search

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.
https://awsu.me
MIT License
504 stars 91 forks source link

awsume -l throws error when trying to install on Jenkins #83

Closed varun1231 closed 4 years ago

varun1231 commented 4 years ago 
Traceback (most recent call last):
  File "/var/lib/jenkins/.local/bin/awsumepy", line 11, in <module>
    load_entry_point('awsume==3.2.9', 'console_scripts', 'awsumepy')()
  File "/var/lib/jenkins/.local/lib/python2.7/site-packages/awsume/awsumepy.py", line 1702, in main
    awsume.run(command_line_arguments)
  File "/var/lib/jenkins/.local/lib/python2.7/site-packages/awsume/awsumepy.py", line 1666, in run
    mix_role_and_source_profiles(profiles)
  File "/var/lib/jenkins/.local/lib/python2.7/site-packages/awsume/awsumepy.py", line 291, in mix_role_and_source_profiles
    merge_role_and_source_profile(profiles[profile], profiles[source_profile_name])
  File "/var/lib/jenkins/.local/lib/python2.7/site-packages/awsume/awsumepy.py", line 262, in merge_role_and_source_profile
    role_profile['aws_access_key_id'] = source_profile['aws_access_key_id']
KeyError: 'aws_access_key_id'

Not sure, why it isn't able to find "aws_access_key_id" key in role_profile. The credentials and config files are fine and aws-cli works on the box

mbarneyjr commented 4 years ago

It looks like you're using awsume==3.2.9, please try upgrading to version 4 (requires Python 3.5+)

As for the current issue, there must be a profile with a source_profile that points to another profile that does not have an aws_access_key_id defined

If the issue persists after upgrading, feel free to re-open!

varun1231 commented 4 years ago

@mbarneyjr Yes, that's correct. I have upgraded to version 4 but the functionality to refer to a nested profile still doesn't exist (except that the concise error is spelt out this time). Is there a plan to add this functionality. We are using "nested" source profile..

mbarneyjr commented 4 years ago

I'm not sure what you mean when you say "nested source profile."

There is already functionality to support a role profile, which defines asource_profile that will be used as the source credentials when making the assume-role call, is that what you're referring to?

varun1231 commented 4 years ago

There is your previous comment there must be a profile with a source_profile that points to another profile - this is what I mean by "nested source profile".

If my requirement is that an IAM user in one account should assume a role in another account and then that role can assume different roles in multiple accounts, I will use a "nested source profile" as mentioned above. This works with aws s3 ls --profile i.e. with awscli. Can you please accommodate this use case in awsume code?

varun1231 commented 4 years ago

@mbarneyjr Any idea when this feature will be implemented?

mbarneyjr commented 4 years ago

I have no official roadmap for when features will be implemented, I usually work on awsume in my free time