Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authentication still fails when using a credential_process and source_profile

See original GitHub issue

Describe the bug

I get an error when trying to use a credential_process in conjunction with a source_profile.

To Reproduce

I have a config file (~/.aws/config) that is equivalent to

[profile base-profile]
credential_process = some-process

[profile child]
region            = eu-west-1
role_arn          = arn:aws:iam::123456789:role/some-role
source_profile    = base-profile
role_session_name = something

and no credentials file. This works fine with the CLI, python SDK etc. but when I try and select the child profile for use with the toolkit I get an error. The logs read

2021-04-16 09:22:04 [ERROR]: Error trying to connect to AWS with Credentials Provider profile:child. Toolkit will now disconnect from AWS. [Error [CredentialsError]: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
	at constructor.load (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:6028)
	at constructor.coalesceRefresh (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:26701)
	at constructor.refresh (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:6223)
	at constructor.get (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:26529)
	at f (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1638:27945)
	at constructor.getCredentials (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1638:28226)
	at constructor.<anonymous> (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1638:30721)
	at constructor.callListeners (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:24989)
	at constructor.emit (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:24739)
	at constructor.emitEvent (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1639:10845)
	at constructor.N (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1639:6431)
	at u.runTo (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1639:12683)
	at constructor.runTo (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1639:8122)
	at constructor.send (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1639:8015)
	at r.constructor.r.constructor.makeRequest (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1638:17058)
	at r.constructor.r.constructor.e.authtype.d.<computed> [as assumeRole] (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1638:23928)
	at constructor.loadRoleProfile (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:7497)
	at constructor.load (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:5604)
	at constructor.coalesceRefresh (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:26701)
	at constructor.refresh (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:6223)
	at constructor.get (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:26529)
	at new constructor (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1649:5199)
	at /home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2204:3416
	at f (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:27709)
	at constructor.resolve (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:1438:27806)
	at /home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:364:15558
	at new Promise (<anonymous>)
	at constructor.resolvePromise (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:364:15498)
	at Sd.getCredentials (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2204:1797)
	at Wk.setCredentials (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2622:587)
	at Wk.upsertCredentials (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2622:449)
	at async Mv.login (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2216:327)
	at async K_.onCommandLogin (/home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2526:310)
	at async /home/michael.aldridge/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-1.23.0/dist/extension.js:2934:1140
	at async S._executeContributedCommand (/usr/share/code/resources/app/out/vs/workbench/services/extensions/node/extensionHostProcess.js:86:106762)] {
  code: 'CredentialsError',
  time: 2021-04-16T08:22:04.774Z,
  originalError: {
    message: 'Could not load credentials from constructor',
    code: 'CredentialsError',
    time: 2021-04-16T08:22:04.774Z,
    originalError: {
      message: 'Credentials not set for profile base-profile',
      code: 'SharedIniFileCredentialsProviderFailure',
      time: 2021-04-16T08:22:04.774Z
    }
  }
}

Expected behavior

Authentication to succeed.

Desktop (please complete the following information):

  • OS: Linux x64 5.4.0-70-generic
  • Visual Studio Code Extension Host Version: 1.55.0
  • AWS Toolkit Version: 1.23.0

Additional context

This issue is very similar to https://github.com/aws/aws-toolkit-vscode/issues/1541 that was addressed in 1.23.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:3
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
michael-plutoflumecommented, May 28, 2021

@michael-plutoflume @DanyC97 We’ve been working on a partial migration to SDK v3 that should fix various combinations of source_profile and profile types.

To confirm the fix works as intended, it would be helpful if one of you can try out the pre-release build:

  1. Download and extract buildArtifacts.zip
  2. From the VSCode command list (ctrl-shift-p or cmd-shift-p) run Extensions: Install from VSIX… to install the *.vsix file.
  3. Reload VSCode and verify that the Toolkit has version 1.26 (not the release version 1.25).

Hi @JadenSimon just gave this a test and it seems to be working. 🎉

1reaction
v-aucommented, Jun 25, 2021

Works here as well.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshoot WorkSpace authentication issues when using ...
When I try to log in using the Amazon WorkSpaces client, I see error messages similar to the following: "Authentication Failed: Please check ......
Read more >
altool fails with "The auth server returned a bad status code"
Hi All, Trying to validate some altool credentials, produces this error message. "Failed to get authorization for username '<username/>' and password with ......
Read more >
GitHub Error: Authentication Failed from the Command Line
Command line authentication requires a personal access token. Go to Settings: Then Developer Settings: Then Personal access tokens:
Read more >
http authentication fails when setting up Preferred Server
I have set it up with anonymous authentication. leaving the IUSR as specific ... server and granted me access, but still get the...
Read more >
Terraform: can't authenticate to aws provider using shared ...
Error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Should not send log files to $HOME/.config/Code

Next page

MFA serial in credentials is being ignored