--stdout flag not working since updating to MacOS 13.0 (22A380) (Ventura)
Daemeron opened this issue · comments
Yesterday I have updated to the latest MacOS version and today I noticed trying to login through non default browser by utilising --stdout flag does not appear to work anymore. It looks as if that flag is ignored and aws-vault proceeds to opening the login url with default browser.
- I am using the latest release of AWS Vault
Running v6.6.0
- I have provided my
.aws/config(redacted if necessary)
[default]
region=eu-west-1
output=json
[profile project-a]
sso_start_url=https://xxx.awsapps.com/start
sso_region=eu-west-1
sso_account_id=xxxxxx
sso_role_name=AWSAdministratorAccess
region=eu-west-1
output=json
[profile project-b]
sso_start_url=https://xxx.awsapps.com/start
sso_region=eu-west-1
sso_account_id=xxxxx
sso_role_name=AWSAdministratorAccess
region=eu-west-1
output=json
- I have provided the debug output using
aws-vault --debug(redacted if necessary)
aws-vault login --stdout --debug project-a ~
2022/10/26 16:58:09 aws-vault v6.6.0
2022/10/26 16:58:09 [keyring] Considering backends: [keychain]
2022/10/26 16:58:09 Loading config file /Users/xxx/.aws/config
2022/10/26 16:58:09 Parsing config file /Users/xxx/.aws/config
2022/10/26 16:58:09 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/10/26 16:58:09 [keyring] Found 0 results
2022/10/26 16:58:09 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/10/26 16:58:09 [keyring] Found 0 results
2022/10/26 16:58:09 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/10/26 16:58:09 [keyring] Found 0 results
2022/10/26 16:58:09 [keyring] Querying keychain for service="aws-vault", account="sso.GetRoleCredentials,xxx,xxx,-62135596800", keychain="aws-vault.keychain"
2022/10/26 16:58:09 [keyring] No results found
2022/10/26 16:58:09 [keyring] Querying keychain for service="aws-vault", account="oidc:https://xxx.awsapps.com/start", keychain="aws-vault.keychain"
2022/10/26 16:58:09 [keyring] No results found
2022/10/26 16:58:09 Created new OIDC client (expires at: 2023-01-24 15:58:09 +0100 CET)
2022/10/26 16:58:09 Created OIDC device code for https://xxx.awsapps.com/start (expires in: 600s)
2022/10/26 16:58:09 Opening SSO authorization page in browser
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.eu-west-1.amazonaws.com/?user_code=xx-xxxx
Hi, I have realised I must have misinterpreted my problem. It would appear that fresh login requires browser interaction no matter what, and the --stdout comes in action after that has been done to output the resulting url.
I am not entirely sure whenever my expectation on how --stdout should work is unreasonable, but I expected that aws-vault would not interact with browser directly.
Either-way, I was trying to use a --stdout to circumvent inability to tell aws-vault which browser to use. I personally use different browsers for work and personal needs, so being able to pick which one I want aws-vault to use would be a godsend. There appear to be a issue asking kindly for just that already (#959). Thus, I will close this issue.