Describe the bug
After i installed the aws-toolkit inside PyCharm i tried to set my aws-profile according to Documentation, but when i clicked on AWS: No credentials selected in the status bar, the IDE raised an Exception.
To reproduce
Expected behavior
Pop-Up opens as described in Documentation.
Screenshots
Stacktrace (shortend):
java.lang.StackOverflowError
at java.base/java.util.LinkedHashMap.<init>(LinkedHashMap.java:347)
at java.base/java.util.HashSet.<init>(HashSet.java:162)
at java.base/java.util.LinkedHashSet.<init>(LinkedHashSet.java:154)
at software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileReaderKt.validateAssumeRoleProfile(ProfileReader.kt:50)
at software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileReaderKt.validateProfile(ProfileReader.kt:37)
at software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileReaderKt.validateAssumeRoleProfile(ProfileReader.kt:71)
at software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileReaderKt.validateProfile(ProfileReader.kt:37)
at software.aws.toolkits.jetbrains.core.credentials.profiles.ProfileReaderKt.validateAssumeRoleProfile(ProfileReader.kt:71)
[...]
Those two calls are repeated until it crashes.
Your Environment
Additional Infos
I have setup my AWS-Profiles in config and credentials files and can use them with the aws-cli or boto3-clients without any problems.
A colleagues of mine installed the AWS-Toolkit on his Windows10 machine and it worked out-of-the-box
I was not able to create a reproduction case, can you share sanitized credentials and config files
I have the same issue. I don't know exactly what is the problem, but I managed to make it work by removing profiles I had defined in the config file but that didn't have entries in the credentials file.
I have the same issue. I don't know exactly what is the problem, but I managed to make it work by removing profiles I had defined in the config file but that didn't have entries in the credentials file.
The two files get merged into one "view". We are happy to fix this, but without reproduction steps we are having issues finding the bug.
Sry that it took so long for me to answer
I have the same issue. I don't know exactly what is the problem, but I managed to make it work by removing profiles I had defined in the config file but that didn't have entries in the credentials file.
That was actually my problem, too.... I had an empty [default] section in the credentials-file. In my config-file the default-profile references another profile (probably that was my second problem). After removing the [default]-Tag from the credentials-file it works like a charm.
Is this information enough for you to reproduce, or is it the expected behavior, when there is an empty section in the credentials-file?
config:
[default]
region = eu-central-1
source_profile = company-idp
role_arn = arn:aws:iam::xxx:role/<role>
mfa_serial = arn:aws:iam::xxx:mfa/user
[profile company-dev]
region = eu-central-1
source_profile = company-idp
role_arn = arn:aws:iam::xxx:role/<role>
mfa_serial = arn:aws:iam::xxx:mfa/user
credentials:
[nas-dl]
aws_access_key_id = [...]
aws_secret_access_key = [...]
[default]
[company-idp]
aws_access_key_id = [...]
aws_secret_access_key = [...]
Hmm, no luck with testing the above with tip of master
I tried these two unit tests and also using your examples as my credential files. Both were happy
@Test
fun testSelfReferencingChain() {
configFile.writeText(
"""
[profile role]
role_arn=arn1
source_profile=role
""".trimIndent()
)
val (validProfiles, invalidProfiles) = validateAndGetProfiles()
assertThat(validProfiles).isEmpty()
assertThat(invalidProfiles.mapValues { it.value.message })
.containsKey("role")
.containsValue("A circular profile dependency was found between role->role")
}
@Test
fun testEmptyProfileIsIgnored() {
configFile.writeText(
"""
[default]
region = eu-central-1
source_profile = company-idp
role_arn = arn:aws:iam::xxx:role/<role>
mfa_serial = arn:aws:iam::xxx:mfa/user
[profile company-dev]
region = eu-central-1
source_profile = company-idp
role_arn = arn:aws:iam::xxx:role/<role>
mfa_serial = arn:aws:iam::xxx:mfa/user
""".trimIndent()
)
credentialsFile.writeText(
"""
[nas-dl]
aws_access_key_id = [...]
aws_secret_access_key = [...]
[default]
[company-idp]
aws_access_key_id = [...]
aws_secret_access_key = [...]
""".trimIndent()
)
val (validProfiles, invalidProfiles) = validateAndGetProfiles()
assertThat(invalidProfiles).isEmpty()
}
Edit: Also tried on caef9c3 which is the tagged version for 1.11. I am still stumped.
deleting the default profile from credentials file solved the problem for me.
I guess i found the true error with my case... I somehow had the role_arn and mfa_serial in both files. So my credentials looked as follows:
[nas-dl]
aws_access_key_id = [...]
aws_secret_access_key = [...]
[default]
[company-idp]
aws_access_key_id = [...]
aws_secret_access_key = [...]
role_arn = arn:aws:iam::xxx:role/<role>
mfa_serial = arn:aws:iam::xxx:mfa/user
config-file was the same. Sry i missed that piece, when trying to fix it with removing the default section.
As soon as i remove role_arn and mfa_serial from the source profile it works again.
Edit: Even if i don't remove the default-section from credentials it is no working, as long as there are no role_arn and mfa_serial entries in my credentials.
@ludetje, Thank you. I was able to reproduce it with your latest update
It is a gap in our logic, a role_arn requires a source_profile to be considered valid according to spec.
We were missing that check so it keeps going in a circle since it sees the role_arn but no source_profile to go deeper into the chain.
Fix has been released in 1.12