SSO parameters are not loaded from credentials file #1749

timterle · 2022-07-01T07:34:10Z

Describe the bug

Loading config fails in v2 if SSO parameters are in credentials file

Expected Behavior

The library should use the sso parameters from credentials file. This works in sdk v1 and with aws cli.

Current Behavior

Loading the config gives this error:
failed to load assume role arn:aws:iam::accountA:role/roleB, of profile login, <nil>

Reproduction Steps

Configuration

These are the config files used

~/.aws/config

[profile login]
aws_account_id = <aws-account-id>

[profile accountA-roleB]
role_arn = arn:aws:iam::accountA:role/roleB
source_profile = login

~/.aws/credentials

[login]
sso_start_url = <sso-start-url>
sso_region = <sso-region>
sso_account_id = <sso-account-id>
sso_role_name = <sso-role-name>

Code

func main() {
	_, err := config.LoadDefaultConfig(context.TODO(), config.WithSharedConfigProfile("accountA-roleB"))
	if err != nil {
		log.Fatalf("failed to load AWS SDK configuration, %v", err)
	}
}

The code above results in this error

failed to load assume role arn:aws:iam::accountA:role/roleB, of profile login, <nil>

This code doing the same thing with v1 of aws-sdk-go works fine

func main() {
	opts := session.Options{
		Profile:           "accountA-roleB",
		SharedConfigState: session.SharedConfigEnable,
	}
	_, err := session.NewSessionWithOptions(opts)
	if err != nil {
		log.Fatalf("failed to load AWS SDK configuration, %v", err)
	}
}

Possible Solution

No response

Additional Information/Context

If SSO parameters are moved from credentials file to config file aws-sdk-go v2 works fine, but documentation say they can be in credentials file as well. And it works in v1 and when using the aws cli.

AWS Go SDK V2 Module Versions Used

github.com/aws/aws-sdk-go-v2 v1.16.5
github.com/aws/aws-sdk-go-v2/config v1.15.11

Compiler and Version used

go version go1.18.1 darwin/arm64

Operating System and version

MacOS 12.4

The text was updated successfully, but these errors were encountered:

RanVaknin · 2022-07-11T16:35:43Z

Hi @timterle ,

Thanks for bringing this to my attention. We are working on a fix and will patch the issue soon. I will keep you posted.

github-actions · 2022-08-09T18:57:21Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

timterle added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 1, 2022

timterle changed the title ~~(short issue description)~~ SSO parameters are not loaded from credentials file Jul 1, 2022

RanVaknin self-assigned this Jul 7, 2022

RanVaknin added pending-release This issue will be fixed by an approved PR that hasn't been released yet. and removed needs-triage This issue or PR still needs to be triaged. labels Jul 11, 2022

skmcgrail mentioned this issue Aug 9, 2022

config: Support SSO and CA Bundle parameters in credentials file #1795

Merged

skmcgrail closed this as completed in #1795 Aug 9, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSO parameters are not loaded from credentials file #1749

SSO parameters are not loaded from credentials file #1749

timterle commented Jul 1, 2022

RanVaknin commented Jul 11, 2022

github-actions bot commented Aug 9, 2022