search

techservicesillinois / awscli-login

​awscli-login is an AWS CLI plugin that manages retrieving and rotating Amazon STS temporary credentials using SAML ECP for authentication with optional support for Duo.
https://pypi.org/project/awscli-login/
Other
53 stars 25 forks source link

'datetime.datetime' object has no attribute 'task' #222

Open ddriddle opened 2 days ago

ddriddle commented 2 days ago

aws-cli V2 integration tests are failing on Python 3.12 on Github Actions with the following errors:

not ok 4 Test --ecp-endpoint-url
# (from function `assert_output' in file tests/../test_helper/bats-assert/src/assert_output.bash, line 194,
#  in test file tests/docker-idp-login.bats, line 16)
#   `assert_output "404 Client Error:  for url: https://localhost:8443/bad/endpoint"' failed
# Configured for AWSCLI V2.
# ECP Endpoint URL [None]: Username [None]: Enable Keyring [False]: Duo Factor [None]: Role ARN [None]: ECP Endpoint URL [https://localhost:8443/idp/profile/SAML2/SOAP/ECP]: Username [user01]: Enable Keyring [False]: Duo Factor [push]: Role ARN [None]:
# -- output differs --
# expected : 404 Client Error:  for url: https://localhost:8443/bad/endpoint
# actual   : 'datetime.datetime' object has no attribute 'task'
# --
#
not ok 5 Login with Docker IdP
# (from function `assert_output' in file tests/../test_helper/bats-assert/src/assert_output.bash, line 178,
#  in test file tests/docker-idp-login.bats, line 26)
#   `assert_output -e "An error occurred \(InvalidIdentityToken\) when calling the AssumeRoleWithSAML operation: Specified provider doesn't exist \(Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: [0-9a-f-]+; Proxy: null\)"' failed
# Configured for AWSCLI V2.
# ECP Endpoint URL [None]: Username [None]: Enable Keyring [False]: Duo Factor [None]: Role ARN [None]:
# -- regular expression does not match output --
# regexp : An error occurred \(InvalidIdentityToken\) when calling the AssumeRoleWithSAML operation: Specified provider doesn't exist \(Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: [0-9a-f-]+; Proxy: null\)
# output : 'datetime.datetime' object has no attribute 'task'
# --
#
not ok 6 Login and logout
# (from function `assert_success' in file tests/../test_helper/bats-assert/src/assert_success.bash, line 42,
#  in test file tests/login.bats, line 28)
#   `assert_success' failed
# Configured for AWSCLI V2.
# ECP Endpoint URL [None]: Username [None]: Enable Keyring [False]: Duo Factor [None]: Role ARN [None]:
# -- command failed --
# status : 1
# output : 'datetime.datetime' object has no attribute 'task'
# --
#

The same code was working yesterday... It failed on merge to the default branch. The version of Python is 3.12.7:

Run actions/setup-python@v4
  with:
    python-version: 3.12
    check-latest: false
    token: ***
    update-environment: true
    allow-prereleases: false
Installed versions
  Successfully set up CPython (3.12.7)

The version of aws-cli login used was 2.18.0:

aws --version 2>/dev/null | grep '^aws-cli/2.' || (echo "Not running awscli V2!"; exit 1)
aws-cli/2.18.0 Python/3.12.6 Linux/6.5.0-1025-azure exe/x86_64.ubuntu.22

https://github.com/techservicesillinois/awscli-login/actions/runs/11274949996/job/31355296797

ddriddle commented 2 days ago

Note that the PR that passed the same tests before being merged used a different version of aws-cli V2:

aws --version 2>/dev/null | grep '^aws-cli/2.' || (echo "Not running awscli V2!"; exit 1)
aws-cli/2.17.56 Python/3.12.6 Linux/6.8.0-1014-azure exe/x86_64.ubuntu.22

The version of Python was also different:

Run actions/setup-python@v4 with: python-version: 3.12 check-latest: false token: *** update-environment: true allow-prereleases: false Installed versions Successfully set up CPython (3.12.6) `` https://github.com/techservicesillinois/awscli-login/actions/runs/11243416844/job/31259361878

ddriddle commented 2 days ago

The tests do not fail locally using python 3.12.7 and aws-cli 2.18.3.

$ aws --version
aws-cli/2.18.3 Python/3.12.6 Darwin/23.5.0 exe/x86_64
$ python --version
Python 3.12.7
ddriddle commented 2 days ago

I can reproduce it with Python 3.12.7 and aws-cli 2.18.0 either locally:

$ aws --version
aws-cli/2.18.0 Python/3.12.6 Darwin/23.5.0 exe/x86_64
(venv) TECH-M1Q23Q7R6H:awscli-login ddriddle$ python --version
Python 3.12.7
ddriddle commented 2 days ago

Note that 3.12.6 works fine but 3.12.7 does not on ubuntu-latest.

ddriddle commented 1 day ago

The root of the problem is that subprocess is NOT respecting the shebang. This apparently is a known issue. I switched to execlp. But it also is not consistently respecting the Python listed in the shebang instead it is using the aws-cli's Python like subprocess. This does not happen on macOS just on Ubuntu. I'm not sure about Windows.

On Ubuntu running Python 3.12.7 the script reports it is running 3.12.6:

#   /home/runner/work/awscli-login/awscli-login/venv.v2/bin/python: 3.12.6 (main, Sep 18 2024, 21:05:48) [GCC 10.2.1 20210130 (Red Hat 10.2.1-11)]

But it should be running 3.12.7 and does so when run from bash:

/home/runner/work/awscli-login/awscli-login/venv.v2/bin/python: 3.12.7 (main, Oct  1 2024, 15:17:55) [GCC 11.4.0]

Output from aws-cli is:

aws-cli/2.18.0 Python/3.12.6 Linux/6.5.0-1025-azure exe/x86_64.ubuntu.22