Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doesn't work with sso #43

Open
mohan-kumar-sp opened this issue Aug 18, 2023 · 4 comments
Open

doesn't work with sso #43

mohan-kumar-sp opened this issue Aug 18, 2023 · 4 comments

Comments

@mohan-kumar-sp
Copy link

mohan-kumar-sp commented Aug 18, 2023
edited

We are using SSO in our organisation where hardenks can't find credentials and it fails

hardeneks --region us-east-1 --cluster XXX --context XXXX

                    • HARDENEKS * * * * * * * * * * * *
                      You are operating at us-east-1
                      You context is XXXX
                      Your cluster name is XXXX
                      You are using /opt/homebrew/lib/python3.11/site-packages/hardeneks/config.yaml
                      as your config file

[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
[bold][red]Unable to locate credentials
@dorukozturk
Copy link
Contributor

hi, thank you for creating an issue. I will take a look at it in the next 2 weeks.

@dorukozturk
Copy link
Contributor

hi, so hardeneks uses boto3 and kubernetes python api underneath. In your case boto3 should be able find the credentials using one of the methods below:

Passing credentials as parameters in the boto.client() method

Passing credentials as parameters when creating a Session object

Environment variables

Shared credential file (~/.aws/credentials)

AWS config file (~/.aws/config)

Assume Role provider

Boto2 config file (/etc/boto.cfg and ~/.boto)

Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html. In your case would it be feasible to use one of the above methods?

@wa20221001
Copy link

Hi Doruk ! I think a additional option to consider could be to add --profile to the arguments for selection , like the AWS CLI aws --profile <profile name> ec2 describe-instances. At the moment, the env variables needs to be manually set before executing this project. Happy to work on this sometime.

something like this:

hardeneks --context clustedev --region us-east-1 --cluster mycluster --profile  developerprofile

@dorukozturk
Copy link
Contributor

Hi, I like the idea and it makes a lot of sense. I can review and can even implement this in couple weeks (after reinvent :) )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dorukozturk @mohan-kumar-sp @wa20221001