Closed Tantalon closed 3 years ago
When I use a SAML plugin, no environment variables are exported. When I use credential_process, they are.
Will continue to investigate.
Debug trace is here:
➜ Documents awsume --with-saml --debug [2021-05-12 13:37:28,466] main.py:main : [DEBUG] Debug logs are visible [2021-05-12 13:37:28,466] main.py:main : [DEBUG] Executing awsume [2021-05-12 13:37:28,467] app.py:__init__ : [DEBUG] Initalizing app [2021-05-12 13:37:28,467] app.py:get_plugin_manager : [DEBUG] Creating plugin manager [2021-05-12 13:37:28,467] app.py:get_plugin_manager : [DEBUG] Loading plugins [2021-05-12 13:37:28,555] app.py:parse_args : [DEBUG] Gathering arguments [2021-05-12 13:37:28,556] default_plugins.py:add_arguments : [INFO] Adding arguments [2021-05-12 13:37:28,556] app.py:parse_args : [DEBUG] Parsing arguments [2021-05-12 13:37:28,557] app.py:parse_args : [DEBUG] Handling arguments [2021-05-12 13:37:28,557] default_plugins.py:post_add_arguments : [DEBUG] Post add arguments [2021-05-12 13:37:28,557] default_plugins.py:post_add_arguments : [DEBUG] {"version": false, "output_profile": null, "clean": false, "profile_name": null, "force_refresh": false, "show_commands": false, "unset_variables": false, "auto_refresh": false, "kill": false, "list_profiles": null, "refresh_autocomplete": false, "role_arn": null, "principal_arn": null, "source_profile": null, "external_id": null, "mfa_token": null, "region": null, "session_name": null, "role_duration": null, "with_saml": true, "with_web_identity": false, "json": null, "credentials_file": null, "config_file": null, "config": null, "list_plugins": false, "info": false, "debug": true, "console": false, "console_link": false, "console_service": false, "console_link_service": false} [2021-05-12 13:37:28,557] default_plugins.py:post_add_arguments : [DEBUG] No profile name passed, target profile name will be "default" [2021-05-12 13:37:28,557] app.py:get_profiles : [DEBUG] Gathering profiles [2021-05-12 13:37:28,557] default_plugins.py:collect_aws_profiles : [INFO] Collecting AWS profiles [2021-05-12 13:37:28,558] default_plugins.py:collect_aws_profiles : [DEBUG] Collected 8 profiles [2021-05-12 13:37:28,558] default_plugins.py:post_collect_aws_profiles : [INFO] Post collect AWS profiles [2021-05-12 13:37:28,558] app.py:get_credentials : [DEBUG] Getting credentials [2021-05-12 13:37:28,558] app.py:get_credentials : [DEBUG] Pulling credentials from saml 0) arn:aws:iam::000000000354:saml-provider/ADFS,arn:aws:iam::000000000354:role/RAM-AWS-OperationsSys-Admin 1) arn:aws:iam::000000000325:saml-provider/ADFS,arn:aws:iam::000000000325:role/RAM-AWS-CodenationProd-PowerUserLimited 2) arn:aws:iam::000000000271:saml-provider/ADFS,arn:aws:iam::000000000271:role/RAM-AWS-Aurea-CentralKube-Central-Jenkins 3) arn:aws:iam::000000000271:saml-provider/ADFS,arn:aws:iam::000000000271:role/RAM-AWS-Aurea-CentralKube-ScaleArc 4) arn:aws:iam::000000000271:saml-provider/ADFS,arn:aws:iam::000000000271:role/RAM-AWS-Aurea-CentralKube-FeatureTooling 5) arn:aws:iam::000000000429:saml-provider/ADFS,arn:aws:iam::000000000429:role/RAM-AWS-ManualQA-Admin 6) arn:aws:iam::000000000271:saml-provider/ADFS,arn:aws:iam::000000000271:role/RAM-AWS-Aurea-CentralKube-Eng-Qa-Integration 7) arn:aws:iam::000000000796:saml-provider/ADFS,arn:aws:iam::000000000796:role/RAM-AWS-Dev-DevFactory-CloudCRM-Admin 8) arn:aws:iam::000000000741:saml-provider/ADFS,arn:aws:iam::000000000741:role/RAM-AWS-Dev-ZephyrTel-5kvoltdelta-Admin 9) arn:aws:iam::000000000828:saml-provider/ADFS,arn:aws:iam::000000000828:role/RAM-AWS-Dev-CentralFunctions-qaplatform-Admin 10) arn:aws:iam::000000000608:saml-provider/ADFS,arn:aws:iam::000000000608:role/RAM-AWS-Dev-Think3-Sococo5kV2-PowerUser 11) arn:aws:iam::000000000215:saml-provider/ADFS,arn:aws:iam::000000000215:role/RAM-AWS-Exp-DevFactory-EngFeature-Admin 12) arn:aws:iam::000000000215:saml-provider/ADFS,arn:aws:iam::000000000215:role/RAM-AWS-Exp-DevFactory-EngFeature-Billing 13) arn:aws:iam::000000000915:saml-provider/ADFS,arn:aws:iam::000000000915:role/RAM-AWS-Dev-DevFactory-semopenapps-Admin Which role do you want to assume? > 11 Assuming role: arn:aws:iam::000000000215:saml-provider/ADFS,arn:aws:iam::000000000215:role/RAM-AWS-Exp-DevFactory-EngFeature-Admin [2021-05-12 13:37:35,876] aws.py:assume_role_with_saml : [DEBUG] Assuming role with saml: arn:aws:iam::000000000215:role/RAM-AWS-Exp-DevFactory-EngFeature-Admin DEBUG:awsume:Assuming role with saml: arn:aws:iam::000000000215:role/RAM-AWS-Exp-DevFactory-EngFeature-Admin [2021-05-12 13:37:39,433] aws.py:assume_role_with_saml : [DEBUG] SAML Role credentials received DEBUG:awsume:SAML Role credentials received Role credentials will expire 2021-05-12 14:37:39 [2021-05-12 13:37:39,435] app.py:export_data : [DEBUG] Exporting data DEBUG:awsume:Exporting data ➜ Documents export | grep AWS AWS_PAGER='' ➜ Documents
Ah, found it, if a plugin produces any debug info on stdout it breaks the export mechanism. It works fine after removing all debug info from the plugin.
When I use a SAML plugin, no environment variables are exported. When I use credential_process, they are.
Will continue to investigate.
Debug trace is here: