Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing credentials in config #154

Closed
hampsterx opened this issue Jul 27, 2021 · 7 comments
Closed

Missing credentials in config #154

hampsterx opened this issue Jul 27, 2021 · 7 comments
Labels
bug Something isn't working

Comments

@hampsterx
Copy link

hampsterx commented Jul 27, 2021
edited
Loading

Describe the bug

Create new session (AWS/IAM User), input MFA token and receive toast msg:

Leapp Aws Sts Error
Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

Leapp Version
0.6.1

cat /etc/os-release

NAME="KDE neon"
VERSION="5.22"
ID=neon
ID_LIKE="ubuntu debian"
PRETTY_NAME="KDE neon User Edition 5.22"
VARIANT="User Edition"
VARIANT_ID=user
VERSION_ID="20.04"

Have tried setting this env var in bashrc and restarted but no effect.
Also searched repo but cannot find any reference to this.

AWS_SDK_LOAD_CONFIG site:https://github.com/Noovolari/leapp

Update: Just tried using "awsume" and works fine, can see env | grep AWS its injected that env var. hmm
@hampsterx hampsterx added the bug Something isn't working label Jul 27, 2021
@pethron
Copy link
Contributor

pethron commented Jul 27, 2021

Thanks for reporting, I was able to reproduce the issue.

Setting the environment variable shouldn't help, the credentials are injected from the getSessionToken API and not read from the configuration file. Still don't know why this problem is manifesting only on this distro.

@pethron
Copy link
Contributor

pethron commented Jul 27, 2021

The problem seems to be related to calling the STS client from the modal window (instead from the main application). Like this it loses the ability to access the keyring and defaults to the default credential chain provider, trying to load credentials from the file. I think it should be solved easily by returning the MFA token to main process, we'll fix this in the next release.

@pethron
Copy link
Contributor

pethron commented Jul 28, 2021
edited
Loading

Did you install libsecret-1-dev and gnome-keyring? Can you check into the password manager if the keys are being written inside the keyring?

sudo apt-get install libsecret-1-dev
sudo apt install gnome-keyring

After that could you try to remove and add again your MFA session?

@ericvilla
Copy link
Contributor

@hampsterx @pethron I tried to setup Leapp in a clean KDE Neon environment.

By default, libsecret-1-dev seems to be already installing (verified it using apt list). If you don't install gnome-keyring, Leapp stores the secrets in the login keychain; on the other hand, after installing gnome-keyring and seahorse (to view keyrings and list secrets), Leapp stores secrets in a new "Default keyring" for which you have to specify the password used to unlock it.

I found some inconsistencies in KDE Neon keyring, in the sense that I was not always able to reproduce @hampsterx issue, even if I followed the same steps from a pre-defined VMWare snapshot.

My temporarily conclusion and suggestion, given the issue encountered by @hampsterx, is to:

  • uninstall Leapp (using sudo apt remove leapp, sudo rm -rf ~/.Leapp, sudo rm -rf ~/.config/Leapp);
  • uninstall gnome-keyring and seahorse (if installed);
  • re-install gnome-keyring and seahorse;
  • re-install Leapp.

@hampsterx please let us know if it does not work even after re-installing all the needed stuff.

Cheers!

@ericvilla
Copy link
Contributor

ericvilla commented Jul 29, 2021
edited
Loading

I've finally managed to solve the bug!

Basically, AWS IAM User access key id and secret access key saveSecret operations were issued in parallel; when a saveSecret operation is issued by Leapp for the first time, KDE Neon opens a modal in which the user must specify the password to unlock the "Default keyring" in which Leapp stores its secrets.

When trying to store AWS IAM User access key id and secret access key, 2 modals will be opened by KDE Neon, one per secret (probably a concurrency problem). Unfurtunately you're allowed to insert the password and its confirmation only in one of the 2 modals; this prevents you to permit the second secret to be writtend down into the "Default keyring".

@hampsterx may I ask you to build the solution locally and test it in your environment?

The steps would be:

  1. git clone https://github.com/Noovolari/leapp.git
  2. nvm use (to set the current node version to the one specified in .nvmrc, if you're using nvm)
  3. npm install
  4. npm run rebuild-keytar
  5. npm run dist-deb-dev
  6. You'll find the .deb file in release/ folder

ericvilla added a commit that referenced this issue Jul 29, 2021
@ericvilla
fix: aws iam user access keys are now stored sequentially
b64041e 
Refs #154
@hampsterx
Copy link
Author

hi @ericvilla actually I did try installing gnome-keyring initially.

Following your instructions now and it's working! Hooray!~

Stellar effort sir~

@ericvilla
Copy link
Contributor

Glad to hear that @hampsterx!!! We will introduce this change in the next release

ericvilla added a commit that referenced this issue Sep 30, 2021
@ericvilla
fix: aws iam user access keys are now stored sequentially
9975d80 
Refs #154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hampsterx @pethron @ericvilla