Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exception thrown on new AWS.SSOTokenProvider() #4435

Open
scott-irwin opened this issue May 31, 2023 · 1 comment
Open

exception thrown on new AWS.SSOTokenProvider() #4435

scott-irwin opened this issue May 31, 2023 · 1 comment
Assignees
@RanVaknin
Labels
bug This issue is a bug. p2 This is a standard priority issue workaround-available

Comments

@scott-irwin
Copy link

scott-irwin commented May 31, 2023
edited by RanVaknin

Describe the bug

I have a working sso token verified using 'aws s3 ls --profile prod'.

Configured using aws configure sso.

I'm attempting to get the credentials for building other AWS services.

However, the following exception is thrown 'ReferenceError: profileName is not defined'

credentials = null;
       try {
           console.log(`try the call`);
           credentials = new AWS.SSOTokenProvider({profile: 'prod'}, (err) => {
               console.log(`load error was ${err}`);
           }); 
           console.log(`got creds ${JSON.stringify(credentials, null, 3)}`);
       } catch (e) {
           console.log(`call error was ${e}`);         <<<<<<----- Exception is caught here and 'e' is message shown above.
       }

Expected Behavior

the call returns the credentials associated with the current sso token.

that credential object can be passed to create other AWS classes.

for e.g.,

return new AWS.QuickSight({ apiVersion: '2018-04-01', region: region, credentials: creds });

Current Behavior

exception is thrown on new. Showing the error the following text is printed.

'ReferenceError: profileName is not defined'

Reproduction Steps

configure an aws sso token in your local environment.

credentials = null;
      try {
          console.log(`try the call`);
          credentials = new AWS.SSOTokenProvider({profile: 'prod'}, (err) => {
              console.log(`load error was ${err}`);
          }); 
          console.log(`got creds ${JSON.stringify(credentials, null, 3)}`);
      } catch (e) {
          console.log(`call error was ${e}`);         <<<<<<----- Exception is caught here and 'e' is message shown above.
      }

Possible Solution

No response

Additional Information/Context

No response

SDK version used

"aws-sdk": "^2.1387.0"

Environment details (OS name and version, etc.)

windows 10 Version 10.0.19045 Build 19045
@scott-irwin scott-irwin added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 31, 2023
@RanVaknin RanVaknin self-assigned this May 31, 2023
@RanVaknin RanVaknin added the p2 This is a standard priority issue label Jul 3, 2023
@RanVaknin RanVaknin added response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Aug 22, 2023
@RanVaknin
Copy link
Contributor

Hi @scott-irwin ,

Sorry for the long wait. I'm able to confirm that this is a bug.
I believe this is the offending line:

aws-sdk-js/lib/token/sso_token_provider.js

Line 125 in 9557694

new Error('Profile "' + profileName + '" is missing required property "sso_session".'),

profileName here is undefined. It should this.profile.

Additionally, there is a lot of references to sso-session which should not be required.

Reproduction steps:

config file:

[default]
output = json
region = us-east-1

[profile my-sso]
sso_region = us-east-1
sso_start_url = https://d-REDACTED.awsapps.com/start
sso_registration_scopes = sso:account:access
sso_account_id = REDACTED
sso_role_name = s3FullAccess

Using JS SDK v3 works as expected ✅ :

const { S3Client, ListBucketsCommand } = require("@aws-sdk/client-s3");
const { fromIni } = require("@aws-sdk/credential-providers")
const client = new S3Client({ 
  region: 'us-east-1',
  credentials: fromIni({
    profile: "my-sso"
  })
});

const command = new ListBucketsCommand({});

client.send(command)
    .then(response => {
        console.log(response)
    })
    .catch(error => {
        console.error('Error:', error);
    });

Go SDK v2 works as expected ✅ :

package main

import (
	"context"
	"fmt"
	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/s3"
	"log"
)

func main() {
	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-east-1"), config.WithClientLogMode(aws.LogResponseWithBody), config.WithSharedConfigProfile("my-sso"))
	if err != nil {
		log.Fatalf("unable to load SDK config, %v", err)
	}

	client := s3.NewFromConfig(cfg)

	out, err := client.ListBuckets(context.TODO(), &s3.ListBucketsInput{})
	if err != nil {
		panic(err)
	}

	fmt.Println(len(out.Buckets))
}

SDK v2's SSOTokenProvider is not working correctly ❌ :

const AWS = require("aws-sdk")

const s3 = new AWS.S3({
    credentialProvider: new AWS.SSOTokenProvider({
        profile: "my-sso"
    })
})

s3.listBuckets({}, (err, data)=>{
    if(err){
        console.log(err)
    }else {
        console.log(data)
    }
})

Will result in:

ReferenceError: profileName is not defined
    at SSOTokenProvider.load (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:125:33)
    at SSOTokenProvider.coalesceRefresh (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token.js:178:12)
    at SSOTokenProvider.refresh (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:243:10)
    at SSOTokenProvider.get (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token.js:97:12)
    at new SSOTokenProvider (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:99:10)
    at Object.<anonymous> (/Users/rvaknin/test_folder/5086/v2sample.js:6:25)
    at Module._compile (node:internal/modules/cjs/loader:1275:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1329:10)
    at Module.load (node:internal/modules/cjs/loader:1133:32)
    at Module._load (node:internal/modules/cjs/loader:972:12)

and even after the fix with this.profile we still get sso session requirements:

SSOTokenProviderFailure: Sso session "undefined" not found
    at SSOTokenProvider.load (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:132:9)
    at SSOTokenProvider.coalesceRefresh (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token.js:178:12)
    at SSOTokenProvider.refresh (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:239:10)
    at SSOTokenProvider.get (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token.js:97:12)
    at new SSOTokenProvider (/Users/rvaknin/test_folder/5086/node_modules/aws-sdk/lib/token/sso_token_provider.js:99:10)
    at Object.<anonymous> (/Users/rvaknin/test_folder/5086/v2sample.js:6:25)
    at Module._compile (node:internal/modules/cjs/loader:1275:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1329:10)
    at Module.load (node:internal/modules/cjs/loader:1133:32)
    at Module._load (node:internal/modules/cjs/loader:972:12) {
  code: 'SSOTokenProviderFailure',
  time: 2023-08-22T22:54:33.988Z
}

The workaround is to remove the SSOTokenProvider from the code, and instead configure the sso profile via environment variables:

AWS_REGION=us-east-1 AWS_SDK_LOAD_CONFIG=1 AWS_PROFILE=my-sso node v2sample.js

I will discuss this with the team and see if we can fix this.

Thanks again,
Ran~

@RanVaknin RanVaknin added workaround-available p2 This is a standard priority issue and removed response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. p2 This is a standard priority issue labels Aug 22, 2023
@siddsriv siddsriv mentioned this issue Aug 24, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RanVaknin RanVaknin

Labels
bug This issue is a bug. p2 This is a standard priority issue workaround-available
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RanVaknin @scott-irwin