search

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.
https://awsu.me
MIT License
485 stars 90 forks source link

Awsume error: Validation Exception - Invalid credentials returned from credential_process: #196

Open alexiskat opened 1 year ago

alexiskat commented 1 year ago

My setup seems to be hitting this exception for some reason.

my ~/.aws/config file is:

[profile ak-ssodev]
sso_start_url = https://d-XXXXXXX.awsapps.com/start
sso_region = eu-west-1
sso_account_id = 1234567890
sso_role_name = Administrator
region = eu-west-1
output = json
credential_process = aws-sso-util credential-process --profile ak-ssodev

If I run aws-sso-util credential-process --profile ak-ssodev that works fine. I get the following json {"Version":1,"AccessKeyId":"XXXXXXX","SecretAccessKey":"XXXXXXX","SessionToken":"XXXXXXX","Expiration":"2022-09-23T15:09:58Z"}

but if I run awsume --debug ak-ssodev then i get the following:

[2022-09-23 15:29:43,974] main.py:main : [DEBUG] Debug logs are visible
[2022-09-23 15:29:43,974] main.py:main : [DEBUG] Executing awsume
[2022-09-23 15:29:43,974] app.py:__init__ : [DEBUG] Initalizing app
[2022-09-23 15:29:43,974] app.py:get_plugin_manager : [DEBUG] Creating plugin manager
[2022-09-23 15:29:43,975] app.py:get_plugin_manager : [DEBUG] Loading plugins
[2022-09-23 15:29:43,995] app.py:parse_args : [DEBUG] Gathering arguments
[2022-09-23 15:29:43,996] default_plugins.py:add_arguments : [INFO] Adding arguments
[2022-09-23 15:29:43,997] app.py:parse_args : [DEBUG] Parsing arguments
[2022-09-23 15:29:43,997] app.py:parse_args : [DEBUG] Handling arguments
[2022-09-23 15:29:43,997] default_plugins.py:post_add_arguments : [DEBUG] Post add arguments
[2022-09-23 15:29:43,997] default_plugins.py:post_add_arguments : [DEBUG] {"version": false, "output_profile": null, "clean": false, "profile_name": "ak-ssodev", "force_refresh": false, "show_commands": false, "unset_variables": false, "auto_refresh": false, "kill": false, "list_profiles": null, "refresh_autocomplete": false, "role_arn": null, "principal_arn": null, "source_profile": null, "external_id": null, "mfa_token": null, "region": null, "session_name": null, "role_duration": null, "with_saml": false, "with_web_identity": false, "json": null, "credentials_file": null, "config_file": null, "config": null, "list_plugins": false, "info": false, "debug": true}
[2022-09-23 15:29:43,997] app.py:get_profiles : [DEBUG] Gathering profiles
[2022-09-23 15:29:43,998] default_plugins.py:collect_aws_profiles : [INFO] Collecting AWS profiles
[2022-09-23 15:29:44,000] default_plugins.py:collect_aws_profiles : [DEBUG] Collected 4 profiles
[2022-09-23 15:29:44,000] default_plugins.py:post_collect_aws_profiles : [INFO] Post collect AWS profiles
[2022-09-23 15:29:44,000] app.py:get_credentials : [DEBUG] Getting credentials
[2022-09-23 15:29:44,000] app.py:get_credentials : [DEBUG] Pulling credentials from default awsume flow
[2022-09-23 15:29:44,000] profile.py:get_role_chain : [DEBUG] Getting role chain for [ak-ssodev]
[2022-09-23 15:29:44,000] default_plugins.py:get_credentials : [DEBUG] Role chain: ['ak-ssodev']
[2022-09-23 15:29:44,000] default_plugins.py:get_credentials_handler : [INFO] Getting credentials: ak-ssodev
[2022-09-23 15:29:44,000] profile.py:validate_profile : [DEBUG] Validating profile
[2022-09-23 15:29:44,000] default_plugins.py:get_credentials_from_credential_process : [INFO] Getting credentials from credential_process, profile: ak-ssodev
[2022-09-23 15:29:45,317] default_plugins.py:get_credentials_from_credential_process : [INFO] credential_process returncode: 0
[2022-09-23 15:29:45,317] default_plugins.py:get_credentials_from_credential_process : [DEBUG] credential_process stdout: Logging in https://XXXXXXXX.awsapps.com/start
Login succeeded, valid until 2022-09-23 23:27 BST

[2022-09-23 15:29:45,317] default_plugins.py:get_credentials_from_credential_process : [DEBUG] credential_process stderr:
[2022-09-23 15:29:45,317] app.py:run : [DEBUG]
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/default_plugins.py", line 493, in get_credentials_from_credential_process
    creds = json.loads(result.stdout.decode('utf-8'))
  File "/opt/homebrew/Cellar/python@3.10/3.10.6_2/Frameworks/Python.framework/Versions/3.10/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/opt/homebrew/Cellar/python@3.10/3.10.6_2/Frameworks/Python.framework/Versions/3.10/lib/python3.10/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/opt/homebrew/Cellar/python@3.10/3.10.6_2/Frameworks/Python.framework/Versions/3.10/lib/python3.10/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/app.py", line 263, in run
    credentials = self.get_credentials(args, profiles)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/app.py", line 202, in get_credentials
    credentials = self.plugin_manager.hook.get_credentials(config=self.config, arguments=args, profiles=profiles)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/pluggy/_hooks.py", line 265, in __call__
    return self._hookexec(self.name, self.get_hookimpls(), kwargs, firstresult)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/pluggy/_manager.py", line 80, in _hookexec
    return self._inner_hookexec(hook_name, methods, kwargs, firstresult)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/pluggy/_callers.py", line 60, in _multicall
    return outcome.get_result()
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/pluggy/_result.py", line 60, in get_result
    raise ex[1].with_traceback(ex[2])
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/pluggy/_callers.py", line 39, in _multicall
    res = hook_impl.function(*args)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/default_plugins.py", line 587, in get_credentials
    credentials = get_credentials_handler(config=config, arguments=arguments, profiles=profiles, profile_name=profile_name, credentials=credentials)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/default_plugins.py", line 545, in get_credentials_handler
    session = get_credentials_from_credential_process(config, arguments, profiles, target_profile, profile_name)
  File "/opt/homebrew/Cellar/awsume/4.5.3_1/libexec/lib/python3.10/site-packages/awsume/awsumepy/default_plugins.py", line 495, in get_credentials_from_credential_process
    raise exceptions.ValidationException('Invalid credentials returned from credential_process: {}'.format(err))
awsume.awsumepy.lib.exceptions.ValidationException: Validation Exception - Invalid credentials returned from credential_process: Expecting value: line 1 column 1 (char 0)
Awsume error: Validation Exception - Invalid credentials returned from credential_process: Expecting value: line 1 column 1 (char 0)

Using 

awsume -v
4.5.3

with

aws-sso-util --version
4.29.0

thanks for any advice

lagerfeuer commented 1 year ago

@alexiskat did you ever figure out what was wrong? I'm running into the same issue now.

alexiskat commented 1 year ago

@lagerfeuer Sorry, I never did and ended up switching to https://github.com/synfinatic/aws-sso-cli

lagerfeuer commented 1 year ago

@alexiskat I figured, I switched to aws-vault. Thanks for the prompt response!