Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mangled AWS config output when certain characters are present in values #739

Open
Lerdson opened this issue Aug 23, 2024 · 0 comments · May be fixed by #766
Open

Mangled AWS config output when certain characters are present in values #739

Lerdson opened this issue Aug 23, 2024 · 0 comments · May be fixed by #766

Comments

@Lerdson
Copy link

Lerdson commented Aug 23, 2024

Trying to introduce Granted to my workplace but I've run in to an AWS config writing bug that's currently stopping us from storing our AWS configs in a Granted profile registry.

Background

We have a number of entries using SAML auth following this format:

[profile foo:dev]
azure_app_id_uri             = https://signin.aws.amazon.com/saml\#0000000000042

When Granted parses and writes these entries out in operations such as registry syncing, the parser picks up the "#" character as a comment and decides to convert it from an inline comment in to a standalone line comment like so:

[profile foo:dev]
# 0000000000042
azure_app_id_uri             = https://signin.aws.amazon.com/saml

As you would expect, this breaks the authentication process as the endpoint has been mangled. Quoting the value does not appear to help.

I was able to trace this issue in to Granted's use of https://github.com/go-ini/ini, which currently does not respect escaped symbols such as "#", in contrast with AWS CLI's own parser. I believe this will also affect configs containing ";" looking at the code. In my experiments I attempted the naive fix of rebuilding Granted to pass theIgnoreInlineComment option to calls of ini.Empty() and ini.LoadSources(). This appears to fix the issue at the cost of losing inline comment awareness, which probably isn't the end of the world since they'll still be passed through as part of the line.

There does not appear to be another way without patching the ini library code to have smarter handling of escaped special characters. This would perhaps be best solved on the ini library side but nonetheless I thought I'd log the issue here as it does directly affect Granted.

How to repoduce the issue

Repository adding/syncing

  1. Create a Granted profile registry with a config with values containing "#".
  2. Add/Sync from the registry using granted registry add.
  3. Observe the generated sections in your local AWS config file.

Creating a new profile registry from your local AWS config.

  1. Create a Granted profile registry with a config with values containing "#".
  2. Initialise a new profile registry from your existing AWS config using granted registry setup.
  3. Observe the generated registry config file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant