rukenshia / saml2aws-auto Goto Github PK

A CLI tool that allows you to manage multiple accounts for when using AWS with SAML Federation via Keycloak. Inspired by Versent/saml2aws.

License: MIT License

Rust 99.36% Shell 0.64%

cli saml aws login auth

saml2aws-auto's Introduction

saml2aws-auto

This is a CLI used to manage multiple AWS account credentials when authenticating via SAML at the same time. Accounts are organised in groups, which can be refreshed using one command.

Installation

brew install rukenshia/repo/saml2aws-auto

The GitHub Releases page includes archives for all major platforms. Download the release for your platform and make sure saml2aws-auto is in your PATH variable.

If you have rust installed, you can use the following command

cargo install saml2aws-auto

Linux

If you are on Linux, you will need to set up a secret tool before running saml2aws-auto. You can find more information in the troubleshooting section.

Features

Retrieving AWS Credentials when authenticating via SAML (only Keycloak supported at the moment, MFA is mandatory)
Management of multiple accounts organised in groups
Token expiration time is taken into account (they will not be refreshed if they are still valid)

Getting Started

After you've downloaded and installed saml2aws-auto, you can add a new group using this command:

$ saml2aws-auto groups add my-accounts --prefix my-accounts --role Administrator

Welcome to saml2aws-auto. It looks like you do not have a configuration file yet.
Currently, only Keycloak is supported as Identity Provider. When setting the
IDP URL, please note that you will have to pass the exact path to the saml client of Keycloak.

Let's break the command down into a few pieces:

saml2aws-auto groups add tells the CLI to add a new group.
my-accounts tells the CLI what name you want to use for the group. This can be anything.
--prefix my-accounts tells it that all the accounts you want to target start with my-accounts. In our example, we have two accounts: my-accounts-staging and my-accounts-prod. That means that the prefix will capture both of these accounts. If you also have my-other-accounts-staging and my-other-accounts-prod but want all four accounts in the same group, you can use the prefix my-.
--role Administrator identifies which role to use for all accounts.

If you want to add new accounts to an existing group later, you can use the --append flag. Also if you want to target specific accounts, you can pass in --accounts [account names,]. Use saml2aws-auto groups add --help for more info.

Next, you will be asked a few questions:

? IDP URL [localhost]: https://my.idp/realms/myrealm/protocol/saml/clients/aws
? IDP Username: [email protected]
? IDP Password []: my.password

All set!

? MFA Token [000000]: 123456

Your password will be stored with the native credentials manager of your platform.

After you've entered your MFA Token, the group will be configured for you:

Listing allowed roles for your account          SUCCESS

my-accounts:
        my-accounts-staging: arn:aws:iam::1234567890:role/Administrator
        my-accounts-prod: arn:aws:iam::1234567891:role/Administrator

Group configuration updated

The only thing left to do now is refresh your credentials:

$ saml2aws-auto refresh my-accounts

? MFA Token [000000]: 123456
Refreshing my-accounts-staging  SUCCESS
Refreshing my-accounts-prod     SUCCESS

Refreshed group my-accounts. To use them in the AWS cli, apply the --profile flag with the name of the account.

Example:

        aws --profile my-accounts-staging s3 ls

Changing Password / Username / Other Configuration

You can use saml2aws-auto configure to reconfigure your details. If you have several IDPs that you need to connect to, you can use the --config option to provide a path to a separate config file for saml2aws-auto.

Usage

You can interactively explore the tool by typing saml2aws-auto help. This also works for any of the sub commands.

Troubleshooting

I am behind a proxy

If you are using a proxy, you need to set up the common environment variables for proxy usage.

http_proxy - routes all HTTP traffic through the given proxy (e.g. http://user:password@localhost:1234)
https_proxy - routes all HTTPS traffic through the given proxy (e.g. http://user:password@localhost:1234)

for saml2aws-auto, all requests are usually made to HTTPS endpoints, therefore configuring the https_proxy is advised.

My password can't be stored

Some users have reported issues with the credentials management. If your password can't be stored properly, you can use the --skip-password-manager flag combined with the --password flag with the groups add and refresh commands to circumvent this.

Example:

saml2aws-auto --skip-password-manager groups add example --role Administrator --prefix example --password "my password"

`The name org.freedesktop.secrets was not provided by any .service files (org.freedesktop.DBus.Error.ServiceUnknown)))`

This is an error specific to linux and tells you that you currently don't have any secret manager implementing the Freedesktop Secret Service set up. Usually, a keyring app such as GNOME-Keyring or another tool is pre-installed. Open that up and configure both your master password and the default vault for your secrets and try rerunning saml2aws-auto. Another link to what apps provide this API

saml2aws-auto's People

Contributors

Stargazers

Watchers

Forkers

helloworlddan mkoelle-forks jk21 selinaag cwiegleb

saml2aws-auto's Issues

Error when using saml2aws-auto in cygwin

Describe the bug
When calling saml2aws-auto in cygwin, the following error message appears:
thread 'main' panicked at 'Cannot get console screen buffer info', /cargo/registry/src/github.com-1ecc6299db9ec823/crossterm-0.2.2/src/kernel/windows_kernel/kernel.rs:77:9

To Reproduce
Steps to reproduce the behavior:

Go to cygwin bash shell
Run saml2aws-auto.exe
See error

Expected behavior
A clear and concise description of what you expected to happen.

Desktop (please complete the following information):

OS: Windows 7

Check that credentials are using the correct role

Is your feature request related to a problem? Please describe.
When going concurrent with #26 it might make sense to gain more confidence that the credentials were assumed for the correct account and role.

Describe the solution you'd like
Do a sts get-caller-identity call to verify the credentials

Describe alternatives you've considered
iam list-account-aliases, but they might not always be set

Additional context
Add any other context or screenshots about the feature request here.

Sane password default

With the native branch, passwords are required to be saved in the config. It should be optional.

Add "saml2aws-auto configure"

Is your feature request related to a problem? Please describe.
When changing password with the IDP, I somehow need to change it in saml2aws-auto as well. You can manually go to the credential storage on your platform (in my case Windows Credential Manager), but it would be neat to have a command for that.

Describe the solution you'd like
"saml2aws-auto configure", kind of like the AWS CLI equivalent. By default (hitting enter), the previous values are used for IDP URL, user, and password. But you can change one or more of those values.

Describe alternatives you've considered
Document how to change passwords on major platforms.

Investigate interactive getting started guide

This will mean a lot more prompting but might be worth it

Handle Keycloak Code of Conduct

Right now, this fails the tool

Change business-unit to prefix flag

Business unit is really misleading, the check is for a certain prefix.

Upgrade crossterm to 0.14

This will involve a lot of code that needs to be rewritten, as the API has changed completely.

Allow custom sts endpoint to be set

Describe the bug
I cant use this because the accounts i use are GovCloud and the STS endpoint needs to be set to https://sts.us-gov-west-1.amazonaws.com/ not https://sts.amazonaws.com/

It would be nice if you could set this per group when you add a new group in.

Thanks

Update multiple groups at once

Is your feature request related to a problem? Please describe.
I have multiple groups created, but when I want to refresh all groups, I have to do that separately and typing in the MFA token again and again...

Describe the solution you'd like
It would be nice to refresh multiple groups at once just by mentioning all groups in one command, e.g. saml2aws-auto refresh group1 group2 group3 [...]. In addition to that, there could be a flag (or reserved group name) to refresh every group, e.g. saml2aws-auto refresh -all or saml2aws-auto refresh all

Describe alternatives you've considered
Another approch would be, to bundle multiple groups into a top-level group. By refreshing this group, every account in the sub-groups are being refreshed.

Remove saml2aws references

The CLI still mentions saml2aws, but it is not being used anymore.

It should still be mentioned as inspiration though as it significantly reduced the time to copy the behaviour thanks to its source.

Groups add yields no accounts

Upgrade reqwest library

Rename project

Now that there's no hard dependency on saml2aws anymore, we can rename this tool.

List available roles

Right now there is no way to list available roles using the CLI.

There should be a accounts list-available or something similar to do that.

A cargo install results in errors

Describe the bug
Using an alpine image to install saml2aws-auto with cargo. Seems that the latest version is not updated in the repo. It defaults to v1.7.6, (pre skip password manager).

To Reproduce
Steps to reproduce the behavior:

echo 'FROM node:14-alpine\nRUN apk add cargo\nRUN cargo install saml2aws-auto\nCMD ["/bin/sh", "-c", "/bin/sh"]' > Dockerfile
docker build .
See error

Expected behavior
Cargo should install the latest saml2aws-auto release successfuly.

Logs

 => [2/3] RUN apk add cargo                                                                                                                                                                             41.2s
 => ERROR [3/3] RUN cargo install saml2aws-auto                                                                                                                                                         61.8s
------
 > [3/3] RUN cargo install saml2aws-auto:
#7 0.369     Updating crates.io index
#7 17.92  Downloading crates ...
#7 18.27   Downloaded saml2aws-auto v1.7.6
#7 18.31   Installing saml2aws-auto v1.7.6
#7 18.70  Downloading crates ...
#7 18.96   Downloaded base64 v0.6.0
#7 18.97   Downloaded serde_yaml v0.7.5
#7 18.98   Downloaded serde_derive v1.0.125
#7 18.99   Downloaded crossterm v0.6.0
#7 19.00   Downloaded url v1.7.2
#7 19.00   Downloaded rpassword v2.1.0
#7 19.00   Downloaded scraper v0.9.2
#7 19.01   Downloaded serde-xml-rs v0.2.1
#7 19.01   Downloaded dirs v1.0.5
#7 19.01   Downloaded keyring v0.6.1
#7 19.01   Downloaded log v0.4.14
#7 19.04   Downloaded regex v0.2.11
#7 19.05   Downloaded serde v1.0.125
#7 19.06   Downloaded reqwest v0.9.24
#7 19.09   Downloaded chrono v0.4.19
#7 19.11   Downloaded clap v2.33.3
#7 19.14   Downloaded openssl-probe v0.1.2
#7 19.25   Downloaded rust-ini v0.12.2
#7 19.28   Downloaded fern v0.5.9
#7 19.30   Downloaded byteorder v1.4.3
#7 19.30   Downloaded cookie v0.10.1
#7 19.31   Downloaded quote v1.0.9
#7 19.31   Downloaded proc-macro2 v1.0.26
#7 19.31   Downloaded crossterm_cursor v0.1.0
#7 19.32   Downloaded cfg-if v1.0.0
#7 19.32   Downloaded crossterm_utils v0.1.0
#7 19.32   Downloaded cookie_store v0.7.0
#7 19.33   Downloaded cookie v0.12.0
#7 19.33   Downloaded crossterm_style v0.1.0
#7 19.33   Downloaded crossterm_input v0.1.0
#7 19.33   Downloaded strsim v0.8.0
#7 19.34   Downloaded flate2 v1.0.20
#7 19.34   Downloaded mime_guess v2.0.3
#7 19.35   Downloaded memchr v2.4.0
#7 19.35   Downloaded tokio-timer v0.2.13
#7 19.36   Downloaded num-traits v0.2.14
#7 19.39   Downloaded crossterm_terminal v0.1.0
#7 19.39   Downloaded syn v1.0.72
#7 19.43   Downloaded hyper v0.12.36
#7 19.44   Downloaded cssparser v0.24.1
#7 19.44   Downloaded serde_urlencoded v0.5.5
#7 19.45   Downloaded time v0.1.44
#7 19.46   Downloaded idna v0.1.5
#7 19.49   Downloaded html5ever v0.22.5
#7 19.51   Downloaded tendril v0.4.2
#7 19.51   Downloaded ego-tree v0.6.2
#7 19.52   Downloaded getopts v0.2.21
#7 19.52   Downloaded mime v0.3.16
#7 19.52   Downloaded unicode-width v0.1.8
#7 19.52   Downloaded num-integer v0.1.44
#7 19.53   Downloaded atty v0.2.14
#7 19.53   Downloaded safemem v0.2.0
#7 19.53   Downloaded matches v0.1.8
#7 19.53   Downloaded base64 v0.10.1
#7 19.56   Downloaded aho-corasick v0.6.10
#7 19.56   Downloaded thread_local v0.3.6
#7 19.58   Downloaded futures v0.1.31
#7 19.60   Downloaded http v0.1.21
#7 19.60   Downloaded tokio v0.1.22
#7 19.62   Downloaded selectors v0.20.0
#7 19.62   Downloaded log v0.3.9
#7 19.62   Downloaded vec_map v0.8.2
#7 19.63   Downloaded linked-hash-map v0.5.4
#7 19.63   Downloaded smallvec v0.6.14
#7 19.63   Downloaded bytes v0.4.12
#7 19.64   Downloaded tokio-executor v0.1.10
#7 19.64   Downloaded yaml-rust v0.4.5
#7 19.64   Downloaded bitflags v1.2.1
#7 19.70   Downloaded libc v0.2.94
#7 19.74   Downloaded yaml-rust v0.3.5
#7 19.75   Downloaded ansi_term v0.11.0
#7 19.77   Downloaded secret-service v0.4.0
#7 19.80   Downloaded percent-encoding v1.0.1
#7 19.81   Downloaded regex-syntax v0.5.6
#7 19.84   Downloaded textwrap v0.11.0
#7 19.85   Downloaded xml-rs v0.3.6
#7 19.87   Downloaded serde_json v1.0.64
#7 19.90   Downloaded hyper-tls v0.3.2
#7 19.91   Downloaded uuid v0.7.4
#7 19.91   Downloaded native-tls v0.2.7
#7 19.92   Downloaded crossterm_screen v0.1.0
#7 19.92   Downloaded utf8-ranges v1.0.4
#7 19.93   Downloaded dtoa v0.4.8
#7 19.93   Downloaded tokio-threadpool v0.1.18
#7 19.94   Downloaded tokio-io v0.1.13
#7 19.99   Downloaded encoding_rs v0.8.28
#7 20.08   Downloaded autocfg v1.0.1
#7 20.08   Downloaded termios v0.3.3
#7 20.09   Downloaded dbus v0.2.3
#7 20.09   Downloaded lazy_static v1.4.0
#7 20.09   Downloaded rand v0.3.23
#7 20.10   Downloaded ucd-util v0.1.8
#7 20.10   Downloaded try_from v0.3.2
#7 20.10   Downloaded iovec v0.1.4
#7 20.11   Downloaded miniz_oxide v0.4.4
#7 20.14   Downloaded itoa v0.4.7
#7 20.14   Downloaded fnv v1.0.7
#7 20.15   Downloaded net2 v0.2.37
#7 20.15   Downloaded failure v0.1.8
#7 20.16   Downloaded tokio-reactor v0.1.12
#7 20.20   Downloaded unicode-bidi v0.3.5
#7 20.20   Downloaded either v1.6.1
#7 20.21   Downloaded tokio-tcp v0.1.4
#7 20.21   Downloaded futures-cpupool v0.1.8
#7 20.22   Downloaded unicode-xid v0.2.2
#7 20.22   Downloaded rust-gmp v0.3.2
#7 20.25   Downloaded mio v0.6.23
#7 20.27   Downloaded tokio-current-thread v0.1.7
#7 20.27   Downloaded tokio-buf v0.1.1
#7 20.28   Downloaded unicase v2.6.0
#7 20.28   Downloaded slab v0.4.3
#7 20.28   Downloaded openssl-sys v0.9.63
#7 20.29   Downloaded precomputed-hash v0.1.1
#7 20.29   Downloaded quote v0.6.13
#7 20.30   Downloaded dtoa-short v0.3.3
#7 20.30   Downloaded crossbeam-utils v0.7.2
#7 20.30   Downloaded crc32fast v1.2.1
#7 20.33   Downloaded openssl v0.10.34
#7 20.35   Downloaded fxhash v0.2.1
#7 20.35   Downloaded rand v0.6.5
#7 20.35   Downloaded rust-crypto v0.2.36
#7 20.38   Downloaded bitflags v0.7.0
#7 20.38   Downloaded utf-8 v0.7.6
#7 20.39   Downloaded ryu v1.0.5
#7 20.39   Downloaded phf_codegen v0.7.24
#7 20.39   Downloaded servo_arc v0.1.1
#7 20.39   Downloaded num_cpus v1.13.0
#7 20.40   Downloaded futf v0.1.4
#7 20.42   Downloaded syn v0.14.9
#7 20.43   Downloaded phf v0.7.24
#7 20.43   Downloaded thin-slice v0.1.1
#7 20.43   Downloaded markup5ever v0.7.5
#7 20.43   Downloaded syn v0.15.44
#7 20.45   Downloaded mac v0.1.1
#7 20.45   Downloaded proc-macro2 v0.4.30
#7 20.45   Downloaded num v0.1.42
#7 20.46   Downloaded maybe-uninit v2.0.0
#7 20.46   Downloaded cssparser-macros v0.3.6
#7 20.46   Downloaded httparse v1.4.0
#7 20.46   Downloaded rustc_version v0.2.3
#7 20.47   Downloaded want v0.2.0
#7 20.47   Downloaded procedural-masquerade v0.1.7
#7 20.48   Downloaded http-body v0.1.0
#7 20.48   Downloaded h2 v0.1.26
#7 20.49   Downloaded publicsuffix v1.5.6
#7 20.50   Downloaded unicode-normalization v0.1.17
#7 20.65   Downloaded num-complex v0.1.43
#7 20.65   Downloaded adler v1.0.2
#7 20.66   Downloaded num-rational v0.1.42
#7 20.66   Downloaded rand v0.4.6
#7 20.67   Downloaded tokio-sync v0.1.8
#7 20.67   Downloaded crossbeam-queue v0.2.3
#7 20.68   Downloaded crossbeam-deque v0.7.3
#7 20.68   Downloaded backtrace v0.3.59
#7 20.69   Downloaded once_cell v1.7.2
#7 20.70   Downloaded semver v0.9.0
#7 20.70   Downloaded parking_lot v0.9.0
#7 20.70   Downloaded cc v1.0.67
#7 20.71   Downloaded rand_os v0.1.3
#7 20.71   Downloaded rand_pcg v0.1.2
#7 20.72   Downloaded rand_isaac v0.1.1
#7 20.72   Downloaded string_cache v0.7.5
#7 20.72   Downloaded unicode-xid v0.1.0
#7 20.73   Downloaded nodrop v0.1.14
#7 20.73   Downloaded string_cache_codegen v0.4.4
#7 20.73   Downloaded try-lock v0.2.3
#7 20.73   Downloaded gcc v0.3.55
#7 20.73   Downloaded cfg-if v0.1.10
#7 20.74   Downloaded new_debug_unreachable v1.0.4
#7 20.74   Downloaded phf_shared v0.7.24
#7 20.74   Downloaded phf_generator v0.7.24
#7 20.74   Downloaded rand_xorshift v0.1.1
#7 20.74   Downloaded rand_core v0.4.2
#7 20.74   Downloaded num-bigint v0.1.44
#7 20.75   Downloaded rustc-serialize v0.3.24
#7 20.75   Downloaded rand_chacha v0.1.1
#7 20.75   Downloaded foreign-types v0.3.2
#7 20.75   Downloaded version_check v0.9.3
#7 20.76   Downloaded rand_hc v0.1.0
#7 20.76   Downloaded pkg-config v0.3.19
#7 20.76   Downloaded failure_derive v0.1.8
#7 20.94   Downloaded object v0.24.0
#7 20.96   Downloaded synstructure v0.12.4
#7 20.96   Downloaded tinyvec v1.2.0
#7 20.96   Downloaded parking_lot_core v0.6.2
#7 20.97   Downloaded rustc-demangle v0.1.19
#7 20.97   Downloaded addr2line v0.15.1
#7 20.97   Downloaded url v2.2.2
#7 20.98   Downloaded indexmap v1.6.2
#7 20.98   Downloaded lock_api v0.3.4
#7 20.99   Downloaded rand_core v0.3.1
#7 20.99   Downloaded string_cache_shared v0.3.0
#7 20.99   Downloaded crossbeam-epoch v0.8.2
#7 20.99   Downloaded stable_deref_trait v1.2.0
#7 20.99   Downloaded num-iter v0.1.42
#7 21.00   Downloaded string v0.2.1
#7 21.00   Downloaded autocfg v0.1.7
#7 21.00   Downloaded rand_jitter v0.1.4
#7 21.16   Downloaded siphasher v0.2.3
#7 21.16   Downloaded foreign-types-shared v0.1.1
#7 21.17   Downloaded tinyvec_macros v0.1.0
#7 21.17   Downloaded semver-parser v0.7.0
#7 21.17   Downloaded idna v0.2.3
#7 21.18   Downloaded form_urlencoded v1.0.1
#7 21.19   Downloaded scopeguard v1.1.0
#7 21.19   Downloaded hashbrown v0.9.1
#7 21.30   Downloaded percent-encoding v2.1.0
#7 21.30   Downloaded memoffset v0.5.6
#7 21.31   Downloaded gimli v0.24.0
#7 21.40    Compiling libc v0.2.94
#7 21.40    Compiling autocfg v1.0.1
#7 21.40    Compiling proc-macro2 v1.0.26
#7 21.40    Compiling unicode-xid v0.2.2
#7 21.40    Compiling rand_core v0.4.2
#7 21.41    Compiling autocfg v0.1.7
#7 21.41    Compiling cfg-if v1.0.0
#7 21.58    Compiling syn v1.0.72
#7 21.74    Compiling log v0.4.14
#7 22.40    Compiling lazy_static v1.4.0
#7 22.58    Compiling cfg-if v0.1.10
#7 22.67    Compiling siphasher v0.2.3
#7 22.75    Compiling byteorder v1.4.3
#7 23.40    Compiling maybe-uninit v2.0.0
#7 23.84    Compiling futures v0.1.31
#7 24.40    Compiling serde_derive v1.0.125
#7 24.52    Compiling serde v1.0.125
#7 24.79    Compiling semver-parser v0.7.0
#7 25.66    Compiling itoa v0.4.7
#7 26.05    Compiling cc v1.0.67
#7 26.66    Compiling matches v0.1.8
#7 26.79    Compiling proc-macro2 v0.4.30
#7 26.95    Compiling either v1.6.1
#7 27.45    Compiling unicode-xid v0.1.0
#7 27.73    Compiling tinyvec_macros v0.1.0
#7 27.79    Compiling scopeguard v1.1.0
#7 27.86    Compiling bitflags v1.2.1
#7 27.94    Compiling ryu v1.0.5
#7 28.46    Compiling slab v0.4.3
#7 28.88    Compiling fnv v1.0.7
#7 29.06    Compiling string_cache_shared v0.3.0
#7 29.20    Compiling serde_json v1.0.64
#7 29.95    Compiling pkg-config v0.3.19
#7 30.06    Compiling version_check v0.9.3
#7 30.22    Compiling rustc-serialize v0.3.24
#7 31.30    Compiling dtoa v0.4.8
#7 31.57    Compiling new_debug_unreachable v1.0.4
#7 31.69    Compiling syn v0.15.44
#7 31.87    Compiling adler v1.0.2
#7 32.72    Compiling percent-encoding v1.0.1
#7 34.56    Compiling mac v0.1.1
#7 34.66    Compiling gimli v0.24.0
#7 34.68    Compiling httparse v1.4.0
#7 34.98    Compiling openssl v0.10.34
#7 36.03    Compiling foreign-types-shared v0.1.1
#7 36.15    Compiling gcc v0.3.55
#7 38.97    Compiling precomputed-hash v0.1.1
#7 39.11    Compiling percent-encoding v2.1.0
#7 39.34    Compiling failure_derive v0.1.8
#7 41.07    Compiling hashbrown v0.9.1
#7 41.35    Compiling unicode-width v0.1.8
#7 41.44    Compiling object v0.24.0
#7 41.55    Compiling try-lock v0.2.3
#7 41.72    Compiling once_cell v1.7.2
#7 42.14 error[E0658]: the `#[non_exhaustive]` attribute is an experimental feature
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:122:1
#7 42.14     |
#7 42.14 122 | #[non_exhaustive]
#7 42.14     | ^^^^^^^^^^^^^^^^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/44109
#7 42.14
#7 42.14 error[E0658]: subslice patterns are unstable
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:173:41
#7 42.14     |
#7 42.14 173 |             [0x7f, b'E', b'L', b'F', 1, ..] => FileKind::Elf32,
#7 42.14     |                                         ^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.14
#7 42.14 error[E0658]: subslice patterns are unstable
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:175:41
#7 42.14     |
#7 42.14 175 |             [0x7f, b'E', b'L', b'F', 2, ..] => FileKind::Elf64,
#7 42.14     |                                         ^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.14
#7 42.14 error[E0658]: subslice patterns are unstable
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:177:38
#7 42.14     |
#7 42.14 177 |             [0xfe, 0xed, 0xfa, 0xce, ..]
#7 42.14     |                                      ^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.14
#7 42.14 error[E0658]: subslice patterns are unstable
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:178:40
#7 42.14     |
#7 42.14 178 |             | [0xce, 0xfa, 0xed, 0xfe, ..] => FileKind::MachO32,
#7 42.14     |                                        ^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.14
#7 42.14 error[E0658]: subslice patterns are unstable
#7 42.14    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:180:40
#7 42.14     |
#7 42.14 180 |             | [0xfe, 0xed, 0xfa, 0xcf, ..]
#7 42.14     |                                        ^^
#7 42.14     |
#7 42.14     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.14
#7 42.15 error[E0658]: subslice patterns are unstable
#7 42.15    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:181:40
#7 42.15     |
#7 42.15 181 |             | [0xcf, 0xfa, 0xed, 0xfe, ..] => FileKind::MachO64,
#7 42.15     |                                        ^^
#7 42.15     |
#7 42.15     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.15
#7 42.15 error[E0658]: subslice patterns are unstable
#7 42.15    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:183:38
#7 42.15     |
#7 42.15 183 |             [0xca, 0xfe, 0xba, 0xbe, ..] => FileKind::MachOFat32,
#7 42.15     |                                      ^^
#7 42.15     |
#7 42.15     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.15
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:185:38
#7 42.16     |
#7 42.16 185 |             [0xca, 0xfe, 0xba, 0xbf, ..] => FileKind::MachOFat64,
#7 42.16     |                                      ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:189:26
#7 42.16     |
#7 42.16 189 |             [b'M', b'Z', ..] => {
#7 42.16     |                          ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:203:26
#7 42.16     |
#7 42.16 203 |             [0xc4, 0x01, ..]
#7 42.16     |                          ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:205:28
#7 42.16     |
#7 42.16 205 |             | [0x64, 0xaa, ..]
#7 42.16     |                            ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:207:28
#7 42.16     |
#7 42.16 207 |             | [0x4c, 0x01, ..]
#7 42.16     |                            ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.16 error[E0658]: subslice patterns are unstable
#7 42.16    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/object-0.24.0/src/read/mod.rs:209:28
#7 42.16     |
#7 42.16 209 |             | [0x64, 0x86, ..] => FileKind::Coff,
#7 42.16     |                            ^^
#7 42.16     |
#7 42.16     = note: for more information, see https://github.com/rust-lang/rust/issues/62254
#7 42.16
#7 42.78    Compiling rustc-demangle v0.1.19
#7 42.88    Compiling memchr v2.4.0
#7 44.54    Compiling utf-8 v0.7.6
#7 45.58    Compiling crc32fast v1.2.1
#7 47.96    Compiling native-tls v0.2.7
#7 48.62    Compiling procedural-masquerade v0.1.7
#7 49.28    Compiling stable_deref_trait v1.2.0
#7 49.47    Compiling openssl-probe v0.1.2
#7 49.58    Compiling encoding_rs v0.8.28
#7 49.92    Compiling nodrop v0.1.14
#7 50.12    Compiling bitflags v0.7.0
#7 50.25    Compiling vec_map v0.8.2
#7 50.69    Compiling ucd-util v0.1.8
#7 51.18    Compiling strsim v0.8.0
#7 51.71    Compiling regex v0.2.11
#7 52.46    Compiling mime v0.3.16
#7 53.69    Compiling yaml-rust v0.3.5
#7 53.86    Compiling ansi_term v0.11.0
#7 54.44    Compiling thin-slice v0.1.1
#7 54.77    Compiling linked-hash-map v0.5.4
#7 55.15 error: aborting due to 14 previous errors
#7 55.15
#7 55.15 For more information about this error, try `rustc --explain E0658`.
#7 55.24 error: could not compile `object`.
#7 55.24 warning: build failed, waiting for other jobs to finish...
#7 61.61 error: failed to compile `saml2aws-auto v1.7.6`, intermediate artifacts can be found at `/tmp/cargo-installPvJ1pj`
#7 61.61
#7 61.61 Caused by:
#7 61.61   build failed
------
executor failed running [/bin/sh -c cargo install saml2aws-auto]: exit code: 101

Additional context
Add any other context about the problem here.

Panic thrown when saving password in `Manjaro Linux`

Describe the bug
Panic thrown when saving password in Manjaro Linux

To Reproduce
Steps to reproduce the behavior:

Run command 'saml2aws-auto configure'
Enter password 'securepassword'
See error

Expected behavior
Password should be saved

Trace

saml2aws-auto -vvvvv configure
[TRACE][saml2aws_auto::client] get_proxied_client_builder.http_proxy.before_check
[TRACE][saml2aws_auto::client] get_proxied_client_builder.https_proxy.before_check
[TRACE][saml2aws_auto::client] get_proxied_client_builder.done
? IDP Password: 
thread 'main' panicked at 'Could not save password in credentials storage: SecretServiceError(Dbus(D-Bus error: The name org.freedesktop.secrets was not provided by any .service files (org.freedesktop.DBus.Error.ServiceUnknown)))', libcore/result.rs:945:5
note: Run with `RUST_BACKTRACE=1` for a backtrace.

Desktop:

cat /etc/lsb-release
DISTRIB_ID=ManjaroLinux
DISTRIB_RELEASE=18.0.0
DISTRIB_CODENAME=Illyria
DISTRIB_DESCRIPTION="Manjaro Linux"

Operating System: Manjaro Linux 
KDE Plasma Version: 5.14.3
Qt Version: 5.11.2
KDE Frameworks Version: 5.52.0
Kernel Version: 4.19.4-1-MANJARO
OS Type: 64-bit
Processors: 4 × Intel® Core™ i7-6820HQ CPU @ 2.70GHz
Memory: 9,7 GiB of RAM

Additional context
Using release saml2aws-auto-1.7.1-rc.5-x86_64-unknown-linux-gnu

Is there a list of linux distros that are known to work?

Assume role fails with Credentials not found

Couldn't find AWS credentials in environment, credentials file, or IAM role.

Show AccountName during Login in Error case

Feature Request Description
When I run saml-2-aws-auto login I want to see the account names even if I have no access to it.
We use your tool in our company and have only temporary access to some prod accounts.

Solution Suggestion
As you can see in the picture, the Account names are only shown when access was successful.
I would like to propose the account name even if I don't have access
{{aws-account-name}} Principial not found.

This would it make more transparent to see which account is throwing the no-access error

Best
Crispin

Enable proxy support

Login does not work when multiple MFA devices are configured

When having more than one MFA device, the form requires an additional field with the mfa device id.

I think adding the mfa device name to the configure sub command and then mapping the name to the id on the fly should do the trick.

Concurrent Account Refreshing

Hey Rukenshia,

Problem:
- I have a huge list of accounts in a single group
Feature Request
- add a feature which refreshes accounts in parallel
Alternative Solution
- On user site I could split it up in several groups - but I like to group them logically

Thanks

Windows 7 Vault Error

Describe the bug
It seems like the credentials manager does not support Windows 7.

To Reproduce
Steps to reproduce the behavior:

Set up on Windows 7
Run configure
Observer Windows Vault Error

Expected behavior
No error

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. iOS] Windows
Version [e.g. 22] 7

Additional context
Reported by end user

Add documentation for getting started

Including adding a group and refreshing creds up to AWS cli usage

Failed accounts are removed from config upon failure

Describe the bug
When running saml2aws-auto refresh, any failed account during the process gets removed from the configuration file.

To Reproduce
Steps to reproduce the behavior:

Configure an invalid account in the saml2aws-auto.yml config
Run saml2aws-auto refresh
Notice how the failed account is not in saml2aws-auto.yml anymore

Expected behavior
The config should not delete failed accounts.

Update check is unreliable

The update check is set to work with a timeout of 400ms. A lot of times, this means an update check will never be completed based on the users' internet connection.

To make the update process more reliable, think about adding the following:

Store a timestamp of when we last checked for a new version in the config file
After a certain amount of time has passed (7 days?), check for a new version and store the new timestamp

This way we keep unnecessary update checks to a minimum and ensure that a new version will be checked for without depending on the users internet connection.

Add interactive reconfigure command

You are currently only prompted to update the configuration when no config file exists. There should be a command to reconfigure.

To implement this the current interactive function needs to be split into multiple functions, maybe add a Config::from_interactive function.

Improve error handling

With the native branch, there is a ton of unwrap calls because I didn't pay attention to error handling when prototyping the native integration. That should be changed.

Message when Invalid username/password is provided
Messages get printed in groups add
Messages get printed in refresh

add new account to existing list

#Hey ruke,
can you add a feature that I can add an aws account to an existing group.

Right now the only ways I found are

extend the .saml2aws-auto.yml
overwriting existing group (which would make it necessary to add every existing account to this new group again)

Thanks
Crispin

failed to execute "cargo install saml2aws-auto"

Describe the bug
failed to execute command cargo install saml2aws-auto .

To Reproduce
Steps to reproduce the behavior:

execute cargo install saml2aws-auto

Expected behavior

succeeded cargo install execution.

Logs

build logs

$ cargo install saml2aws-auto

    Updating crates.io index
  Installing saml2aws-auto v1.6.7
   Compiling semver-parser v0.7.0
   Compiling autocfg v0.1.6
   Compiling libc v0.2.62
   Compiling rand_core v0.4.2
   Compiling byteorder v1.3.2
   Compiling arrayvec v0.4.11
   Compiling proc-macro2 v0.4.30
   Compiling cfg-if v0.1.9
   Compiling nodrop v0.1.13
   Compiling log v0.4.8
   Compiling proc-macro2 v1.0.3
   Compiling lazy_static v1.4.0
   Compiling stable_deref_trait v1.1.1
   Compiling siphasher v0.2.3
   Compiling unicode-xid v0.2.0
   Compiling scopeguard v0.3.3
   Compiling scopeguard v1.0.0
   Compiling smallvec v0.6.10
   Compiling unicode-xid v0.1.0
   Compiling ryu v1.0.0
   Compiling serde v1.0.100
   Compiling fnv v1.0.6
   Compiling futures v0.1.29
   Compiling syn v1.0.5
   Compiling slab v0.4.2
   Compiling core-foundation-sys v0.2.3
   Compiling security-framework-sys v0.1.16
   Compiling string_cache_shared v0.3.0
   Compiling version_check v0.1.5
   Compiling itoa v0.4.4
   Compiling syn v0.15.44
   Compiling matches v0.1.8
   Compiling new_debug_unreachable v1.0.3
   Compiling httparse v1.3.4
   Compiling remove_dir_all v0.5.2
   Compiling mac v0.1.1
   Compiling crc32fast v1.2.0
   Compiling bitflags v1.1.0
   Compiling dtoa v0.4.4
   Compiling precomputed-hash v0.1.1
   Compiling memchr v2.2.1
   Compiling procedural-masquerade v0.1.6
   Compiling utf-8 v0.7.5
   Compiling try-lock v0.1.0
   Compiling safemem v0.3.2
   Compiling lazy_static v0.2.11
   Compiling scoped-tls v0.1.2
   Compiling language-tags v0.2.2
   Compiling percent-encoding v1.0.1
   Compiling unicode-width v0.1.6
   Compiling mime v0.3.14
   Compiling encoding_rs v0.8.19
   Compiling yaml-rust v0.3.5
   Compiling linked-hash-map v0.5.2
   Compiling strsim v0.8.0
   Compiling take_mut v0.2.2
   Compiling rle-decode-fast v1.0.1
   Compiling bitflags v0.7.0
   Compiling adler32 v1.0.3
   Compiling vec_map v0.8.1
   Compiling regex v0.2.11
   Compiling ansi_term v0.11.0
   Compiling ucd-util v0.1.5
   Compiling safemem v0.2.0
   Compiling utf8-ranges v1.0.4
   Compiling hex v0.3.2
   Compiling ego-tree v0.3.0
   Compiling rust-ini v0.12.2
   Compiling rand_core v0.3.1
   Compiling rand_chacha v0.1.1
   Compiling rand_pcg v0.1.2
   Compiling rand v0.6.5
   Compiling num-traits v0.2.8
   Compiling num-integer v0.1.41
   Compiling crossbeam-utils v0.6.6
   Compiling thread_local v0.3.6
   Compiling owning_ref v0.4.0
   Compiling servo_arc v0.1.1
   Compiling proc-macro2 v0.3.8
   Compiling semver v0.9.0
   Compiling phf_shared v0.7.24
   Compiling unicode-normalization v0.1.8
   Compiling unicode-bidi v0.3.4
   Compiling futf v0.1.4
   Compiling dtoa-short v0.3.2
   Compiling unicase v2.5.1
   Compiling textwrap v0.11.0
   Compiling yaml-rust v0.4.3
   Compiling xml-rs v0.3.6
   Compiling regex-syntax v0.5.6
   Compiling rand_hc v0.1.0
   Compiling rand_xorshift v0.1.1
   Compiling rand_isaac v0.1.1
   Compiling tokio-sync v0.1.6
   Compiling tokio-service v0.1.0
   Compiling relay v0.1.1
   Compiling lock_api v0.1.5
   Compiling phf v0.7.24
   Compiling tendril v0.4.1
   Compiling tokio-executor v0.1.8
   Compiling crossbeam-queue v0.1.2
   Compiling rustc_version v0.2.3
   Compiling want v0.0.4
   Compiling log v0.3.9
   Compiling rand_os v0.1.3
   Compiling rand_jitter v0.1.4
   Compiling iovec v0.1.2
   Compiling net2 v0.2.33
   Compiling num_cpus v1.10.1
   Compiling rand v0.4.6
   Compiling time v0.1.42
   Compiling atty v0.2.13
   Compiling termios v0.3.1
   Compiling rpassword v2.1.0
   Compiling dirs v1.0.5
   Compiling quote v0.5.2
   Compiling idna v0.1.5
   Compiling base64 v0.9.3
   Compiling base64 v0.6.0
   Compiling libflate v0.1.27
   Compiling tokio-current-thread v0.1.6
   Compiling tokio-timer v0.2.11
   Compiling memoffset v0.5.1
   Compiling parking_lot_core v0.4.0
   Compiling aho-corasick v0.6.10
   Compiling bytes v0.4.12
   Compiling futures-cpupool v0.1.8
   Compiling core-foundation v0.2.3
   Compiling quote v0.6.13
   Compiling clap v2.33.0
   Compiling quote v1.0.2
   Compiling crossterm v0.3.0
   Compiling mio v0.6.19
   Compiling syn v0.13.11
   Compiling cookie v0.10.1
   Compiling tempdir v0.3.7
   Compiling uuid v0.6.5
   Compiling mime_guess v2.0.1
   Compiling tokio-io v0.1.12
   Compiling security-framework v0.1.16
   Compiling phf_generator v0.7.24
   Compiling serde_json v1.0.40
   Compiling serde-xml-rs v0.2.1
   Compiling serde_yaml v0.7.5
   Compiling chrono v0.4.9
   Compiling string_cache_codegen v0.4.2
   Compiling phf_codegen v0.7.24
   Compiling mio-uds v0.6.7
   Compiling tokio-codec v0.1.1
   Compiling url v1.7.2
   Compiling native-tls v0.1.5
   Compiling crossbeam-epoch v0.7.2
   Compiling parking_lot v0.7.1
   Compiling selectors v0.19.0
   Compiling string_cache v0.7.3
   Compiling crossbeam-deque v0.7.1
   Compiling tokio-reactor v0.1.9
   Compiling serde_urlencoded v0.5.5
   Compiling tokio-threadpool v0.1.15
   Compiling tokio-tcp v0.1.3
   Compiling tokio-uds v0.2.5
   Compiling tokio-udp v0.1.5
   Compiling tokio-fs v0.1.6
   Compiling tokio v0.1.22
   Compiling cssparser v0.23.10
error[E0433]: failed to resolve: could not find `Pat` in `syn`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:89:23
   |
89 |                 &syn::Pat::Lit(syn::PatLit{ref expr}) => {
   |                       ^^^ could not find `Pat` in `syn`

error[E0433]: failed to resolve: could not find `Pat` in `syn`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:95:23
   |
95 |                 &syn::Pat::Range(syn::PatRange { ref lo, ref hi, .. }) => {
   |                       ^^^ could not find `Pat` in `syn`

error[E0433]: failed to resolve: could not find `Pat` in `syn`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:107:23
    |
107 |                 &syn::Pat::Wild(_) => {
    |                       ^^^ could not find `Pat` in `syn`

error[E0433]: failed to resolve: could not find `Pat` in `syn`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:114:23
    |
114 |                 &syn::Pat::Ident(syn::PatIdent { ident, .. }) => {
    |                       ^^^ could not find `Pat` in `syn`

error[E0407]: method `fold_stmt` is not a member of trait `Fold`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:153:5
    |
153 | /     fn fold_stmt(&mut self, stmt: syn::Stmt) -> syn::Stmt {
154 | |         match stmt {
155 | |             syn::Stmt::Item(syn::Item::Macro(syn::ItemMacro{ ref mac, .. })) => {
156 | |                 if mac.path == parse_quote!(match_byte) {
...   |
163 | |         syn::fold::fold_stmt(self, stmt)
164 | |     }
    | |_____^ not a member of trait `Fold`

error[E0433]: failed to resolve: could not find `Stmt` in `syn`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:155:18
    |
155 |             syn::Stmt::Item(syn::Item::Macro(syn::ItemMacro{ ref mac, .. })) => {
    |                  ^^^^ could not find `Stmt` in `syn`

error[E0433]: failed to resolve: could not find `Item` in `syn`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:155:34
    |
155 |             syn::Stmt::Item(syn::Item::Macro(syn::ItemMacro{ ref mac, .. })) => {
    |                                  ^^^^ could not find `Item` in `syn`

error[E0433]: failed to resolve: could not find `Stmt` in `syn`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:157:60
    |
157 |                     return syn::fold::fold_stmt(self, syn::Stmt::Expr(expand_match_byte(&mac.tts)))
    |                                                            ^^^^ could not find `Stmt` in `syn`

error[E0423]: expected function, found macro `syn::parse_file`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:20:15
   |
20 |     let ast = syn::parse_file(&source).expect("Parsing rules.rs module");
   |               ^^^^^^^^^^^^^^^ help: use `!` to invoke the macro: `syn::parse_file!`

error[E0573]: expected type, found macro `syn::Arm`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:30:15
   |
30 |     arms: Vec<syn::Arm>,
   |               ^^^^^^^^ help: use `!` to invoke the macro: `syn::Arm!`

error[E0573]: expected type, found macro `syn::Arm`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:37:27
   |
37 |         arms: many0!(syn!(syn::Arm)) >> (
   |                           ^^^^^^^^ help: use `!` to invoke the macro: `syn::Arm!`

error[E0574]: expected struct, variant or union type, found macro `syn::PatLit`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:89:32
   |
89 |                 &syn::Pat::Lit(syn::PatLit{ref expr}) => {
   |                                ^^^^^^^^^^^ help: use `!` to invoke the macro: `syn::PatLit!`

error[E0574]: expected struct, variant or union type, found macro `syn::PatRange`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:95:34
   |
95 |                 &syn::Pat::Range(syn::PatRange { ref lo, ref hi, .. }) => {
   |                                  ^^^^^^^^^^^^^ help: use `!` to invoke the macro: `syn::PatRange!`

error[E0574]: expected struct, variant or union type, found macro `syn::PatIdent`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:114:34
    |
114 |                 &syn::Pat::Ident(syn::PatIdent { ident, .. }) => {
    |                                  ^^^^^^^^^^^^^ help: use `!` to invoke the macro: `syn::PatIdent!`

error[E0573]: expected type, found macro `syn::Stmt`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:153:35
    |
153 |     fn fold_stmt(&mut self, stmt: syn::Stmt) -> syn::Stmt {
    |                                   ^^^^^^^^^ help: use `!` to invoke the macro: `syn::Stmt!`

error[E0573]: expected type, found macro `syn::Stmt`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:153:49
    |
153 |     fn fold_stmt(&mut self, stmt: syn::Stmt) -> syn::Stmt {
    |                                                 ^^^^^^^^^ help: use `!` to invoke the macro: `syn::Stmt!`

error[E0574]: expected struct, variant or union type, found macro `syn::ItemMacro`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:155:46
    |
155 |             syn::Stmt::Item(syn::Item::Macro(syn::ItemMacro{ ref mac, .. })) => {
    |                                              ^^^^^^^^^^^^^^ help: use `!` to invoke the macro: `syn::ItemMacro!`

error[E0423]: expected function, found macro `syn::fold::fold_stmt`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:157:28
    |
157 |                     return syn::fold::fold_stmt(self, syn::Stmt::Expr(expand_match_byte(&mac.tts)))
    |                            ^^^^^^^^^^^^^^^^^^^^
help: a function with a similar name exists
    |
157 |                     return syn::fold::fold_lit(self, syn::Stmt::Expr(expand_match_byte(&mac.tts)))
    |                                       ^^^^^^^^
help: use `!` to invoke the macro
    |
157 |                     return syn::fold::fold_stmt!(self, syn::Stmt::Expr(expand_match_byte(&mac.tts)))
    |                            ^^^^^^^^^^^^^^^^^^^^^

error[E0423]: expected function, found macro `syn::fold::fold_stmt`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:163:9
    |
163 |         syn::fold::fold_stmt(self, stmt)
    |         ^^^^^^^^^^^^^^^^^^^^
help: a function with a similar name exists
    |
163 |         syn::fold::fold_lit(self, stmt)
    |                    ^^^^^^^^
help: use `!` to invoke the macro
    |
163 |         syn::fold::fold_stmt!(self, stmt)
    |         ^^^^^^^^^^^^^^^^^^^^^

error[E0599]: no method named `fold_file` found for type `match_byte::MatchByteParser` in the current scope
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:22:17
   |
14 | struct MatchByteParser {
   | ---------------------- method `fold_file` not found for this
...
22 |     let ast = m.fold_file(ast);
   |                 ^^^^^^^^^

error[E0609]: no field `pats` on type `&_`
  --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:87:25
   |
87 |         for pat in &arm.pats {
   |                         ^^^^

error[E0026]: struct `syn::ExprMacro` does not have a field named `mac`
   --> /Users/ikezawa-ryota/.cargo/registry/src/github.com-1ecc6299db9ec823/cssparser-0.23.10/build/match_byte.rs:168:50
    |
168 |             syn::Expr::Macro(syn::ExprMacro{ ref mac, .. }) => {
    |                                                  ^^^ struct `syn::ExprMacro` does not have this field

error: aborting due to 22 previous errors

Some errors have detailed explanations: E0026, E0407, E0423, E0433, E0599, E0609.
For more information about an error, try `rustc --explain E0026`.
error: Could not compile `cssparser`.
warning: build failed, waiting for other jobs to finish...
error: failed to compile `saml2aws-auto v1.6.7`, intermediate artifacts can be found at `/var/folders/fq/whc2twqs3y31s1nqz8t4lfm5tzk1hb/T/cargo-installDOQ5aY`

Caused by:
  build failed

Desktop (please complete the following information):

OS: MacOS High Sierra 10.13.6 (17G7024)
$ uname -v
Darwin Kernel Version 17.7.0: Wed Apr 24 21:17:24 PDT 2019; root:xnu-4570.71.45~1/RELEASE_X86_64

---
$ rustup --version
rustup 1.19.0 (2af131cf9 2019-09-08)
$ cargo --version
cargo 1.37.0 (9edd08916 2019-08-02)
$ rustc --version
rustc 1.37.0 (eae3437df 2019-08-13)

Additional context
Add any other context about the problem here.

thread panics when adding new group

Describe the bug

cli panics when trying to add a new group.

To Reproduce

configure saml2aws-auto
run saml2aws-auto groups add ...

Expected behavior

Successfully adds a group.

Logs

$ RUST_BACKTRACE=1 saml2aws-auto --skip-password-manager groups add default --prefix "myorg-" --role MyRole
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/groups.rs:36:21
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.44/src/backtrace/libunwind.rs:86
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.44/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:78
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:59
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1063
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1426
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:62
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:49
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:204
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:224
  10: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:470
  11: rust_begin_unwind
             at src/libstd/panicking.rs:378
  12: core::panicking::panic_fmt
             at src/libcore/panicking.rs:85
  13: core::panicking::panic
             at src/libcore/panicking.rs:52
  14: saml2aws_auto::groups::command
  15: saml2aws_auto::main
  16: std::rt::lang_start::{{closure}}
  17: main
  18: __libc_start_main
             at ../csu/libc-start.c:308
  19: <unknown>
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
[1]    5810 exit 101   RUST_BACKTRACE=1 saml2aws-auto --skip-password-manager groups add default

Desktop (please complete the following information):

OS: Void Linux (kernel 5.4.39_1)

Bad error messaging if keycloak password needs to be changed

Message is cannot get saml assertion

Add ability to export a profile

Possible syntax:

$ saml2aws-auto export my-account-dev

Credentials Process interface

It would be better not to store credentials in the ~/.aws/credentials file when refreshing credentials with saml2aws-auto

AWS Documentation.

Unsolved Issues

It looks like you cannot prompt the user for any input, as only the credentials are supposed to end up in stdout. Saml2aws-auto requires MFA, so we need to find a way on asking for the MFA token.

Simple Implementation

A command is needed to refresh a single account (for example saml2aws-auto refresh groupname accountname)
- Consider only saml2aws-auto refresh accountname as there generally might be overlap in accounts for groups, but that might need more refactoring in how accounts and groups are currently stored
A flag is needed to output data as json, with the format required by the aws cli:

{
  "Version": 1,
  "AccessKeyId": "an AWS access key",
  "SecretAccessKey": "your AWS secret access key",
  "SessionToken": "the AWS session token for temporary credentials", 
  "Expiration": "ISO8601 timestamp when the credentials expire"
}

A configured profile could then use a credentials process like saml2aws-auto refresh groupname accountname --force --credential-process (or --output json).

Caching

The above implementation would not allow caching and might be more annoying to use. To facilitate caching, we could encrypt a new credentials file using the password (as it is stored in the OS-native keychain), and then decrypt it when running the refresh command first. It might also be helpful to have a separate command for this credential process interface.

Issues with this approach

The main issue I see with this is handling password resets (saml2aws-auto configure), but in that case we could fall back to refreshing anyway if we cannot decrypt the file.

Alternative Approaches

In addition to the users password, a per machine encryption key could be stored in the OS-native keychain

Document Proxy configuration

sam2aws-auto doesn't trigger token push

Describe the bug

When configuring saml2aws-auto, the tool doesn't trigger the MFA approval push.

To Reproduce
Steps to reproduce the behaviour:

Use AzureAD as authentication provider.
Configure as below.
Don't get any push approval with MFA on Microsoft Authenticator app.

? IDP URL [localhost]: https://account.activedirectory.windowsazure.com
? IDP Username: <[email protected]>
? IDP Password:

All set!
If you need to reconfigure your details, use saml2aws-auto configure
? MFA Token [000000]:
Listing allowed roles for your account	FAIL

Could not add group:

	Could not find saml submit form

Expected behaviour

The same as aws-azure-login or saml2aws, where when you've entered your username and password you get a push to the Microsoft Authenticator app to approve/deny the login.

Logs

Please attach the complete log of the saml2aws-auto command you ran.

Desktop (please complete the following information):

OS: macOS 12.6
Version: 1.11.0

Additional context
Add any other context about the problem here.

Example saml2aws config:

[aws-account-1]
app_id               = <redacted big number>
url                  = https://account.activedirectory.windowsazure.com
username             = <[email protected]>
provider             = AzureAD
mfa                  = PhoneAppNotification
skip_verify          = false
timeout              = 0
aws_urn              = urn:amazon:webservices
aws_session_duration = 3600
aws_profile          = dosa-dev
resource_id          =
subdomain            =
role_arn             = arn:aws:iam::<redacted>:role/Developer
region               = ap-southeast-2
http_attempts_count  = 3
http_retry_delay     = 1

or the same example but using ~/.aws/config (saml2aws):

[profile aws-account-1]
azure_app_id_uri="https://signin.aws.amazon.com/saml#6"
azure_default_role_arn=arn:aws:iam::<redacted>:role/Developer
region=ap-southeast-2
sso_region=ap-southeast-2
azure_default_username=<[email protected]>
azure_default_duration_hours=1
azure_default_remember_me=true
azure_tenant_id=<redacted big number>

Keeps Requesting MFA Token on Refresh

Describe the bug
Since the changes to allow refreshing of multiple groups, when calling saml2aws-auto refresh <group> for a group that has a valid session, it keeps asking for an MFA token.

This causes annoyance when using s2a in scripts as you keep having to enter MFA tokens for valid sessions.

Expected behavior
If all groups have a valid session it just displays "Nothing to refresh. All accounts have valid sessions." and continues.

Check new version using semver

Right now it's a simple != check, it should take semver into consideration

Positive Exit Codes

Hi there,

A possible enhancement to consider. We use the tool as part of some scripts to simplify running Terraform commands. It would be nice if the saml2aws-auto refresh <group-name> returned a positive exit code if the refresh fails to correctly refresh all roles. This, in turn, would force our scripts to exit rather than continue with invalid AWS tokens.

Hopefully that makes sense. Any additional information I can provide, just let me know.

add formula definition to Travis build

It would be nice to have travis re-calculate checksums for the current release, bump it's version and push a formula update to rukenshia/homebrew-repo/

Connection reset while refresh

Describe the bug
When I try to refresh the tokens on my windows system, I've got the following error:

saml2aws-auto -v refresh <group>
DEBU mfa flag not set, no valid session
? MFA Token [000000]: <MFA>
Refreshing <group>-xxx
DEBU got saml response, finding principal next
FAIL
Refreshing <group>-xxx
DEBU got saml response, finding principal next
FAIL
Refreshing <group>-xxx
DEBU got saml response, finding principal next
FAIL
Refreshing <group>-xxx
DEBU got saml response, finding principal next
FAIL

To Reproduce

Add the groups
Try to refresh the groups saml2aws-auto refresh <group>

rukenshia / saml2aws-auto Goto Github PK

saml2aws-auto's Introduction

saml2aws-auto

Installation

Linux

Features

Getting Started

Changing Password / Username / Other Configuration

Usage

Troubleshooting

I am behind a proxy

My password can't be stored

The name org.freedesktop.secrets was not provided by any .service files (org.freedesktop.DBus.Error.ServiceUnknown)))

saml2aws-auto's People

Contributors

Stargazers

Watchers

Forkers

saml2aws-auto's Issues

Unsolved Issues

Simple Implementation

Caching

Issues with this approach

Alternative Approaches

Recommend Projects

Recommend Topics

Recommend Org

Jobs

`The name org.freedesktop.secrets was not provided by any .service files (org.freedesktop.DBus.Error.ServiceUnknown)))`