aws-google-auth
aws-google-auth copied to clipboard
Published
20 hours ago •
cevoaustralia
cevoaustralia
Getting an error that I wasn't before (and --save-failure-html doesn't seem to output anything)
I did have this working before without a problem, but I had to do a pip install --upgrade and now I'm getting an error after I put in my MFA
Robs-Mac-Pro:~ robweaver$ aws-google-auth -V
aws-google-auth 0.0.37
Failure with profile (seems like it's not getting the STS:
Robs-Mac-Pro:~ robweaver$ aws-google-auth -I xxxxxx -S xxxxxx -R us-west-1 -u [email protected] -d 28800 --resolve-aliases --save-failure-html -p omnis-admin
Google Password:
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lRIefBolhDTxe12t5QxpurdO3UmC-B_hOetkXzI9_yxH5knhaUnoixwblWNV0p7b1u85IwRMbNryJ9h35y3InLySiVAb9qRPj8IjN1ka-BdlQXmzxwg_Wdq0SAbzlYeBqN38iuDxc3OZnt_4NDn777Z5-zi8g
Captcha (case insensitive): ressidyn
MFA token: 215314
Exception in thread Thread-1:
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
Exception in thread Thread-3:
Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
self.run()
self.run()
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
self.run()
File "/usr/local/Cellar/[email protected]/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
self._target(*self._args, **self._kwargs)
self._target(*self._args, **self._kwargs)
self._target(*self._args, **self._kwargs)
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
sts = session.client('sts')
sts = session.client('sts')
sts = session.client('sts')
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
return self._session.create_client(
return self._session.create_client(
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
return self._session.create_client(
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
credentials = self.get_credentials()
credentials = self.get_credentials()
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
credentials = self.get_credentials()
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
creds = provider.load()
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
creds = provider.load()
creds = provider.load()
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
return self._load_creds_via_assume_role(self._profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
return self._load_creds_via_assume_role(self._profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
role_config = self._get_role_config(profile_name)
return self._load_creds_via_assume_role(self._profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
role_config = self._get_role_config(profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
role_config = self._get_role_config(profile_name)
raise PartialCredentialsError(
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
[ 1] arn:aws:iam::999999999999:role/omnis-dnsonly
[ 2] arn:aws:iam::999999999999:role/omnis-readonly
[ 3] arn:aws:iam::999999999999:role/omnis-admin
Type the number (1 - 3) of the role to assume: 3
Assuming arn:aws:iam::999999999999:role/omnis-admin
ERROR:root:Partial credentials found in assume-role, missing: source_profile or credential_source
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 79, in cli
process_auth(args, config)
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 279, in process_auth
print("Credentials Expiration: " + format(amazon_client.expiration.astimezone(get_localzone())))
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 64, in expiration
return self.token['Credentials']['Expiration']
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 44, in token
self.__token = self.assume_role(self.config.role_arn,
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 117, in assume_role
res = self.sts_client.assume_role_with_saml(**sts_call_vars)
File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 30, in sts_client
client = boto3.client('sts', region_name=self.config.region)
File "/usr/local/lib/python3.9/site-packages/boto3/__init__.py", line 93, in client
return _get_default_session().client(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
return self._session.create_client(
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
creds = provider.load()
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
return self._load_creds_via_assume_role(self._profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
role_config = self._get_role_config(profile_name)
File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
My sts profile in ~/.aws/config is unchanged:
[profile sts]
region = us-west-1
google_config.ask_role = False
google_config.keyring = False
google_config.duration = 28800
google_config.google_idp_id = xxxxxxxxx
google_config.role_arn = arn:aws:iam::999999999:role/omnis-admin
google_config.google_sp_id = 999999999
google_config.u2f_disabled = False
google_config.google_username = [email protected]
google_config.bg_response = None
And it did work before:
Robs-Mac-Pro:~ robweaver$ aws-google-auth -I xxxxxxx -S 999999999 -R us-west-1 -u [email protected] -d 28800 --resolve-aliases
Google Password:
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lT2i6t0P0Dr08UIOrJOhYc1ql9lluittnpSnV1_ocJHqtcb-ib1eJOqG8-QXMU2tbOIuNIl9lVXACeuQyVBO6YS0_CY2F4aePuOdttDY0KWCjjm8qxvvG3djf0rPJM93OEGjfFfJF6wyQO7f9pJLv33MewiB3uF_f1Z4pSmUkOP98gmFdw
Captcha (case insensitive): methomanci
Choose MFA method from available:
2: TOTP (Google Authenticator)
3: SMS
Enter MFA choice number (3): 3
MFA Type Chosen: SMS
Enter SMS token: G-960265
Assuming arn:aws:iam::999999999:role/omnis-admin
Credentials Expiration: 2020-06-27 23:17:46-06:00
Robs-Mac-Pro:~ robweaver$ aws s3 ls --profile omnistools-dev
2018-07-23 08:39:01 cf-templates-1pwmegltsagqa-us-west-1
2019-02-15 22:58:48 omnis-cloudformation-dev
2019-07-14 11:15:57 omnis-dev-backup
2018-04-29 09:24:05 omnistools-ci-backup
2019-02-17 14:07:26 omnistools-dev-codedeploy
2019-05-11 21:19:13 omnistools-dev-jenkins-backup
2019-02-17 14:57:57 omnistools-dev-updraftplus
Looks like an error injected with the 0.0.37 release - I'll need to dig in and see why.
