leapp icon indicating copy to clipboard operation
leapp copied to clipboard

Published 20 hours ago verified publisher icon Noovolari

Leapp Credentials for IAM users are gone after a reboot

Open zackriso opened this issue 2 years ago • 4 comments

Describe the bug I have what I think is a critical issue with the latest Leapp version (0.14.2). I added a new session for an IAM user and a new AWS Role (Chaining Role). Everything worked well with no issues, until I rebooted my system. After rebooting, the new IAM user I created was still there, but not the access key and secret access keys: there were completely gone. Yet the MFA was still present.

The error was "The session does not exist", even though it did, jsut without the AWS access key ID and secret access Key.

Leapp Version 0.14.2

zackriso avatar Aug 31 '22 23:08 zackriso

Cloud you attach log.electronService.log or relevant parts of it to the ticket and details about OS/Distro you are using and what installation source was used? It's good to check that logs to be attached doesn't contain any sensitive data (it shouldn't). Log file location depends on your OS and can be found: https://docs.leapp.cloud/0.14.2/troubleshooting/app-data/#logs-file

ghost avatar Sep 01 '22 07:09 ghost

Hi Sami, please find some additional info here:

  • OS: Linux kali 5.14.0-kali4-amd64 , SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux

  • Installation: dpkg -i Leapp_0.12.2_amd64.deb

- Logs: [2022-08-31 18:43:52.086] [info] [renderer] execute from Leapp info:{ "command": "aws --version", "stdout": "aws-cli/2.5.7 Python/3.9.11 Linux/5.14.0-kali4-amd64 exe/x86_64.kali.2022 prompt/off\n", "stderr": "", "error": null } [2022-08-31 18:43:52.129] [info] [renderer] execute from Leapp info:{ "command": "session-manager-plugin --version", "stdout": "1.2.295.0\n", "stderr": "", "error": null } [2022-08-31 18:43:59.659] [error] [renderer] [ErrorService] Error: Message recipient disconnected from message bus without replying [2022-08-31 18:44:12.813] [info] [renderer] Starting Session [2022-08-31 18:44:18.562] [warn] [renderer] The session does not exist [2022-08-31 18:44:32.282] [error] [renderer] [ErrorService] Error: The session does not exist [2022-08-31 18:44:32.293] [error] [renderer] [ErrorService] Error: The session does not exist [2022-08-31 18:44:45.286] [error] [renderer] [ErrorService] Error: The session does not exist [2022-08-31 18:44:45.300] [error] [renderer] [ErrorService] Error: The session does not exist [2022-08-31 19:24:03.827] [info] [renderer] Closing app with cleaning process... [2022-08-31 21:16:11.670] [info] [renderer] Check existing credential file: false [2022-08-31 21:16:11.723] [info] [renderer] Loaded plugins...

[2022-08-31 21:16:13.039] [info] [renderer] execute from Leapp info:{ "command": "aws --version", "stdout": "aws-cli/2.5.7 Python/3.9.11 Linux/5.14.0-kali4-amd64 exe/x86_64.kali.2022 prompt/off\n", "stderr": "", "error": null } [2022-08-31 21:16:13.075] [info] [renderer] execute from Leapp info:{ "command": "session-manager-plugin --version", "stdout": "1.2.295.0\n", "stderr": "", "error": null } [2022-08-31 21:16:14.831] [error] [renderer] [ErrorService] Error: Name ":1.2" does not exist [2022-08-31 21:17:54.745] [info] [renderer] Closing app with cleaning process...

zackriso avatar Sep 01 '22 15:09 zackriso

Hi @ericvilla can we check the error message together? this look a particular use-case happened here

andreacavagna01 avatar Sep 01 '22 15:09 andreacavagna01

I also deleted the IAM user session, but it deleted the IAM Role session as well on its own.

zackriso avatar Sep 01 '22 16:09 zackriso

Can we mark this as solved now?

andreacavagna01 avatar Nov 03 '22 16:11 andreacavagna01

Hi @zackriso! We're investigating this issue; we're not able to reproduce the error that is logged in your ~/.config/Leapp/logs/log.electronService.log file.

I'm going to share with some of the tests that we made on a local Ubuntu 20.04 virtual machine.

First test

Steps:

  • we created the IAM User from the Desktop App;
  • we created a IAM Role Chained session from the previous one;
  • we deleted IAM User-related secrets from the keychain (access_key_id and secret_access_key);
  • we started the IAM Role Chained Session.

It returned an error that is different from the one that you've reported.

Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

Second test

Steps:

  • as the Ubuntu 'default' user, we created the IAM User Session from the Desktop App;
  • as the Ubuntu 'root' user, we tried to start the Desktop App.

The second step returns the following error:

FATAL:electron_main_delegate.cc(299)] Running as root without --no-sandbox is not supported

... meaning it is not possible to run the application as a root user.

Third test

Steps:

  • we created a IAM User from the Desktop App as the Ubuntu 'default' user;
  • we created a new user;
  • we tried start the previously created IAM User session with the new user.

The third step returned the following error:

Missing X server or $DISPLAY

It seems we need to add an additional configuration to make Leapp Desktop App runnable as the new user. We didn't go further in this direction as - in our opinion - it is not related to the reported issue.

  • Have you created the IAM User session with a specific user an started it with another one?
  • Have you installed the packages described in the prerequisites section of the docs?

sudo apt-get install gnome-keyring sudo apt-get install libsecret-1-dev

  • Have you already solved this issue? In this case, may you share the solution?

ericvilla avatar Feb 02 '23 11:02 ericvilla