granted icon indicating copy to clipboard operation
granted copied to clipboard

Published 20 hours ago verified publisher icon common-fate

Granted not working with `secret-service` backend on EC2 instances

Open chrnorm opened this issue 2 years ago • 1 comments

Reported via our community Slack:

cquinn@armbox:~$ assume --verbose -c shitposting
DEBUG: starting update check
2022/09/13 19:09:47 [keyring] Considering backends: [secret-service kwallet keyctl pass file]
2022/09/13 19:09:47 [keyring] Failed backend secret-service: The name org.freedesktop.secrets was not provided by any .service files
2022/09/13 19:09:47 [keyring] Failed backend kwallet: The name org.kde.kwalletd5 was not provided by any .service files
2022/09/13 19:09:47 [keyring] Failed backend keyctl: accessing "" keyring failed: unknown scope ""
2022/09/13 19:09:47 [keyring] Failed backend pass: The pass program is not available
? Enter passphrase to unlock "/home/cquinn/.granted/cred-store" ********
DEBUG: Partition is detected as aws for region us-west-2...
cquinn@armbox:~$ 

cquinn@armbox:~$ granted settings
SETTING               	VALUE                      
logging verbosity     	INFO                      	

update-checker-api-url	update.api.granted.dev:443	

ExportCredentialSuffix	                          	

DefaultBrowser        	STDOUT                    	

CustomBrowserPath     	                          	

CustomSSOBrowserPath  	                          	

LastCheckForUpdates   	Tuesday                   	

Keyring               	<nil>                     	

Ordering

chrnorm avatar Sep 14 '22 10:09 chrnorm

Working through some testing here, as we suspect https://github.com/common-fate/granted/commit/da54a021e4cf790c62954a0196e20f39d119dc44 may be the commit which broke things.

Amazon Linux - ARM

amzn2-ami-kernel-5.10-hvm-2.0.20220805.0-arm64-gp2

v0.2.9

No keychain settings in config

[ec2-user@ip-10-0-11-47 ~]$ cat ~/.granted/config
DefaultBrowser = "FIREFOX_STDOUT"
CustomBrowserPath = ""
CustomSSOBrowserPath = ""
LastCheckForUpdates = 3
Ordering = ""
ExportCredentialSuffix = ""

[ec2-user@ip-10-0-11-47 ~]$ assume --verbose demo-sandbox1
2022/09/21 11:42:52 [keyring] Considering backends: [keyctl pass file]
2022/09/21 11:42:52 [keyring] Failed backend keyctl: accessing "" keyring failed: unknown scope ""
2022/09/21 11:42:52 [keyring] Failed backend pass: The pass program is not available
DEBUG: GetValidCachedToken: The specified item could not be found in the keyring
DEBUG: starting update check
If browser is not opened automatically, please open link:
https://device.sso.ap-southeast-2.amazonaws.com/?user_code=RRWB-VVXZ
DEBUG: exec: "xdg-open,x-www-browser,www-browser": executable file not found in $PATH
Awaiting authentication in the browser...
2022/09/21 11:43:17 [keyring] Considering backends: [keyctl pass file]
2022/09/21 11:43:17 [keyring] Failed backend keyctl: accessing "" keyring failed: unknown scope ""
2022/09/21 11:43:17 [keyring] Failed backend pass: The pass program is not available

with ‘file’ keyring backend

[ec2-user@ip-10-0-11-47 ~]$ cat ~/.granted/config
DefaultBrowser = "FIREFOX_STDOUT"
CustomBrowserPath = ""
CustomSSOBrowserPath = ""
LastCheckForUpdates = 3
Ordering = ""
ExportCredentialSuffix = ""
[Keyring]
  Backend = "file"
[ec2-user@ip-10-0-11-47 ~]$ assume --verbose demo-sandbox1
2022/09/21 11:50:30 [keyring] Considering backends: [file]
? Enter passphrase to unlock "/home/ec2-user/.granted/cred-store" DEBUG: starting update check

[demo-sandbox1](ap-southeast-2) session credentials will expire 2022-09-21 12:50:33 +0000 UTC

v0.1.12

curl -OL releases.commonfate.io/granted/v0.1.12/granted_0.1.12_linux_arm64.tar.gz
sudo tar -zxvf ./granted_0.1.12_linux_arm64.tar.gz -C /usr/local/bin/

with no keychain settings in config

[ec2-user@ip-10-0-11-47 ~]$ cat ~/.granted/config
DefaultBrowser = "FIREFOX_STDOUT"
CustomBrowserPath = ""
LastCheckForUpdates = 0
[ec2-user@ip-10-0-11-47 ~]$ assume --verbose demo-sandbox1
2022/09/21 11:55:46 [keyring] Considering backends: [keyctl pass file]
2022/09/21 11:55:46 [keyring] Failed backend keyctl: accessing "" keyring failed: unknown scope ""
2022/09/21 11:55:46 [keyring] Failed backend pass: The pass program is not available
? Enter passphrase to unlock "/home/ec2-user/.granted/cred-store" DEBUG: starting update check
DEBUG: connecting to update checker
                                                                  DEBUG: connected to update checker

[demo-sandbox1](ap-southeast-2) session credentials will expire 2022-09-21 12:55:51 +0000 UTC

with ‘file’ keyring backend

[ec2-user@ip-10-0-11-47 ~]$ cat ~/.granted/config
DefaultBrowser = "FIREFOX_STDOUT"
CustomBrowserPath = ""
CustomSSOBrowserPath = ""
LastCheckForUpdates = 3
Ordering = ""
ExportCredentialSuffix = ""
[Keyring]
  Backend = "file"

[ec2-user@ip-10-0-11-47 ~]$ assume --verbose demo-sandbox1
2022/09/21 11:54:32 [keyring] Considering backends: [file]
? Enter passphrase to unlock "/home/ec2-user/.granted/cred-store" DEBUG: starting update check

[demo-sandbox1](ap-southeast-2) session credentials will expire 2022-09-21 12:54:34 +0000 UTC

chrnorm avatar Sep 21 '22 12:09 chrnorm