search

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.
https://awsu.me
MIT License
485 stars 90 forks source link

Relative path not working for credential_process #249

Closed alexander-williamson closed 3 months ago

alexander-williamson commented 5 months ago

In my configuration file in /Users/user1/.aws/config I have the following profile (no others)

[profile broken-profile]
region = eu-west-1
credential_process = ~/.aws/aws-login.sh 123456789 ~/Downloads/example.p12

[profile working-profile]
region = eu-west-1
credential_process = /Users/user1/.aws/aws-login.sh 123456789 /Users/user1/Downloads/example.p12

Running awsume broken-profile does not work (because of the relative paths). This does work in AWS CLI land if I use export AWS_PROFILE=broken_profile (switching profiles manually via AWS CLI).

Running awsume working-profile will work in both because of the absolute paths.

AWSume complains:

> awsume broken-profile

Traceback (most recent call last):
  File "/opt/homebrew/bin/awsumepy", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/main.py", line 29, in main
    run_awsume(sys.argv[1:])
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/main.py", line 17, in run_awsume
    awsume.run(argument_list)
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/app.py", line 265, in run
    credentials = self.get_credentials(args, profiles)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/app.py", line 204, in get_credentials
    credentials = self.plugin_manager.hook.get_credentials(config=self.config, arguments=args, profiles=profiles)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/pluggy/_hooks.py", line 493, in __call__
    return self._hookexec(self.name, self._hookimpls, kwargs, firstresult)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/pluggy/_manager.py", line 115, in _hookexec
    return self._inner_hookexec(hook_name, methods, kwargs, firstresult)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/pluggy/_callers.py", line 113, in _multicall
    raise exception.with_traceback(exception.__traceback__)
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/pluggy/_callers.py", line 77, in _multicall
    res = hook_impl.function(*args)
          ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/default_plugins.py", line 626, in get_credentials
    credentials = get_credentials_handler(config=config, arguments=arguments, profiles=profiles, profile_name=profile_name, credentials=credentials)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/default_plugins.py", line 583, in get_credentials_handler
    session = get_credentials_from_credential_process(config, arguments, profiles, target_profile, profile_name)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/awsume/4.5.4/libexec/lib/python3.12/site-packages/awsume/awsumepy/default_plugins.py", line 522, in get_credentials_from_credential_process
    result = subprocess.run(target_profile.get('credential_process').split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=credential_process_env)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.12/3.12.1_1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/subprocess.py", line 548, in run
    with Popen(*popenargs, **kwargs) as process:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.12/3.12.1_1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/subprocess.py", line 1026, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/opt/homebrew/Cellar/python@3.12/3.12.1_1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/subprocess.py", line 1950, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '~/.aws/aws-login.sh'
lhendrick-t10 commented 4 months ago

Hey there @alexander-williamson! Thanks for taking the time to open an issue with us - I've added this to our current task log and will provide an update as soon as I am able!

lhendrick-t10 commented 4 months ago

@alexander-williamson - hi again! I've merged a fix and will be working towards a release by the end of the week

alexander-williamson commented 3 months ago

Hey @lhendrick-t10 how did you get on with this? Is this now released? I see the code merged but the bug still open. Do you need me to test anything?

lhendrick-t10 commented 3 months ago

Hello again @alexander-williamson - I've merged the PRs and have published a release candidate version to PyPI

We'll be publishing the full release soon, but wanted to give you a heads up that I will be closing this issue.

Thanks again for your support of awsume!