Closed Moulick closed 3 months ago
It seems there is a $BROWSER
variable exported in Github Codespaces which is some script that handles URL opening nicely.
aws-sso
knows nothing about the $BROWSER variable. Since you don't have xdg-open
, you'll want to configure the browser manually per the docs: https://synfinatic.github.io/aws-sso-cli/config/#browser-urlaction-urlexeccommand
Oh nice. Tried this now and got the following issue
UrlAction: exec
UrlExecCommand:
- $BROWSER
- "%s"
@Moulick ➜ ~ $ aws-sso list
WARNING The specified item could not be found in the keyring
Enter passphrase to unlock "/home/codespace/.aws-sso/secure":
Verify this code in your browser: <redacted>
FATAL Unable to authenticate error="Unable to exec `$BROWSER https://device.sso.eu-central-1.amazonaws.com/?user_code=<redacted>`: exec: \"$BROWSER\": executable file not found in $PATH"
@Moulick ➜ ~ $ echo $BROWSER
/vscode/bin/linux-x64/863d2581ecda6849923a2118d93a088b0745d9d6/bin/helpers/browser.sh
I need a way to somehow expand shell variables, even something like $HOME
or ~
to allow executing a script that I can write to handle running in Github Codespaces/Linux/MacOS
UrlExecCommand:
- /bin/bash
- '~/.aws-sso/open.sh'
- "%s"
even something like this does not work :(
UrlExecCommand:
- ~/bin/firefox.sh
- "%s"
where contents of ~/bin/firefox.sh
:
#!/bin/bash
/Applications/Firefox.app/Contents/MacOS/firefox $@
:(
UrlAction: exec
UrlExecCommand:
- ~/.aws-sso/open.sh
- "%s"
~/.aws-sso/open.sh
#! /bin/bash
$BROWSER $@
Error:
FATAL Unable to authenticate error="Unable to exec `~/.aws-sso/open.sh https://device.sso.eu-central-1.amazonaws.com/?user_code=<redacted>`: fork/exec ~/.aws-sso/open.sh: no such file or directory"
Yes. I'm saying you can't use $browser. aws-sso doesn't honor that. You need to put the path to the browser in the file.
Apologies if I am mis-understanding but aws-sso-cli
is not expanding the ~
. Because if I put the config as below,
This works
UrlExecCommand:
- /home/codespace/.aws-sso/open.sh
- "%s"
#! /bin/bash
$BROWSER $@
So the $BROWSER is getting expanded but just the file path in the UrlExecCommand
itself is not getting expanded.
Ah, sorry, you are correct, the ~
is not expanded for UrlExecCommand
.
That said, I'm a bit surprised $BROWSER
is valid in the shell script... I'm not manually passing the existing environment variables to exec.Command
.
So sounds like you're good?
Yeah, that is a surprise. But no, this does not solve my problem unfortunately. In my org, I am managing a shared repo with the ~/.aws-sso/config.yaml
file and as everyone clones that repo, the path for their home is different. That means hardcoding the path in the config would not work. So I need at-least ~
to be expanded or maybe $HOME
or something to fix that. Passing the full env to UrlExecCommand
probably can solve this?
Give that a try?
So just tested main, ~
works but $HOME
does not
@Moulick ➜ ~ $ /go/bin/aws-sso
Enter passphrase to unlock "/home/codespace/.aws-sso/secure":
Verify this code in your browser: redacted
FATAL Unable to authenticate error="unable to exec `$HOME/.aws-sso/open.sh https://device.sso.eu-central-1.amazonaws.com/?user_code=redacted`: fork/exec $HOME/.aws-sso/open.sh: no such file or directory"
@Moulick ➜ ~ $ echo $HOME
/home/codespace
@Moulick ➜ ~ $
Sorry, yeah, I guess I wasn't clear.
The ~
will be expanded to the user home directory for a given executable. Not for arguments though.
The $HOME
environment variable is now being explicitly passed in and accessible as an environment variable to the executable.
Basically, if you had a system shell script/binary and needed access to the user home directory, you should be able to do that now. I guess, that did work before??? Not sure why... no idea if it was portable or not. At least now it should work reliably now and in the future.
Ah, makes sense. This solves the issue for now. Please make a release so I can get my teams to upgrade. Thank you for supporting this!!
Putting a link to gist here as example for anyone that stumbles here https://gist.github.com/Moulick/34a333da526a1063465630ed91c6129c
Output of
aws-sso version
:Describe the bug: Trying to use aws-sso-cli in github codespaces. Trying to authenticate give the above error.
aws configure sso
opens a new tab/popup to click the allow access button.To Reproduce:
aws-sso-cli
aws-sso list
and go through the wizardExpected behaviour: Open AWS login page to authorise
Current behaviour
Desktop (please complete the following information):
Contents of
~/.aws-sso/config.yaml
: