Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO Cache filename should be based on sso_session in addition to sso_start_url #5184

Closed
schrobot opened this issue Feb 27, 2024 · 4 comments
Closed

SSO Cache filename should be based on sso_session in addition to sso_start_url #5184

schrobot opened this issue Feb 27, 2024 · 4 comments
Assignees
@RanVaknin
Labels
bug This issue is a bug. p2 This is a standard priority issue

Comments

@schrobot
Copy link

schrobot commented Feb 27, 2024
edited
Loading

Describe the bug

The SSO cache files in ~/.aws/sso/cache have filenames based only on the startUrl. Other SDKs, namely the Python SDK, and seemingly what the AWS CLI uses, actually use the sso_session if provided, and fallback to the sso_start_url otherwise. This leads to issues where if I login via the aws CLI, with a profile that has a sso_session_name configured, tools that use the go SDK, like https://github.com/awslabs/amazon-ecr-credential-helper, fail to correctly find my cached credentials and produce authentication errors.

See https://github.com/boto/botocore/blob/master/botocore/utils.py#L3354 and

aws-sdk-go/aws/credentials/ssocreds/provider.go

Line 121 in 1a86d22

tokenFile, err := loadTokenFile(p.CachedTokenFilepath)

Expected Behavior

The go SDK should generate the same filenames as the other SDKs and CLI.

Current Behavior

The go SDK computes the filename only based on the start URL, which makes it unable to find the right cached credential file produced by the CLI.

Reproduction Steps

  1. Create an AWS profile in ~/.aws/config enabled for SSO, that has a session-name
  2. Run aws sso login --profile <that profile>
  3. Run retrieve

    aws-sdk-go/aws/credentials/ssocreds/provider.go

    Line 98 in 1a86d22

    func (p *Provider) Retrieve() (credentials.Value, error) {

Possible Solution

Replicate the logic in the botocore SDK

Additional Information/Context

No response

SDK version used

1.24.1

Environment details (Version of Go (go version)? OS name and version, etc.)

1.19
@schrobot schrobot added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 27, 2024
@RanVaknin
Copy link
Contributor

Hi @schrobot ,

Can you please update your SDK version? we are in 1.5x, you are using 1.24.1 which is 5 years old.
Let me know if this helps.
Thanks,
Ran~

@RanVaknin RanVaknin self-assigned this Mar 8, 2024
@RanVaknin RanVaknin added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Mar 8, 2024
@schrobot
Copy link
Author

schrobot commented Mar 8, 2024
edited
Loading

Hi @schrobot ,

Can you please update your SDK version? we are in 1.5x, you are using 1.24.1 which is 5 years old. Let me know if this helps. Thanks, Ran~

Hi Ran, thanks for getting back. I don't own the code that is giving me this error -- I am trying to use https://github.com/awslabs/amazon-ecr-credential-helper and it seemed like the error described above is what's happening. I can file the issue against that repository if they just need to update the SDK version. That said, from reading the latest code in this repo, it seems like it would still be an issue?

Thanks,
Brian

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Mar 9, 2024
@schrobot schrobot mentioned this issue Mar 21, 2024
Open
@wty-Bryant
Copy link
Contributor

Close the issue as the same issue has been solved for v2

@github-actions GitHub Actions
Copy link

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RanVaknin RanVaknin

Labels
bug This issue is a bug. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schrobot @RanVaknin @wty-Bryant