C8083FF4002F5B6FFFCE4BAECB25B0B2","loaderId":"7C709318AA7B451CC9E3BECF9027F3AE","name":"networkAlmostIdle","timestamp":3674702.370572},"sessionId":"CB9D3D7D7FD886105870C04FF4B4285A"} +728ms
  pw:protocol ◀ RECV {"method":"Page.lifecycleEvent","params":{"frameId":"C8083FF4002F5B6FFFCE4BAECB25B0B2","loaderId":"7C709318AA7B451CC9E3BECF9027F3AE","name":"firstMeaningfulPaint","timestamp":3674702.384591},"sessionId":"CB9D3D7D7FD886105870C04FF4B4285A"} +0ms
  pw:protocol ◀ RECV {"method":"Page.lifecycleEvent","params":{"frameId":"C8083FF4002F5B6FFFCE4BAECB25B0B2","loaderId":"7C709318AA7B451CC9E3BECF9027F3AE","name":"networkIdle","timestamp":3674702.371182},"sessionId":"CB9D3D7D7FD886105870C04FF4B4285A"} +0ms

and gsts apparently gets stuck at this point.

ruimarinho commented 3 years ago

@limewxr thank you! The requests to "https://signin.aws.amazon.com/static/js/jquery.min.js" are unexpected past that point. I wonder what could be causing those.

I've added additional logging to v3.0.1. Could you give it a try please with --verbose?

ruimarinho commented 3 years ago

Make that v3.0.2 with an updated playwright version to see if it helps with the installation issue too!

limewxr commented 3 years ago

Thank you a lot @ruimarinho ! I have uninstalled and then installed gsts v3.0.2 using homebrew, then I tried to login with --clean --force --verbose, and I even deleted the ~/.aws folder before the test, but the problem (i.e. get stuck after successful login) still exists. The verbose outputs look mostly fine, no error during the process except at the very end as shown below:

ℹ Login successful and credentials stored in "/Users/XXXXXXXX/.aws/credentials" under AWS profile "default" with role ARN "arn:aws:iam::XXXXXXXX:role/XXXXXXXX"
ℹ Initiating request to "https://signin.aws.amazon.com/saml"
ℹ Aborting request to "https://signin.aws.amazon.com/static/js/jquery.min.js"
ℹ Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has failed
ℹ Aborting request to "https://signin.aws.amazon.com/static/image/down.png"
ℹ Request to "https://signin.aws.amazon.com/static/image/down.png" has failed

Note that gsts gets stuck at this point, and the Chromium window shows a broken AWS login page letting me choose account and role, but it's broken - both visually and functionally - and even if I choose a role on the webpage it doesn't proceed. At this point, I'll have to manually quit Chromium - note that it's not enough to only close the tabs/pages, have to quit entirely - and gsts will immediately happily proceed.

ℹ Headful instance has exited with code 0

Please let me know how I can help more with the debugging. Thank you and keep up the awesome work!

limewxr commented 3 years ago

More notes: (1) in my original post I said that the problem happens when I switch roles, but now it looks like I can actually reproduce it with only one login, no need for two logins in a row. (2) One of my colleagues reported the same/similar problem with gsts v3.0.3 today. Thanks!

limewxr commented 3 years ago

By the way, the playwright error I mentioned above seems gone. Yeah!

(Not sure if it was a reproducible problem that your dependency version upgrade fixed, or it was more of a one-time weirdness on my computer.)

Thank you!

tushar-nallan commented 3 years ago

I çan add that I see both the issues - playright having to be installed separately AND UI getting stuck after successful login

jamessoubry commented 3 years ago

Im getting exactly the same issue. Credentials are stored and i can ctl-c out but i cant use credential_process as it just hangs the command macos 11.2.1 gsts 3.0.2 playwright 1.9.0 chromium 90.0.4426.0

ruimarinho commented 3 years ago

I’m still trying to replicate the issue. @jamessoubry could you give 3.0.3 a try by installing directly via npm or yarn? It has additional logging which may help me pinpoint the problem.

ruimarinho commented 3 years ago

I think I’ll give this a try on a clean OS install and see what happens there.

thebogusman commented 3 years ago

Hey, I'm having the same issue on Windows. I can confirm all the observations made so far by @limewxr

thebogusman commented 3 years ago

Also switching the engine to firefox does not help.

ruimarinho commented 3 years ago

Could you give gsts@3.0.4 a try? You can re-install via brew if you want as I've also added a workaround for the playwright browser download problem.

thebogusman commented 3 years ago

Not sure if 3.0.4 was supposed to fix the gsts getting stuck, but the issue is still there.

Here's the output: i Login successful and credentials stored in "C:\Users\XXX\.aws\credentials" under AWS profile "default" with role ARN "arn:aws:iam::XXXXX:role/XXXXXX" i Initiating request to "https://signin.aws.amazon.com/saml" i Aborting request to "https://signin.aws.amazon.com/static/js/jquery.min.js" i Aborting request to "https://signin.aws.amazon.com/static/image/down.png" i Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has failed i Request to "https://signin.aws.amazon.com/static/image/down.png" has failed

Maybe it's worth mentioning I've got 13 different roles to pick in the dialog.

limewxr commented 3 years ago

Thanks @ruimarinho for the update! I just tried gsts v3.0.4 installed via Homebrew on macOS. The problem of getting stuck still exists. The outputs are similar to what @thebogusman shared above.

ℹ Login successful and credentials stored in "/Users/XXXXXXXXXX/.aws/credentials" under AWS profile "XXXXXXXXXX" with role ARN "arn:aws:iam::XXXXXXXXXX:role/XXXXXXXXX"
ℹ Initiating request to "https://signin.aws.amazon.com/saml"
ℹ Aborting request to "https://signin.aws.amazon.com/static/js/jquery.min.js"
ℹ Request to "https://signin.aws.amazon.com/static/js/jquery.min.js" has failed
ℹ Aborting request to "https://signin.aws.amazon.com/static/image/down.png"
ℹ Request to "https://signin.aws.amazon.com/static/image/down.png" has failed

Thanks!

ruimarinho commented 3 years ago

@limewxr what node version are you using? I still can’t replicate the issue :|

limewxr commented 3 years ago

@ruimarinho I ran this command on terminal:

$ node --version
v15.10.0
limewxr commented 3 years ago

I wondered if it's something related to my macOS version, but then I saw the comment above i.e. same problem on Windows, so hmm it's probably not an OS level issue.

ruimarinho commented 3 years ago

I believe the issue is fixed under gsts@3.0.5 - it was related to multiple roles after all. Could you all give it a try please?

thebogusman commented 3 years ago

Yes! It works flawlessly under windows 🚀 I can finally use credential_process flow 😃 Thanks a lot for the fix!

limewxr commented 3 years ago

Thanks @ruimarinho ! There's one small problem in the homebrew tap, as the error message says:

$ brew install gsts
==> Installing gsts from ruimarinho/tap
==> Downloading https://github.com/ruimarinho/gsts/archive/v3.0.5.tar.gz
==> Downloading from https://codeload.github.com/ruimarinho/gsts/tar.gz/v3.0.5
######################################################################## 100.0%
Error: SHA256 mismatch
Expected: e9a7a311c88813dea904796757e7fa93a65f05664ca67f98a178bf1e880f1352
  Actual: 04c7d20cb7740492a368e29c841d3c4e95a1de2cacf3f37c1ef7f57ffa90d3a9
    File: /Users/XXXXXXXXX/Library/Caches/Homebrew/downloads/02be94c53b3b3c86deb0658d44a70fd5162738a318b0623471e39d5de5c24906--gsts-3.0.5.tar.gz
To retry an incomplete download, remove the file above.
ruimarinho commented 3 years ago

Oops, only my local version was updated. Fixed!

limewxr commented 3 years ago

Thanks @ruimarinho ! gsts v3.0.5 solves the problem for me. Thank you for your amazing work! Please feel free to close this issue if you want.

ruimarinho commented 3 years ago

Very happy to hear that! Thanks for the help in testing the multiple attempts.

anowar-cloudknox commented 3 years ago

I see it re-appear in 3.0.6, anyone having the same issue

--- Update Saw this issue https://github.com/ruimarinho/gsts/issues/52

--engine firefox worked