99designs / aws-vault

A vault for securely storing and accessing AWS credentials in development environments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AppleScript Error Message: variable not defined

geoffreywiseman opened this issue · comments

  • I am using the latest release of AWS Vault
  • I have provided my .aws/config (redacted if necessary)
  • I have provided the debug output using aws-vault --debug (redacted if necessary)

The Problem

When I run an aws-vault command, I'm getting some kind of AppleScript error:

113:120: execution error: The variable bastion is not defined. (-2753)

The program I'm running doesn't have any AppleScript. I'm not certain that aws-vault does, but... it only seems to happen when I need to go through the OIDC-style web-browser authentication on aws-vault, so I'm guessing it's somehow related?

Debug Output

❯ aws-vault --debug exec prod-adm -- poetry run awswl --sg-name "*bastion-qa*" --list
2023/08/09 09:40:30 aws-vault v7.2.0
2023/08/09 09:40:30 Using prompt driver: terminal
2023/08/09 09:40:30 Loading config file /Users/geoffrey/.aws/config
2023/08/09 09:40:30 Parsing config file /Users/geoffrey/.aws/config
2023/08/09 09:40:30 [keyring] Considering backends: [keychain]
2023/08/09 09:40:30 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2023/08/09 09:40:30 [keyring] Found 8 results
2023/08/09 09:40:30 profile prod-adm: using SSO role credentials
2023/08/09 09:40:30 Setting subprocess env: AWS_REGION=ca-central-1, AWS_DEFAULT_REGION=ca-central-1
2023/08/09 09:40:30 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2023/08/09 09:40:30 [keyring] Found 8 results
2023/08/09 09:40:30 [keyring] Removing keychain item service="aws-vault", account="sso.GetRoleCredentials,Y3BwLXByb2QtYWRt,aHR0cHM6Ly9kLTlkNjcxZTBlYTYuYXdzYXBwcy5jb20vc3RhcnQ,1691544118", keychain "aws-vault.keychain"
2023/08/09 09:40:32 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2023/08/09 09:40:32 [keyring] Found 7 results
2023/08/09 09:40:32 [keyring] Querying keychain for service="aws-vault", account="sso.GetRoleCredentials,Y3BwLXByb2QtYWRt,aHR0cHM6Ly9kLTlkNjcxZTBlYTYuYXdzYXBwcy5jb20vc3RhcnQ,-62135596800", keychain="aws-vault.keychain"
2023/08/09 09:40:32 [keyring] No results found
2023/08/09 09:40:32 [keyring] Querying keychain for service="aws-vault", account="oidc:https://d-9d671e0ea6.awsapps.com/start", keychain="aws-vault.keychain"
2023/08/09 09:40:32 [keyring] Found item "aws-vault oidc token for https://d-9d671e0ea6.awsapps.com/start (expires 2023-08-08T20:20:16-04:00)"
2023/08/09 09:40:32 OIDC token for 'https://d-9d671e0ea6.awsapps.com/start' expired, removing
2023/08/09 09:40:32 [keyring] Removing keychain item service="aws-vault", account="oidc:https://d-9d671e0ea6.awsapps.com/start", keychain "aws-vault.keychain"
2023/08/09 09:40:33 Created new OIDC client (expires at: 2023-11-07 08:40:33 -0500 EST)
2023/08/09 09:40:33 Created OIDC device code for https://d-9d671e0ea6.awsapps.com/start (expires in: 600s)
2023/08/09 09:40:33 Opening SSO authorization page in browser
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.ca-central-1.amazonaws.com/?user_code=ZWSG-VLJH
2023/08/09 09:40:55 Created new OIDC access token for https://d-9d671e0ea6.awsapps.com/start (expires in: 28789s)
2023/08/09 09:40:55 [keyring] Checking keychain status
2023/08/09 09:40:55 [keyring] Keychain status returned nil, keychain exists
2023/08/09 09:40:55 [keyring] Keychain item trusts keyring
2023/08/09 09:40:55 [keyring] Adding service="aws-vault", label="aws-vault oidc token for https://d-9d671e0ea6.awsapps.com/start (expires 2023-08-09T17:40:44-04:00)", account="oidc:https://d-9d671e0ea6.awsapps.com/start", trusted=true to osx keychain "aws-vault.keychain"
2023/08/09 09:40:56 Got credentials ****************3V7Y for SSO role AdministratorAccess (account: 5**********0), expires in 3h59m58.794879s
2023/08/09 09:40:56 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2023/08/09 09:40:56 [keyring] Found 7 results
2023/08/09 09:40:56 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2023/08/09 09:40:56 [keyring] Found 7 results
2023/08/09 09:40:56 [keyring] Checking keychain status
2023/08/09 09:40:56 [keyring] Keychain status returned nil, keychain exists
2023/08/09 09:40:56 [keyring] Keychain item trusts keyring
2023/08/09 09:40:56 [keyring] Adding service="aws-vault", label="aws-vault session for prod-adm (expires 2023-08-09T13:40:55-04:00)", account="sso.GetRoleCredentials,Y3BwLXByb2QtYWRt,****************NjcxZTBlYTYuYXdzYXBwcy5jb20vc3RhcnQ,1691602855", trusted=true to osx keychain "aws-vault.keychain"
2023/08/09 09:40:56 Setting subprocess env: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
2023/08/09 09:40:56 Setting subprocess env: AWS_SESSION_TOKEN
2023/08/09 09:40:56 Setting subprocess env: AWS_CREDENTIAL_EXPIRATION
2023/08/09 09:40:56 Exec command poetry run awswl --sg-name *bastion-qa* --list
2023/08/09 09:40:56 Found executable /usr/local/bin/poetry
Could not find security group with name *bastion-qa*

113:120: execution error: The variable bastion is not defined. (-2753)

AWS Config

The related entry in my config file is:

[profile cpp-prod-adm]
sso_start_url = https://d-9d671e0ea6.awsapps.com/start
sso_region = ca-central-1
sso_account_id = 5**********0
sso_role_name = AdministratorAccess
region = ca-central-1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.