search

ryansonshine / aws-sso-creds-helper

A command line util for using SSO credentials with AWS SDK on AWS CLI v2 until native support is released
MIT License
55 stars 8 forks source link

Does not support [profile PROFILE_NAME] syntax, only [PROFILE_NAME] #76

Closed smartin-qb closed 1 year ago

smartin-qb commented 1 year ago

Current Behavior

Does not support syntax [PROFILE_NAME], only [profile PROFILE_NAME]

If you use a profile setup with [PROFILE_NAME] syntax you get the following

/app/qb-serverless aws-shared_to_dev > ssocreds --profile PROFILE_NAME                                                                            1s root@smartin-qb-serverless-dev 17:50:09
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.10.11
[aws-sso-creds-helper]: Getting SSO credentials for profile PROFILE_NAME
[aws-sso-creds-helper]: Failed to load SSO credentials for PROFILE_NAME
[aws-sso-creds-helper]: No profile found for PROFILE_NAME
[aws-sso-creds-helper]: Run ssocreds with --debug flag for more details.
(node:2511) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)

Expected Behavior

To load the credentials for the valid profile

Steps to Reproduce the Problem

  1. Create a profile with [PROFILE_NAME] syntax which if you do not aws configure list-profiles might not show them.
  2. Run ssocreds --profile PROFILE_NAME

Environment

ryansonshine commented 1 year ago

Hi @smartin-qb ,

I have tested configurations with the [profile PROFILE_NAME] syntax and they work as expected. Can you please re-run the command with the --debug flag and post your logs?

Thanks

smartin-qb commented 1 year ago

Sure, sorry for the accidental edits, I updated the description, sorry I got confused with this issue and another one not related to this tool.

The issue is actually with [PROFILE_NAME] syntax, not the [profile PROFILE_NAME] syntax

Here is the output from a profile with [PROFILE_NAME] syntax, sorry about the confusion and thank you for your help.

0867039d748a:/# ssocreds --profile test --debug
[aws-sso-creds-helper]: AWS SSO Creds Helper v1.10.10
(node:157) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)
[aws-sso-creds-helper]: ===========
[aws-sso-creds-helper]: SYSTEM INFO
[aws-sso-creds-helper]: ===========
[aws-sso-creds-helper]: AWS CLI Version aws-cli/2.13.0 Python/3.11.4 Linux/5.15.49-linuxkit-pr source/aarch64.alpine.3 prompt/off
[aws-sso-creds-helper]: OS linux 5.15.49-linuxkit-pr
[aws-sso-creds-helper]: Node v20.4.0
[aws-sso-creds-helper]: ==============
[aws-sso-creds-helper]: PROFILE CONFIG
[aws-sso-creds-helper]: ==============
[aws-sso-creds-helper]:
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                     test           manual    --profile
access_key     ******************** shared-credentials-file
secret_key     ********************* shared-credentials-file
    region                ******      config-file    ~/.aws/config

[aws-sso-creds-helper]: Getting SSO credentials for profile test
[aws-sso-creds-helper]: Reading config from /root/.aws/config
[aws-sso-creds-helper]: Full profile name for lookup is profile test
[aws-sso-creds-helper]: Error is NOT an ExpiredCredsError
[aws-sso-creds-helper]: Error is NOT an AwsSdkError
[aws-sso-creds-helper]: Failed to load SSO credentials for test
[aws-sso-creds-helper]: No profile found for test
[aws-sso-creds-helper]: ProfileNotFoundError: No profile found for test
    at exports.getProfile (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:85:15)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:105:33
    at Generator.next (<anonymous>)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:8:71
    at new Promise (<anonymous>)
    at __awaiter (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:4:12)
    at exports.run (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/sso-creds.js:103:59)
    at /usr/local/lib/node_modules/aws-sso-creds-helper/lib/cli.js:37:31
    at Generator.next (<anonymous>)
    at fulfilled (/usr/local/lib/node_modules/aws-sso-creds-helper/lib/cli.js:5:58)
ryansonshine commented 1 year ago

The syntax for configuration on a named profile is [profile PROFILE_NAME]. Is there a specific reason you're configuring your CLI to use a [PROFILE_NAME] syntax?

Ref: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-format

smartin-qb commented 1 year ago

profiles that match the structure of default are existing presently and some tools happen to use that structure for some reason.

Config file: [default] [profile user1]

ryansonshine commented 1 year ago

[default] is the valid syntax for a default profile. Named profiles should be [profile user1].

I'm not sure which tools are using that syntax but is it possible you may be thinking of the credential file syntax which is in fact [default] [user1]?

ryansonshine commented 1 year ago

It may work with the invalid syntax but that may not always be the case. My recommendation would be to follow the syntax laid out by the AWS documentation.

I appreciate the feedback but I'm closing the issue for now as something we don't plan on supporting.