Comments (5)
victorskl
commented on August 31, 2024
Thanks for reporting. Can you please try with --debug or --trace to see any useful output there? It will be good, if you can share your profiles ~/.aws/config (pls mask it), something like this #9. Then, we can pin point the cause... e.g.
[profile dev]
sso_start_url = https://<>.awsapps.com/start
sso_region = us-west-2
sso_account_id = 1234567890
sso_role_name = AdministratorAccess
region = us-west-2
output = json
...
...
from yawsso.
dodtsair
commented on August 31, 2024
I believe this is caused by a stale aws configure sso.
If I use aws configure sso for something like:
[profile dev]
sso_start_url = https://<>.awsapps.com/start
sso_region = us-west-2
sso_account_id = #@#@#@#@
sso_role_name = AdministratorAccess
region = us-west-2
output = json
Then I go back into SSO UI and I reconfigure things such the role is now admin-access. Then the next yawsso will fail.
The logs at trace identify the old profile:
2020-08-14 22:19:49,542 yawsso.cli TRACE Syncing profile... staging-sw: {'sso_start_url': 'https://#@#@#@.awsapps.com/start#/', 'sso_region': 'us-west-2', 'sso_account_id': '#@#@#@', 'sso_role_name': 'AdministratorAccess', 'region': 'us-west-2'}
Naturally I can fix this with aws configure sso and redoing the staging-sw profile
$ aws configure sso
SSO start URL [None]: https://#@#@#@awsapps.com/start#/
SSO Region [None]: us-west-2
There are 8 AWS accounts available to you.
Using the account ID #@#@#@
There are 2 roles available to you.
Using the role name "admin-with-billing"
CLI default client Region [us-west-2]:
CLI default output format [None]:
CLI profile name [admin-with-billing-#@#@#]: staging-sw
Now running yawsso with --trace moves on to the next profile in a bad state
2020-08-14 22:24:13,734 yawsso.cli TRACE Syncing profile... prod-sw: {'sso_start_url': 'https://#@#@#@.awsapps.com/start#/', 'sso_region': 'us-west-2', 'sso_account_id': '#@#@#@', 'sso_role_name': 'AdministratorAccess', 'region': 'us-west-2'}
Now I have a long list so if I need to get past this I can just select the profile I am interested in and skip the profiles that are in error.
yawsso --profiles 'dev-ic'
from yawsso.
victorskl
commented on August 31, 2024
Right, got your point! I can reproduce your use case. So, it is basically a stale role (or stale Permission Sets more precisely) i.e. role name has either changed or, no longer exist in your Org account AWS SSO Permission Sets. Then yawsso call to aws sts get-caller-identity fail. But expect yawsso should continue. Okay, I reckon, I can try change its behaviour to warn instead of halt, will do!
from yawsso.
victorskl
commented on August 31, 2024
Fixed since pip install -U yawsso==0.6.0rc3
from yawsso.
victorskl
commented on August 31, 2024
Now with pip install -U yawsso==0.6.0. Closing.
from yawsso.
Related Issues (20)
- ValueError on time data again HOT 3
- aws_session_expiration value is incorrect ...uses UTC time rather than the UTC timezone offset HOT 2
- Rename profile on sync HOT 4
- yawsso -e only exports Linux form of environment variables HOT 2
- Fix distutils packaging warning
- Improve clipboard masking HOT 2
- Automatically log in when sync fails HOT 3
- syncing for all named profiles fails when cache for first profile is not active on first time set up HOT 4
- Sync fails when values have double-quotes HOT 3
- yawsso doesn't recognize new-style SSO profiles HOT 9
- Request: do not put region into the profile written to ~/.aws/credentials HOT 4
- New Windows -e process is too restrictive HOT 3
- can't get aws credentials in cmd line HOT 2
- Error: "no section: 'default' HOT 2
- ValueError: time data '2023-03-16T15:11:53.540Z' does not match format '%Y-%m-%dT%H:%M:%SZ' HOT 8
- yawsso auto without cache HOT 4
- Add parameter to control setting the region in the .aws/credentials file HOT 2
- yawsso needs to ignore the expiresAt parameter in .aws/sso/cache/<thing>.json HOT 15
- How can I skip encrypt? HOT 2
- KeyError: 'refreshToken' after updating to 1.2.0 HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yawsso.