nordcloud / assume-role-arn Goto Github PK

https://github.com/nordcloud/assume-role-arn/releases/tag/v0.3.6 doesn't contain an assume-role-arn-linux and assume-role-arn-osx yet.

I've downloaded assume-role-arn v0.3.8 and when executing:
bash-5.0# assume-role-arn -version assume-role-arn v0.3.4 (23d9db18bb7982c33708c8cd59c72d97b284fe4c)

This is the case for both osx and linux versions.

It seems that the version is not bumped after release 0.3.4:
https://github.com/nordcloud/assume-role-arn/blob/master/cmd/assume-role-arn/version.go

FATA[0005] failed to assume role error=“NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors”

Newer AWS SDK versions address this issue, PR #129 would fix it

When downloading the binary from releases and using it according to the guide I'm getting the following error:

xxx@xxx ~> eval $(assume-role-arn -profile xxx -verbose)                  
/usr/local/bin/assume-role-arn: line 1: syntax error near unexpected token `<'
/usr/local/bin/assume-role-arn: line 1: `<html><body>You are being <a href="https://github-releases.githubusercontent.com/xxx/uuid?X-Amz-Algorithm=xxx&amp;X-Amz-Credential=xxx&amp;X-Amz-Date=xxx&amp;X-Amz-Expires=xxx&amp;X-Amz-Signature=xxx&amp;X-Amz-SignedHeaders=xxx&amp;actor_id=xxx&amp;key_id=xxx&amp;repo_id=xxx&amp;response-content-disposition=attachment%3B%20filename%3Dassume-role-arn-osx&amp;response-content-type=application%2Foctet-stream">redirected</a>.</body></html>'

When following the redirect url I'm getting

<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<X-Amz-Expires>300</X-Amz-Expires>
<Expires>2021-08-09T06:07:12Z</Expires>
<ServerTime>2021-08-09T06:40:19Z</ServerTime>
<RequestId>xxx</RequestId>
<HostId>xxx/xxx</HostId>
</Error>

I've solved the problem after cloning the repository and building it locally. It could be related with the fact that I'm using Macbook with M1 chip (runtime.GOOS = darwin, runtime.GOARCH = arm64), while the binary is prepared for Intel chipset (GOOS = darwin, but no GOARCH in Makefile).

Maybe it would be nice to cross-compile and release the binaries for more OS/architectures?

Travis is making some unclear moves regarding open-source projects, let's switch to GitHub Actions.

Remember about TRAVIS_TAG in Makefile that needs to be replaced.

It reads wrong MFA serial

Even if you set ignoreCache, assume-role-arn is trying to cache the credentials. this should not happen. Now when you run the tool in e.g. alpine docker image you keep seeing these:

time="2019-12-01T22:58:57Z" level=error msg="failed to cache credentials" error="open /root/.cache/assume-role-be62a54dd201c68e3a76a37b682f78dd21bf46b31f781423d80606e252c53b96: no such file or directory"

Even though the -ignoreCache flag was passed.

After GH Actions switch (depends on #52) we can sign a binary for MacOS with company's certificate.