Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting an error that I wasn't before (and --save-failure-html doesn't seem to output anything) #222

Open
roboweaver opened this issue Feb 13, 2021 · 3 comments
Open

Getting an error that I wasn't before (and --save-failure-html doesn't seem to output anything) #222

roboweaver opened this issue Feb 13, 2021 · 3 comments

Comments

@roboweaver
Copy link

roboweaver commented Feb 13, 2021
edited

I did have this working before without a problem, but I had to do a pip install --upgrade and now I'm getting an error after I put in my MFA

Robs-Mac-Pro:~ robweaver$ aws-google-auth -V
aws-google-auth 0.0.37

Failure with profile (seems like it's not getting the STS:

Robs-Mac-Pro:~ robweaver$ aws-google-auth -I xxxxxx -S xxxxxx -R us-west-1 -u rob@xxxxxxxx.com -d 28800 --resolve-aliases --save-failure-html -p omnis-admin
Google Password: 
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lRIefBolhDTxe12t5QxpurdO3UmC-B_hOetkXzI9_yxH5knhaUnoixwblWNV0p7b1u85IwRMbNryJ9h35y3InLySiVAb9qRPj8IjN1ka-BdlQXmzxwg_Wdq0SAbzlYeBqN38iuDxc3OZnt_4NDn777Z5-zi8g
Captcha (case insensitive): ressidyn
MFA token: 215314
Exception in thread Thread-1:
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
Traceback (most recent call last):
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
Exception in thread Thread-3:
Traceback (most recent call last):
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 950, in _bootstrap_inner
    self.run()
    self.run()
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
    self.run()
  File "/usr/local/Cellar/python@3.9/3.9.0_5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 888, in run
    self._target(*self._args, **self._kwargs)
    self._target(*self._args, **self._kwargs)
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 125, in resolve_aws_alias
    sts = session.client('sts')
    sts = session.client('sts')
    sts = session.client('sts')
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
    return self._session.create_client(
    return self._session.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
    return self._session.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
    credentials = self.get_credentials()
    credentials = self.get_credentials()
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
    credentials = self.get_credentials()
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
    self._credentials = self._components.get_component(
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
    self._credentials = self._components.get_component(
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
    self._credentials = self._components.get_component(
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
    creds = provider.load()
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
    creds = provider.load()
    creds = provider.load()
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
    return self._load_creds_via_assume_role(self._profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
    return self._load_creds_via_assume_role(self._profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
    role_config = self._get_role_config(profile_name)
    return self._load_creds_via_assume_role(self._profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
    role_config = self._get_role_config(profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
    raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
    role_config = self._get_role_config(profile_name)
    raise PartialCredentialsError(
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
    raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
[  1] arn:aws:iam::999999999999:role/omnis-dnsonly
[  2] arn:aws:iam::999999999999:role/omnis-readonly
[  3] arn:aws:iam::999999999999:role/omnis-admin
Type the number (1 - 3) of the role to assume: 3
Assuming arn:aws:iam::999999999999:role/omnis-admin
ERROR:root:Partial credentials found in assume-role, missing: source_profile or credential_source
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 79, in cli
    process_auth(args, config)
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/__init__.py", line 279, in process_auth
    print("Credentials Expiration: " + format(amazon_client.expiration.astimezone(get_localzone())))
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 64, in expiration
    return self.token['Credentials']['Expiration']
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 44, in token
    self.__token = self.assume_role(self.config.role_arn,
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 117, in assume_role
    res = self.sts_client.assume_role_with_saml(**sts_call_vars)
  File "/usr/local/lib/python3.9/site-packages/aws_google_auth/amazon.py", line 30, in sts_client
    client = boto3.client('sts', region_name=self.config.region)
  File "/usr/local/lib/python3.9/site-packages/boto3/__init__.py", line 93, in client
    return _get_default_session().client(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/boto3/session.py", line 258, in client
    return self._session.create_client(
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 826, in create_client
    credentials = self.get_credentials()
  File "/usr/local/lib/python3.9/site-packages/botocore/session.py", line 430, in get_credentials
    self._credentials = self._components.get_component(
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1969, in load_credentials
    creds = provider.load()
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1402, in load
    return self._load_creds_via_assume_role(self._profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1415, in _load_creds_via_assume_role
    role_config = self._get_role_config(profile_name)
  File "/usr/local/lib/python3.9/site-packages/botocore/credentials.py", line 1496, in _get_role_config
    raise PartialCredentialsError(
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
@roboweaver
Copy link
Author

roboweaver commented Feb 13, 2021
edited

My sts profile in ~/.aws/config is unchanged:

[profile sts]
region = us-west-1
google_config.ask_role = False
google_config.keyring = False
google_config.duration = 28800
google_config.google_idp_id = xxxxxxxxx
google_config.role_arn = arn:aws:iam::999999999:role/omnis-admin
google_config.google_sp_id = 999999999
google_config.u2f_disabled = False
google_config.google_username = rob@xxxxxxxx.com
google_config.bg_response = None

@roboweaver
Copy link
Author

And it did work before:

Robs-Mac-Pro:~ robweaver$ aws-google-auth -I xxxxxxx -S 999999999 -R us-west-1 -u rob@omnistools.com  -d 28800 --resolve-aliases
Google Password: 
Please visit the following URL to view your CAPTCHA: https://accounts.google.com/Captcha?v=2&ctoken=AAWk9lT2i6t0P0Dr08UIOrJOhYc1ql9lluittnpSnV1_ocJHqtcb-ib1eJOqG8-QXMU2tbOIuNIl9lVXACeuQyVBO6YS0_CY2F4aePuOdttDY0KWCjjm8qxvvG3djf0rPJM93OEGjfFfJF6wyQO7f9pJLv33MewiB3uF_f1Z4pSmUkOP98gmFdw
Captcha (case insensitive): methomanci
Choose MFA method from available:
2: TOTP (Google Authenticator)
3: SMS
Enter MFA choice number (3): 3
MFA Type Chosen: SMS
Enter SMS token: G-960265
Assuming arn:aws:iam::999999999:role/omnis-admin
Credentials Expiration: 2020-06-27 23:17:46-06:00
Robs-Mac-Pro:~ robweaver$ aws s3 ls --profile omnistools-dev
2018-07-23 08:39:01 cf-templates-1pwmegltsagqa-us-west-1
2019-02-15 22:58:48 omnis-cloudformation-dev
2019-07-14 11:15:57 omnis-dev-backup
2018-04-29 09:24:05 omnistools-ci-backup
2019-02-17 14:07:26 omnistools-dev-codedeploy
2019-05-11 21:19:13 omnistools-dev-jenkins-backup
2019-02-17 14:57:57 omnistools-dev-updraftplus

@stevemac007
Copy link
Contributor

Looks like an error injected with the 0.0.37 release - I'll need to dig in and see why.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevemac007 @roboweaver