Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --no-cache to not use the cache and force a refresh #574

Closed
Gavin89 opened this issue Sep 26, 2023 · 7 comments · Fixed by #575
Closed

Add --no-cache to not use the cache and force a refresh #574

Gavin89 opened this issue Sep 26, 2023 · 7 comments · Fixed by #575
Labels
enhancement New feature or request
Milestone
v1.14.0

Comments

@Gavin89
Copy link

Gavin89 commented Sep 26, 2023
edited
Loading

Output of aws-sso version:

Example output:
❯ aws-sso version
AWS SSO CLI Version 1.13.1 -- Copyright 2021-2023 Aaron Turner
7c08e58ad2a2c941bfa42ad98b0429f3fefa1ca7 (v1.13.1) built at 2023-08-28T23:03:47+0000

Describe the bug:
We have a unique scenario where we are creating/deleting many accounts, it appears that when we run aws-sso list it appears to be returning / caching old accounts that have been deleted, and it doesn't appear to be showing any new accounts. Using this tool https://github.com/benkehoe/aws-sso-util I can see the new accounts, and also it does not return old accounts.

To Reproduce:

  1. aws-sso list

As this has our accounts info, I can't copy and paste, but for context I have around 40 AWS accounts with 2 roles each that are active, maybe there is a limitation on how many you bring back, or maybe you cache accounts when bringing them back instead of doing api call every time

An example is in my AWS SSO I can see tmp-gh109 but when I run aws-sso list, it does not appear in the list. However, running aws-sso-util roles I can see that account.

I can also see tmp-gh108 which has been deleted from AWS SSO and does not show in aws-sso-util but shows in aws-sso list
@Gavin89 Gavin89 added the bug Something isn't working label Sep 26, 2023
@synfinatic
Copy link
Owner

Not a bug, but more of as-designed. If you have many accounts it can take a few dozen (or more) seconds for AWS to return all the results due to rate limiting. Even a few accounts can add noticeable lag to many aws-sso commands.

Anyways, this is all documented in the docs, so I encourage you to read them. That said, this question (or versions of it) seems to be coming up enough that I should see about adding a --no-cache option or something along the lines to force a cache refresh.

@synfinatic synfinatic added enhancement New feature or request and removed bug Something isn't working labels Sep 26, 2023
@synfinatic synfinatic changed the title aws-sso list brings back old accounts no longer in use, and doesn't appear to show new accounts (limit issue maybe) Add --no-cache to not use the cache and force a refresh Sep 26, 2023
@synfinatic synfinatic added this to the v1.14.0 milestone Sep 26, 2023
@Gavin89
Copy link
Author

Gavin89 commented Sep 26, 2023

How come aws-sso-util seems to handle many accounts thought?

@synfinatic
Copy link
Owner

Because aws-sso-util has fewer features and can rely solely on the ~/.aws/config file for its "cache". Any time it needs to update the ~/.aws/config file it takes the same hit.

@Gavin89
Copy link
Author

Gavin89 commented Sep 27, 2023

How come it is bringing back new active accounts though? like even running aws-sso list now it still does not show my tmp-gh109 so im unable to access this acc

@synfinatic
Copy link
Owner

Sorry, not sure I understand what you're saying. Can you rephrase and perhaps provide more details? Are you suggesting you found a bug?

synfinatic added a commit that referenced this issue Sep 27, 2023
@synfinatic
Add --no-cache flag
e21c1b1 
Force refreshing the cache and query AWS on a per-command basis for
config-profiles, console, exec and list.

Fixes: #574
synfinatic added a commit that referenced this issue Sep 27, 2023
@synfinatic
Add --no-cache flag
9817763 
Force refreshing the cache and query AWS on a per-command basis for
config-profiles, console, exec and list.

Fixes: #574
@synfinatic synfinatic mentioned this issue Sep 27, 2023
Merged
@Gavin89
Copy link
Author

Gavin89 commented Sep 28, 2023

Hi, so I have created a new AWS Account called tmp-gh109 but when I run aws-sso list this does not appear in the list. I would expect to see it.

I can see the new account in my AWS SSO Okta, so I know it is there. Running the below with the account ID I also get

❯ aws-sso exec -A <redacted> -R AdministratorAccess
WARNING Unable to update cache                        error="invalid AWS AccountID: <redacted>"
ERROR   Unable to find role in cache.  Unable to set AWS_SSO_PROFILE

So it is like the tool is not pulling latest from AWS SSO, or it has cached so there for not doing an API call, or there is some sort of bug.

@synfinatic
Copy link
Owner

https://github.com/synfinatic/aws-sso-cli/blob/main/docs/config.md#sso-cache-options
https://github.com/synfinatic/aws-sso-cli/blob/main/docs/commands.md#cache

synfinatic added a commit that referenced this issue Sep 28, 2023
@synfinatic
Add --no-cache flag
5ef7b5a 
Force refreshing the cache and query AWS on a per-command basis for
config-profiles, console, exec and list.

Fixes: #574
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.14.0
Development

Successfully merging a pull request may close this issue.

Add --no-cache flag synfinatic/aws-sso-cli
2 participants
@synfinatic @Gavin89