Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant "keychain access" prompt appears #318

Closed
yafanasiev opened this issue Aug 5, 2022 · 3 comments
Closed

Constant "keychain access" prompt appears #318

yafanasiev opened this issue Aug 5, 2022 · 3 comments
Labels
bug Something isn't working macos

Comments

@yafanasiev
Copy link

Describe the bug
Each time a session credentials are refreshed, a system popup asking for keychain access appears. It will continue to appear even if "Always allow" is selected.

Leapp Version
0.13.2

To Reproduce
Steps to reproduce the behavior:

  1. Set "AWS credentials generation" method to "credential-process".
  2. Add a new AWS SSO integration with auth method "in-browser".
  3. Login to SSO integration.
  4. Start one of the synchronised sessions. Upon first request to AWS with this session, a system prompt for keychain access will appear. Enter system password and click on "Always allow".
  5. Wait for SSO session to end (without stopping the active session).
  6. Login to SSO integration again (without stopping the active session).
  7. Try to make a new request to AWS (e.g. aws cli command). Keychain prompt appears again.

Expected behavior
Keychain prompt should only appear once if "Always allow" is selected.
Screenshot 2022-08-05 at 18 29 41

Desktop (please complete the following information):

  • OS: MacOS Monterey 12.5 (M1)
  • Leapp Version: 0.13.2
  • Leapp CLI version: @noovolari/leapp-cli/0.1.16 darwin-x64 node-v16.16.0
  • Installation method: Homebrew

Additional context
Same popup appears from time to time when clicking "login" from SSO integration, only this time it is not for node process (which is I assume is the Leapp CLI) but for "Leapp Helper (Renderer)" (which seems to be Electron). I tried setting the permission for Leapp entry in Keychain Access to "allow all" manually, but that did not work because apparently Leapp creates a new key each time. Now I understand that macOS security system is tricky and restrictive, but I would appreciate if this could be resolved or maybe there is a trick to work around it. I do like the Leapp CLI integration because I do not need to create profiles manually anymore for AWS CLI, but it is very annoying when you have a lot of session from SSO integration and need to type in password multiple time each day.
@yafanasiev yafanasiev added the bug Something isn't working label Aug 5, 2022
@pethron
Copy link
Contributor

pethron commented Aug 6, 2022

Thanks for reporting. I dug in the electron documentation and found that could be a problem get/set operations from the renderer process, which could only happen with "credential-process" auth method. I'll check with @ericvilla and @urz9999

@pethron pethron mentioned this issue Aug 6, 2022
Closed
@bradj
Copy link

bradj commented Aug 9, 2022

Having this issue myself. I get the following prompts:

Screen Shot 2022-08-09 at 12 18 36 PM
Screen Shot 2022-08-09 at 12 19 22 PM

@andreacavagna01 andreacavagna01 changed the title [macOS] Constant "keychain access" prompt appears Constant "keychain access" prompt appears Aug 18, 2022
@andreacavagna01
Copy link
Contributor

fixed in v0.14.2.

Closing this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working macos
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bradj @pethron @andreacavagna01 @yafanasiev