awslogs icon indicating copy to clipboard operation
awslogs copied to clipboard

Published 20 hours ago verified publisher icon jorgebastida

running awslogs under working sso profile

Open doronwix opened this issue 2 years ago • 9 comments

when running awslogs with sso profile awslogs groups --profile [valid_profile-with _relevant_permissions]

we get this error: Version: 0.14.0 Python: 3.11.1 (main, Dec 23 2022, 09:28:24) [Clang 14.0.0 (clang-1400.0.29.202)] boto3 version: 1.26.4 Platform: macOS-13.0.1-arm64-arm-64bit Args: ['/opt/homebrew/bin/awslogs', 'groups', '--profile', 'Policy-Developer-NGLZ-202490905579'] Config: {'aws_access_key_id': 'SENSITIVE', 'aws_secret_access_key': 'SENSITIVE', 'aws_session_token': 'SENSITIVE', 'aws_profile': 'SENSITIVE', 'aws_region': None, 'aws_endpoint_url': None, 'log_group_prefix': None, 'func': 'list_groups'}

Traceback (most recent call last): File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/awslogs/bin.py", line 175, in main logs = AWSLogs(**vars(options)) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/awslogs/core.py", line 89, in init self.client = boto3_client( ^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/awslogs/core.py", line 44, in boto3_client return session.client( ^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/boto3/session.py", line 299, in client return self._session.create_client( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/botocore/session.py", line 951, in create_client credentials = self.get_credentials() ^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/botocore/session.py", line 509, in get_credentials ).load_credentials() ^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/botocore/credentials.py", line 2095, in load_credentials creds = provider.load() ^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/botocore/credentials.py", line 2249, in load sso_config = self._load_sso_config() ^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.11/site-packages/botocore/credentials.py", line 2239, in _load_sso_config raise InvalidConfigError( botocore.exceptions.InvalidConfigError: The profile "Policy-Developer-NGLZ-202490905579" is configured to use SSO but is missing required configuration: sso_start_url, sso_region

doronwix avatar Jan 24 '23 14:01 doronwix

I just got this same issue today. The profile works with the aws command

jmrodri avatar Jan 31 '23 21:01 jmrodri 

$ awslogs get /aws/ecs/update_brands ALL --start='23/1/2023 12:00' --end='31/1/2023' --profile Profile-1234


You've found a bug! Please, raise an issue attaching the following traceback
https://github.com/jorgebastida/awslogs/issues/new

Version:       0.14.0
Python:        3.10.9 (main, Dec 19 2022, 17:35:49) [GCC 12.2.0]
boto3 version: 1.24.96
Platform:      Linux-6.1.8-arch1-1-x86_64-with-glibc2.36
Args:          ['/usr/bin/awslogs', 'get', '/aws/ecs/update_brands', 'ALL', '--start=23/1/2023 12:00', '--end=31/1/2023', '--profile', 'Profile-1234']
Config: {'aws_access_key_id': 'SENSITIVE', 'aws_secret_access_key': 'SENSITIVE', 'aws_session_token': 'SENSITIVE', 'aws_profile': 'SENSITIVE', 'aws_region': None, 'aws_endpoint_url': None, 'log_group_name': '/aws/ecs/update_brands', 'log_stream_name': 'ALL', 'filter_pattern': None, 'watch': False, 'watch_interval': 1, 'output_group_enabled': True, 'output_stream_enabled': True, 'output_timestamp_enabled': False, 'output_ingestion_time_enabled': False, 'start': '23/1/2023 12:00', 'end': '31/1/2023', 'color': 'auto', 'query': None, 'func': 'list_logs'}

Traceback (most recent call last):
  File "/usr/lib/python3.10/site-packages/awslogs/bin.py", line 175, in main
    logs = AWSLogs(**vars(options))
  File "/usr/lib/python3.10/site-packages/awslogs/core.py", line 89, in __init__
    self.client = boto3_client(
  File "/usr/lib/python3.10/site-packages/awslogs/core.py", line 44, in boto3_client
    return session.client(
  File "/usr/lib/python3.10/site-packages/boto3/session.py", line 299, in client
    return self._session.create_client(
  File "/usr/lib/python3.10/site-packages/botocore/session.py", line 951, in create_client
    credentials = self.get_credentials()
  File "/usr/lib/python3.10/site-packages/botocore/session.py", line 509, in get_credentials
    ).load_credentials()
  File "/usr/lib/python3.10/site-packages/botocore/credentials.py", line 2095, in load_credentials
    creds = provider.load()
  File "/usr/lib/python3.10/site-packages/botocore/credentials.py", line 2249, in load
    sso_config = self._load_sso_config()
  File "/usr/lib/python3.10/site-packages/botocore/credentials.py", line 2239, in _load_sso_config
    raise InvalidConfigError(
botocore.exceptions.InvalidConfigError: The profile "Profile-1234" is configured to use SSO but is missing required configuration: sso_start_url, sso_region

jmrodri avatar Jan 31 '23 21:01 jmrodri

For those using Homebrew, brew upgrade awslogs should get you a version that works with SSO profiles. If it still installs version 0.14.0_3, try HOMEBREW_NO_INSTALL_FROM_API=1 brew upgrade awslogs

tvalenta avatar Feb 17 '23 20:02 tvalenta

For those using Homebrew, brew upgrade awslogs should get you a version that works with SSO profiles. If it still installs version 0.14.0_3, try HOMEBREW_NO_INSTALL_FROM_API=1 brew upgrade awslogs

I'm using Homebrew and running 0.14.0_4 but it still doesn't with with SSO profiles with my current setup :(

dserodio avatar Mar 06 '23 22:03 dserodio

I'm using Homebrew and running 0.14.0_4 but it still doesn't with with SSO profiles with my current setup :(

I'm sure there's a much cleaner way to do this, but what version of boto do you get via $(brew list -v awslogs|grep bin/pip3$) list? I get the following:

 $(brew list -v awslogs|grep bin/pip3$) list
WARNING: Skipping /opt/homebrew/lib/python3.11/site-packages/docutils-0.19-py3.11.egg-info due to invalid metadata entry 'name'
Package         Version
--------------- -------
awslogs         0.14.0
boto3           1.26.73
botocore        1.29.73
gpg             1.18.0
jmespath        0.10.0
meson           1.0.1
numpy           1.24.2
Pillow          9.4.0
pip             22.3.1
protobuf        4.21.12
python-dateutil 2.8.2
PyYAML          6.0
s3transfer      0.6.0
setuptools      65.6.3
six             1.16.0
termcolor       2.2.0
urllib3         1.26.14
wheel           0.38.4

tvalenta avatar Mar 06 '23 23:03 tvalenta

@tvalenta I get this:

Package         Version
--------------- -------
awslogs         0.14.0
black           23.1.0
boto3           1.26.73
botocore        1.29.73
click           8.1.3
docutils        0.19
jmespath        0.10.0
mypy-extensions 0.4.3
packaging       23.0
pathspec        0.11.0
pip             22.3.1
platformdirs    2.6.2
python-dateutil 2.8.2
PyYAML          6.0
s3transfer      0.6.0
setuptools      65.6.3
six             1.16.0
termcolor       2.2.0
urllib3         1.26.14
wheel           0.38.4

[notice] A new release of pip available: 22.3.1 -> 23.0.1
[notice] To update, run: python3.11 -m pip install --upgrade pip

dserodio avatar Mar 07 '23 13:03 dserodio

@dserodio Do you get any traceback error or other message indicating where it fails? I don't see the black module being referenced anywhere in the source, and version 0.4.4 of mypy-extensions came out early Feb 2023. Any idea what might have caused those older packages to have been installed?

tvalenta avatar Mar 07 '23 16:03 tvalenta

@tvalenta I installed black manually (via pip) because I use Python for writing scripts. I will try to remove everything and reinstall it from scratch, and report it back. Thank you so much for your help.

dserodio avatar Mar 08 '23 13:03 dserodio