fix(sso): fix issue where file backend type is used

[corymhall]

This PR fixes an issue where using the sso start url as the keyring item key causes an issue when using the file backend type.

Instead of using the startUrl as the keyring item key it will now parse the URL and just use the URL Host.

So if you have

sso_start_url=https://aws-sso-portal.awsapps.com/start

Then it will now store the sso credentials with the key aws-sso-portal.awsapps.com

BREAKING CHANGE: The SSO functionality hasn't been released yet, so it's not breaking yet, but would be if it gets released before this fix is merged. since the keyring item key is being changed, any existing sso credentials that have been added will have to be re-added with the new item key.

[corymhall]

cc @itsdalmo

[mtibben]

causes an issue when using the file backend type

Hey @corymhall can you be more specific about what the issue is and what error message you get? The problem may be in the file backend rather than SSO?

[corymhall]

@mtibben sorry should have included more details about the issue.

It looks like it is an issue with the / in the SSO start url. The SSO functionality in aws-vault uses the SSO start url as the item key so it is trying to create a file in ~/.awsvault/keys/ with that name, i.e. https://aws-sso-portal.awsapps.com/start

aws-vault/vault/ssorolecredentialsprovider.go

Lines 183 to 188 in 9629a09

	err = p.Keyring.Keyring.Set(keyring.Item{
	Key: p.StartURL,
	Label: fmt.Sprintf("aws-vault (%s)", p.StartURL),
	Data: bytes,
	KeychainNotTrustApplication: true,
	})

Here is the error that I get when I run the login command.

aws-vault login --backend=file --debug sandbox-sso
2020/04/21 23:32:57 aws-vault dev
2020/04/21 23:32:57 [keyring] Considering backends: [file]
2020/04/21 23:32:57 Loading config file /home/ubuntu/.aws/config
2020/04/21 23:32:57 Parsing config file /home/ubuntu/.aws/config
2020/04/21 23:32:57 [keyring] Expanded file dir to /home/ubuntu/.awsvault/keys/
2020/04/21 23:32:57 Looking for sessions for sandbox-sso
2020/04/21 23:32:57 Looking up all keys in keyring
2020/04/21 23:32:57 [keyring] Expanded file dir to /home/ubuntu/.awsvault/keys/
2020/04/21 23:32:57 [keyring] Expanded file dir to /home/ubuntu/.awsvault/keys/
2020/04/21 23:32:57 Created new SSO client for https://aws-sso-portal.awsapps.com/start (expires at: 2020-07-20 23:32:57 +0000 UTC)
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-XXXX
2020/04/21 23:32:57 failed to open browser: exit status 3
2020/04/21 23:33:16 Created new SSO access token for https://aws-sso-portal.awsapps.com/start (expires at: 2020-04-22 07:33:16.257871296 +0000 UTC m=+28818.636334029)
2020/04/21 23:33:16 [keyring] Expanded file dir to /home/ubuntu/.awsvault/keys/
2020/04/21 23:33:16 [keyring] Expanded file dir to /home/ubuntu/.awsvault/keys/
aws-vault: error: Login failed: Failed to get credentials for sandbox-sso: open /home/ubuntu/.awsvault/keys/https:/aws-sso-portal.awsapps.com/start: no such file or directory

[mtibben]

Hey @corymhall I have a PR for a fix in keyring at 99designs/keyring#69

Are you able to test this?

[corymhall]

@mtibben I was able to test your PR and I can confirm that it fixed the issue. Thanks!