Role list is empty after upgrade to 2.0.4

[tyron]

After updating to version 2.0.4 today, my Role List is always empty on AWS.

Chrome 78.0 Stable macOS Catalina 10.15.6

[timschill]

Make sure you click on the plugin icon instead of the normal switch-role menu in the AWS console. Also I hade to change the [profile account-name] to just [account-name] for my profiles to show up. This I felt was a bit strange since it says that it should support regular .aws/.config or .aws/.credentials config syntax?

[tyron]

I am clicking the new button, yes. It worked perfectly with 2.0.3. Just tried both with and without profile word.

I'm assuming this is related to the showOnlyMatchingRoles, and something failing to match the roles that I need. Unfortunately I didn't find a good way of inspecting the code running, not sure if @tilfin could give some tips on how to setup your environment and inspect things like clicking the button. If you can, I can dig into it a bit more and potentially suggest something.

[tilfin]

@tyron Could you confirm to able to obtain window.ConsoleNavService.AccountInfo in the console pane of Chrome DevTools?

[tilfin]

@timschill I did not change the code that parses the profile prefix of a configuration.

[tyron]

@tilfin I can get window.ConsoleNavService.AccountInfo, yes. roleDisplayNameAccount and roleDisplayNameUser are not though, not sure if that makes any difference.

[tyron]

I just noticed. I don't have a awsc-login-display-account element on my AWS Console.

This line is failing: https://github.com/tilfin/aws-extend-switch-roles/blob/c4eff0db143e1ac473c4a2202b65987f0bb6da3c/src/attach_target.js#L11

with: Uncaught SyntaxError: Unexpected token '.'

I'm wondering if my Chrome version does't support a null?.property syntax?

[tilfin]

@tyron https://github.com/tilfin/aws-extend-switch-roles/blob/c4eff0db143e1ac473c4a2202b65987f0bb6da3c/src/attach_target.js#L6 If you can get ConsoleNavService.AccountInfo, those in the else block is not run.

What is the version of your Chrome? Mine is 85.0.4183.121.

[tyron]

According to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Optional_chaining, the ?. operator is supported on Chrome > 80; that's why it's not working for me (version 78).

[tilfin]

@tyron Try to upgrade Chrome to the latest version, you also have the security risk.

[tyron]

Not that easy with big corporations :( I was able to fix the issue locally with a tweak to allow a backward compatibility. I submitted PR #172 with that.

I know it's not ideal, but can you evaluate if it is feasible to add this in? Shouldn't break newer versions and would allow us that lag a bit behind to use the extension for a little while -- considering version 80 was released in Feb 2020 and this year, well, companies are still trying to change as little as possible to not impact WFH workers.

Thanks!

[tilfin]

@tyron I don't care about backward compatibility of the browser with all the code. I can't confirm where it works with older browsers other than this one. If you need a store release, publish it unlisted by yourself and install from it.

[sixxta]

I have the same issue with a different error:

Error in event handler: SyntaxError: Unexpected token u in JSON at position 0
    at JSON.parse (<anonymous>)
    at chrome-extension://jpmkfafbacpgapdghgdpembnojdlgkdl/js/content.js:74:15

Chrome version is 85.0.4183.121

The configuration file is (with account numbers and role names changed):

[classic]
aws_account_id = 111111111111

[classic-ro]
role_arn = arn:aws:iam::111111111111:role/read-only
source_profile = classic
color = 000000
region = us-west-2

[classic-admin]
role_arn = arn:aws:iam::111111111111:role/admin
source_profile = classic
color = 000000
region = us-west-2

Is there no need for an mfa_serial line?

[tspiva]

I'm getting the same issue as @sixxta except mine is line 75 which is:

      const infoJson = document.getElementById('AESR_info').dataset.content;
      cb(JSON.parse(infoJson));
      return false;

Chrome Version 85.0.4183.121

For me the problem seems to be the first time that line is hit, document.getElementById('AESR_info').dataset.content returns the JSON as above but the second time it is hit, document.getElementById('AESR_info').dataset is undefined.

[tilfin]

@sixxta @tspiva I think there is a rare case that AESR_info cannot be obtained due to asynchronous processing. Does this happen always?

[BlackDex]

I sometimes have to refresh the aws page i'm on when i do not see any roles. After that it shows them again. It's a bit annoying but still beats manual switching. using Firefox.

[tilfin]

AESR refers to information that can't be retrieved until the page has completely been loaded. So if you try to open the menu immediately after a page refresh or transition, you may not get it.

[BlackDex]

Well then i have a different issue it seems. For me the list is only visible right after a refresh. Some time after the list disappears even though i'm still logged-in. And right after a page refresh i can see the list.

[tspiva]

@tilfin it was happening every time for me. I am also on a mac if that matters any. Strangely enough today the stack trace isn't happening but it is still not working

I removed all profiles except the main source profile and 2 assume roles and the dialog will show with a "Role List" label and search box but nothing else seems to come up for to switch roles. It's just empty. My config is as follows:

[dev]
aws_account_id = xxxxxxxxxxxx
region=us-east-1

[env1]
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/PicaDevAssume
source_profile = dev

[mydev]
role_arn=arn:aws:iam::xxxxxxxxxxxx:role:role/OrganizationAccountAccessRole
source_profile=dev

For the aws_account_id I have tried using just the numbers, numbers with dashes, and the alias in IAM.

[BlackDex]

For me using source_profile all was empty also, i had to remove that completely and aws_account_id to every profile which in the end seemed to work for me.

[tspiva]

@BlackDex That worked for me too!

[fdaugan]

@BlackDex That's it. The match with the target organization/alias account does not work anymore in 2.04. This is not really an issue if you use separated Chrome session profiles or if you work with a single organization. Otherwise you will see some unrelated roles to your current AWS organization.

[ZyanKLee]

I had the same issue with 2.05, but when I enabled the tick for "Hide account id", all the entries came back.

[glassdimlygr]

Confirming @BlackDex's observation that replacing source_profile = dev with aws_account_id = {my account number} makes the roles appear.

[ahmgithubahm]

Also confirming the above, but noting that I still had the: source_profile = src-profile lines in, but commented out: ;source_profile = src-profile and still the Role List was empty. I had to remove the source_profile lines completely, not just comment them out, before the role list re-appeared. I also found I didn't need the: aws_account_id= lines either - it looks like they are ignored.

edit: Actually this matches the documentation, which says: > Target roles can be expressed with a role_arn or with both aws_account_id and role_name. so maybe I should read the doc first. 😄 edit: Just to confirm, all my problems stemmed from expecting the plugin to ignore lines prefixed with ; (comment in an INI file). For lines inside a [] section, this is not the case.

[tomas-mazak]

:+1: on this. I can confirm that I see the same issue: simple config option works perfectly fine (without source_profile), but the complex config (with "base account" and source_profile links) shows an empty list. Tried various combinations the "Settings" checkboxes, but to no avail.

It is unfortunate mainly because I cannot now copy&paste the ~/.aws/config as is.

[ahmgithubahm]

👍 on this. I can confirm that I see the same issue: simple config option works perfectly fine (without source_profile), but the complex config (with "base account" and source_profile links) shows an empty list. Tried various combinations the "Settings" checkboxes, but to no avail.

It is unfortunate mainly because I cannot now copy&paste the ~/.aws/config as is.

You could post your config here and we'll have a look. After a bit of fiddling, I got mine working OK.