You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to introduce Granted to my workplace but I've run in to an AWS config writing bug that's currently stopping us from storing our AWS configs in a Granted profile registry.
Background
We have a number of entries using SAML auth following this format:
When Granted parses and writes these entries out in operations such as registry syncing, the parser picks up the "#" character as a comment and decides to convert it from an inline comment in to a standalone line comment like so:
As you would expect, this breaks the authentication process as the endpoint has been mangled. Quoting the value does not appear to help.
I was able to trace this issue in to Granted's use of https://github.com/go-ini/ini, which currently does not respect escaped symbols such as "#", in contrast with AWS CLI's own parser. I believe this will also affect configs containing ";" looking at the code. In my experiments I attempted the naive fix of rebuilding Granted to pass theIgnoreInlineComment option to calls of ini.Empty() and ini.LoadSources(). This appears to fix the issue at the cost of losing inline comment awareness, which probably isn't the end of the world since they'll still be passed through as part of the line.
There does not appear to be another way without patching the ini library code to have smarter handling of escaped special characters. This would perhaps be best solved on the ini library side but nonetheless I thought I'd log the issue here as it does directly affect Granted.
How to repoduce the issue
Repository adding/syncing
Create a Granted profile registry with a config with values containing "#".
Add/Sync from the registry using granted registry add.
Observe the generated sections in your local AWS config file.
Creating a new profile registry from your local AWS config.
Create a Granted profile registry with a config with values containing "#".
Initialise a new profile registry from your existing AWS config using granted registry setup.
Observe the generated registry config file.
The text was updated successfully, but these errors were encountered:
Trying to introduce Granted to my workplace but I've run in to an AWS config writing bug that's currently stopping us from storing our AWS configs in a Granted profile registry.
Background
We have a number of entries using SAML auth following this format:
When Granted parses and writes these entries out in operations such as registry syncing, the parser picks up the "#" character as a comment and decides to convert it from an inline comment in to a standalone line comment like so:
As you would expect, this breaks the authentication process as the endpoint has been mangled. Quoting the value does not appear to help.
I was able to trace this issue in to Granted's use of https://github.com/go-ini/ini, which currently does not respect escaped symbols such as "#", in contrast with AWS CLI's own parser. I believe this will also affect configs containing ";" looking at the code. In my experiments I attempted the naive fix of rebuilding Granted to pass the
IgnoreInlineCommentoption to calls ofini.Empty()andini.LoadSources(). This appears to fix the issue at the cost of losing inline comment awareness, which probably isn't the end of the world since they'll still be passed through as part of the line.There does not appear to be another way without patching the ini library code to have smarter handling of escaped special characters. This would perhaps be best solved on the ini library side but nonetheless I thought I'd log the issue here as it does directly affect Granted.
How to repoduce the issue
Repository adding/syncing
granted registry add.Creating a new profile registry from your local AWS config.
granted registry setup.The text was updated successfully, but these errors were encountered: