Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--write-aws-credential causing JSON decoding error in various tools #169

Closed
minhio opened this issue Feb 2, 2024 · 0 comments · Fixed by #173
Closed

--write-aws-credential causing JSON decoding error in various tools #169

minhio opened this issue Feb 2, 2024 · 0 comments · Fixed by #173

Comments

@minhio
Copy link

minhio commented Feb 2, 2024
edited
Loading

okta-aws-cli version 2.0.0-beta.6

getting errors from various tools (granted cli and aws cli) when using credential process, ONLY when --write-aws-credentials flag is set

example aws config file (app id, client id, org domain are set in env vars)

[profile default]
region = us-east-1
credential_process = okta-aws-cli web --format process-credentials --write-aws-credentials --aws-iam-idp arn:aws:iam::1234567890:saml-provider/OKTA --aws-iam-role arn:aws:iam::1234567890:role/Developer

executing aws cli command aws s3 ls will produce this error Expecting value: line 1 column 1 (char 0)

however, the ~/.aws/credentials file is updated accordingly so subsequent aws commands will work

here's the debug from aws cli

2024-02-02 09:36:14,550 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
  File "awscli\clidriver.py", line 460, in main
  File "awscli\customizations\commands.py", line 151, in __call__
  File "awscli\customizations\commands.py", line 205, in __call__
  File "awscli\customizations\s3\subcommands.py", line 495, in _run_main
  File "awscli\customizations\s3\subcommands.py", line 481, in _run_main
  File "awscli\customizations\s3\factory.py", line 53, in create_client
  File "awscli\botocore\session.py", line 839, in create_client
  File "awscli\botocore\session.py", line 445, in get_credentials
  File "awscli\botocore\credentials.py", line 1974, in load_credentials
  File "awscli\botocore\credentials.py", line 950, in load
  File "awscli\botocore\credentials.py", line 977, in _retrieve_credentials_using
  File "json\__init__.py", line 346, in loads
  File "json\decoder.py", line 337, in decode
  File "json\decoder.py", line 355, in raw_decode
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

similarly, the granted cli produce this error when executing assume default

[✘] process provider error: parse failed of process output: , error: unexpected end of JSON input

removing the --write-aws-credential flag and the error goes away
@minhio minhio changed the title process provider error: parse failed of process output: , error: unexpected end of JSON input --write-aws-credential causing JSON decoding error in various tools Feb 2, 2024
monde added a commit that referenced this issue Feb 9, 2024
@monde
Process credentials format was not emitting JSON correctly when `--wr…
0994c4d 
…ite-aws-credentials` flag is present.

Closes #169
@monde monde mentioned this issue Feb 9, 2024
Merged
@monde monde closed this as completed in #173 Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix process credentials format bug when --write-aws-credentials flag is present. okta/okta-aws-cli
1 participant
@minhio