search

victorskl / yawsso

Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials
MIT License
302 stars 26 forks source link

ValueError: time data '2023-03-16T15:11:53.540Z' does not match format '%Y-%m-%dT%H:%M:%SZ' #86

Closed diranged closed 4 months ago

diranged commented 1 year ago

Ran into this weird one.. I'm running yawsso on a cron in the background and I noticed it wasn't executing. Here are the logs:

%  /Users/diranged/src/dotfiles/.venv3-darwin/bin/yawsso
Traceback (most recent call last):
  File "/Users/diranged/src/dotfiles/.venv3-darwin/bin/yawsso", line 8, in <module>
    sys.exit(main())
  File "/Users/diranged/src/dotfiles/.venv3-darwin/lib/python3.9/site-packages/yawsso/cli.py", line 225, in main
    credentials = core.update_profile(profile_name, co.config)
  File "/Users/diranged/src/dotfiles/.venv3-darwin/lib/python3.9/site-packages/yawsso/core.py", line 245, in update_profile
    credentials = fetch_credentials(profile_name, profile)
  File "/Users/diranged/src/dotfiles/.venv3-darwin/lib/python3.9/site-packages/yawsso/core.py", line 104, in fetch_credentials
    cached_login = check_sso_cached_login_expires(profile_name, profile)
  File "/Users/diranged/src/dotfiles/.venv3-darwin/lib/python3.9/site-packages/yawsso/core.py", line 95, in check_sso_cached_login_expires
    expires_utc = parse_sso_cached_login_expiry(cached_login)
  File "/Users/diranged/src/dotfiles/.venv3-darwin/lib/python3.9/site-packages/yawsso/core.py", line 60, in parse_sso_cached_login_expiry
    expires_utc = datetime.strptime(expires_at, datetime_format_in_sso_cached_login)
  File "/usr/local/Cellar/python@3.9/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/_strptime.py", line 568, in _strptime_datetime
    tt, fraction, gmtoff_fraction = _strptime(data_string, format)
  File "/usr/local/Cellar/python@3.9/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/_strptime.py", line 349, in _strptime
    raise ValueError("time data %r does not match format %r" %
ValueError: time data '2023-03-16T15:11:53.540Z' does not match format '%Y-%m-%dT%H:%M:%SZ'

Here's the sso cache'd cred file:

% cat /Users/diranged/.aws/sso/cache/5c6808f7452a7d6e84611eccd4cfc2ca096b1913.json | jq . 
{
  "startUrl": "https://XXX.awsapps.com/start",
  "region": "us-east-1",
  "accessToken": "xxx",
  "expiresAt": "2023-03-16T15:11:53.540Z",
  "clientId": "Q1vjMsXxIFRjaxD-7Da7EHVzLWVhc3QtMQ",
  "clientSecret": "xxx",
  "registrationExpiresAt": "2023-06-11T17:08:17Z",
  "refreshToken": "xxx"
}

And the AWS CLi ver:

% aws --version
aws-cli/2.11.2 Python/3.11.2 Darwin/22.3.0 source/arm64 prompt/off
victorskl commented 1 year ago

Um. That's weird. "expiresAt": "2023-03-16T15:11:53.540Z" looks alright -- But. I will double check, soon. Thanks for reporting in.

remmelt commented 1 year ago

Same problem here.

akefirad commented 11 months ago

@victorskl the datetime value is fine. The issue is with the pattern which doesn't expect milliseconds; %Y-%m-%dT%H:%M:%SZ. Removing the millisecond part from the value (in the cached file) resolves the issue. The pattern seem to need an optional milliseconds part.

victorskl commented 11 months ago

Right..! Mine is like

{
    "startUrl": <snip>,
    "region": "ap-southeast-2",
    "accessToken": <snip>,
    "expiresAt": "2023-08-04T06:15:57Z",
    "clientId": <snip>,
    "clientSecret": <snip>,
    "registrationExpiresAt": "2023-10-12T02:27:45Z",
    "refreshToken": <snip>
}

Thanks for detective work. I will fix/support/work on this..!

et304383 commented 5 months ago

Started experiencing this for the first time ever this morning. Strange I have not seen it before.

I refreshed my SSO session and the issue went away.

victorskl commented 5 months ago

This issue is now found to be related with https://github.com/victorskl/yawsso/issues/90

I'm probably going to handle this expiry check differently. And not to rely on this expiresAt field. Stay tune for RC.

victorskl commented 4 months ago

It should fix with 1.2rc1. Let me know any feedback, if any.

pip install -U yawsso==1.2.0rc1

yawsso --version
yawsso 1.2.0rc1
victorskl commented 4 months ago

The yawsso-1.2.0 out.!

Sorry for year long wait. This should be fixed. The yawsso does not check this expiresAt field anymore.

pip install -U yawsso==1.2.0

It should attempt auto-refresh as long as the refresh token lives...

Better yet, try auto subcommand; this will auto login as last resort when the refresh token itself has expired...

yawsso auto --profile dev