Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSO #51

Open
davidsteed opened this issue Feb 9, 2021 · 13 comments
Open

Support SSO #51

davidsteed opened this issue Feb 9, 2021 · 13 comments
Assignees

Comments

@davidsteed
Copy link

This does not support "aws configure sso". If I copy the credentials into the ~/.aws/credentials file it works. Can support for sso be added

@davidsteed
Copy link
Author

I have fixed this by upgrading to the latest version of the aws sdk changes. Created new branch with changes, but don't have permission to push

@PettitWesley
Copy link
Contributor

@davidsteed If you have SSO working, can you submit a pull request with the code change?

@davidsteed
Copy link
Author

davidsteed commented Feb 10, 2021 via email

@masteinhauser
Copy link
Contributor

I can confirm @davidsteed is correct, and I am also currently struggling with the make generate functionality.

I'll submit a PR (also) if I can get this working and passing tests. For now, it's perfectly functional for our immediate AWS SSO needs.

@masteinhauser
Copy link
Contributor

I just got this working locally with all tests passing, PR incoming.

The root of the issue occurs when running make generate with the vendor/ directory still existing.
Once the vendor directory is removed, then make generate passes, and finally the binary can be built with all current tests passing.

@PettitWesley
Copy link
Contributor

I merged #52

This project isn't super actively maintained so not sure when we will get around to doing a release.

@masteinhauser
Copy link
Contributor

THANK YOU! Even without a formal release, this is a really big feature for us to carry only a custom binary instead of a custom fork + custom binary. I'll be passing the positive feedback along to our TAM, and finally getting our customer commentary for the AWS SSO team.

@arnaudmm
Copy link

arnaudmm commented Mar 17, 2021

Hello, is there any planned release including this change?

As an alternative, how can I build the docker image locally?
Edit : got it
git clone
make release

@Kaelten
Copy link

Kaelten commented Jul 26, 2022

Any chance of a release?

@PettitWesley
Copy link
Contributor

@Kaelten @arnaudmm @masteinhauser I think the latest release should include it: https://github.com/awslabs/amazon-ecs-local-container-endpoints/releases/tag/v1.4.0

Based on the fact that the release was cut after I merged the SSO PR. I checked the commit history.

@Kaelten
Copy link

Kaelten commented Jul 26, 2022

@Kaelten @arnaudmm @masteinhauser I think the latest release should include it: https://github.com/awslabs/amazon-ecs-local-container-endpoints/releases/tag/v1.4.0

Based on the fact that the release was cut after I merged the SSO PR. I checked the commit history.

I'm still getting the below when I try to use 1.4.0

NoCredentialProviders: no valid providers in chain\ncaused by: EnvAccessKeyNotFound: failed to find credentials in the environment.\nSharedCredsLoad: failed to load profile, staging.\nEC2RoleRequestError: no EC2 instance role found\ncaused by: RequestError: send request failed\ncaused by: Get http://169.254.169.254/latest/meta-data/iam/security-credentials/: dial tcp 169.254.169.254:80: connect: connection refused"

@Kaelten
Copy link

Kaelten commented Jul 26, 2022

@Kaelten @arnaudmm @masteinhauser I think the latest release should include it: https://github.com/awslabs/amazon-ecs-local-container-endpoints/releases/tag/v1.4.0

Based on the fact that the release was cut after I merged the SSO PR. I checked the commit history.

scratch that, it turns out I wasn't actually using 1.4.0 since I was trying to use latest as the tag. It'd be awesome if this could be updated to support multi-arch tagging so we didn't have to hard code amd/arm into our config files.

@benkehoe
Copy link

benkehoe commented Aug 8, 2022

A slightly different solution to this and any other credentialing woes is to provide refreshable credentials directly from the host via an IMDS server, which I've elaborated on in #171

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants