-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve cache control #479
Comments
Honestly, this is a bug. Editing the config file to replace the SSO instance makes the cache invalid and it should have been regenerated. I'm glad that you were able to finally debug this, but honestly making people figure out they need to manually delete the cache file is a horrible UX and I'd rather just prevent it completely. |
Sure, that works too. Don't make me think about the cache! :-D Looking forward to the fix. |
I set up a new Identity Center instance in a new management account and created a new aws-sso config file. The config for the When I run $ aws-sso-cli config-profiles --force --level=info
INFO Waiting for SSO authentication...
INFO Refreshing AWS SSO role cache for def, please wait...
FATAL Error running command: Duplicate profile name 'billing' for:
abc: arn:aws:iam::111111111111:role/ReadOnly
def: arn:aws:iam::222222222222:role/AWSAdministratorAccess Again, I solve the error by deleting the global user cache file. After that, I don't notice any problems when using the profiles via the stock CLI. Is this another symptom of the same bug? |
Deleting or renaming an SSO instance in the config.yaml would result in those roles being left in the cache.json which would likely lead to conflicts when generating ~/.aws/config We now prune any oudated SSO instances from the cache when they are removed from the config.yaml Fixes: #479
Deleting or renaming an SSO instance in the config.yaml would result in those roles being left in the cache.json which would likely lead to conflicts when generating ~/.aws/config We now prune any oudated SSO instances from the cache when they are removed from the config.yaml Fixes: #479
Deleting or renaming an SSO instance in the config.yaml would result in those roles being left in the cache.json which would likely lead to conflicts when generating ~/.aws/config We now prune any oudated SSO instances from the cache when they are removed from the config.yaml Fixes: #479
Deleting or renaming an SSO instance in the config.yaml would result in those roles being left in the cache.json which would likely lead to conflicts when generating ~/.aws/config We now prune any oudated SSO instances from the cache when they are removed from the config.yaml Fixes: #479
It would be great if the
flush
help looked something like this:At least the location of the cache should be documented, if not also configurable using the
AWS_SSO_CACHE
environment variable.It would have helped me avoid some confusion and investigation today.
I learned to set up aws-sso-cli to generate profiles for the stock AWS CLI. It's such a great feature, and I think it's going to really improve my experience of working with multiple accounts via SSO.
But the cache made the setup tricky.
The first time I ran the
config-profiles
command, I got an error about a duplicate profile name.This didn't make sense to me because my configuration didn't have
DefaultSSO
. It did initially, but then I renamed it toabc
for the sake of naming the Firefox container.I tried the
flush
command to clear the cache, but it didn't change the behavior of theconfig-profiles
command.I looked in the help output of
cache
andflush
and in the commands documentation but didn't see where the cache is located.Finally I used opensnoop to discover the global user cache file at
~/.aws-sso/cache.json
.And then I confirmed that this cache file did contain a reference to
DefaultSSO
.So I just deleted the cache file.
rm ~/.aws-sso/cache.json
After that, the
config-profiles
command behaved as promised.The text was updated successfully, but these errors were encountered: