1

I'm using a shell script inside codebuild buildspec on Account A to login into Account B and seeing te below error, but when use the commands directly in buildspec file I'm able to login successfully into Account B Error Details

jq: error: Could not open file login.json: No such file or directory
jq: error: Could not open file login.json: No such file or directory
jq: error: Could not open file login.json: No such file or directory
An HTTP Client raised an unhandled exception: Invalid header value b'\r\r\r'

Auth.sh

echo $1 
 roleArn=$1
 aws sts assume-role --role-arn $roleArn --role-session-name testx > login.json
 GetAccess=$(jq '.Credentials.AccessKeyId' login.json)
 Access=$(echo "$GetAccess" | sed -e 's/^"//' -e 's/"$//')
 GetSecret=$(jq '.Credentials.SecretAccessKey' login.json)
 secret=$(echo "$GetSecret" | sed -e 's/^"//' -e 's/"$//')
 GetTOken=$(jq '.Credentials.SessionToken' login.json)
 token=$(echo "$GetTOken" | sed -e 's/^"//' -e 's/"$//')
 export AWS_ACCESS_KEY_ID=$Access
 export AWS_SECRET_ACCESS_KEY=$secret
 export AWS_SESSION_TOKEN=$token
 aws s3 ls

buildspec.yam

version: 0.2
phases:
  install:
    commands:
      - ls
  build:
    commands:
     - aws s3 cp s3://mybucket/auth.sh auth.sh
     - chmod a+x auth.sh
     - ./auth.sh "arn:aws:iam::xxxxx:role/roleToLogin"
     - ls
     - aws sts assume-role --role-arn "arn:aws:iam::xxxxx:role/roleToLogin"  --role-session-name testx > login.json
     - GetAccess=$(jq '.Credentials.AccessKeyId' login.json)
     - Access=$(echo "$GetAccess" | sed -e 's/^"//' -e 's/"$//')
     - GetSecret=$(jq '.Credentials.SecretAccessKey' login.json)
     - secret=$(echo "$GetSecret" | sed -e 's/^"//' -e 's/"$//')
     - GetTOken=$(jq '.Credentials.SessionToken' login.json)
     - token=$(echo "$GetTOken" | sed -e 's/^"//' -e 's/"$//')
     - export AWS_ACCESS_KEY_ID=$Access
     - export AWS_SECRET_ACCESS_KEY=$secret
     - export AWS_SESSION_TOKEN=$token
     - rm -f login.json
     - aws s3 ls
     
  post_build:
    commands:
      - echo test

enter image description here I'm I missing something here?

chris
  • 324
  • 3
  • 17
  • Can you show the buildspec file that you use? Also which CB image are you using? – Marcin Feb 12 '21 at 02:43
  • @Marcin Updated question with the requested details – chris Feb 12 '21 at 02:51
  • Thanks. So you are running the code twice. First in `./auth.sh "roleToLogin"` and then the same code again? – Marcin Feb 12 '21 at 02:56
  • @Marcin No just for the reference/testing purpose I've included the second set of login command in the buildspec but the eventual goal is to use auth.sh – chris Feb 12 '21 at 03:06
  • Are you sure you don't have any other errors from your CB? Did you enable cloudwatch logs for the builds? – Marcin Feb 12 '21 at 03:37
  • @Marcin I don't see any other errors other than the above-mentioned errors, which is jq couldn't open login.json file – chris Feb 12 '21 at 03:45
  • @Marcin When I use the ls command it doesn't work inside the auth.sh script – chris Feb 12 '21 at 03:46
  • In the code posted there is also some `cred.json`, so its confusing what is this file? But code in itself is correct. It should not fail. – Marcin Feb 12 '21 at 03:47
  • @Marcin Is there anything with file permission, since I'm creating this file auth.sh file on windows machine? – chris Feb 12 '21 at 03:50
  • Oh. Could be. Windows can have different new line characters then linux. Maybe have to look into that. – Marcin Feb 12 '21 at 03:52
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/228607/discussion-between-chris-and-marcin). – chris Feb 12 '21 at 03:52
  • Answer modified and un-deleted. – Marcin Feb 12 '21 at 04:10

1 Answers1

1

Based on the comments and chat discussion.

The issue was due to using Windows to create the auth.sh. Windows was adding some extra white characters to it, resulting in the error.

Using dos2unix tool to convert windows file format to linux solved the problem.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • I'm able to login with the second set of commands(outside of shell script) using the same rolearn – chris Feb 12 '21 at 03:16
  • @chris Please double check. `--role-arn roleToLogin` is invalid for the current CLI. It must be `--role-arn arn:aws:iam::xxxxx:role/roleToLogin`. – Marcin Feb 12 '21 at 03:18
  • and also If I use the cat login.json I'm able to see the temporary creds and token generated – chris Feb 12 '21 at 03:19
  • @chris Maybe you are checking other script, not the one in the question. I don't see how it could work with just a role name `--role-arn roleToLogin` – Marcin Feb 12 '21 at 03:21
  • Sorry for the confusion I'm passing the roleToLogin into the shell script as the format you provided – chris Feb 12 '21 at 03:26
  • @chris I see. That's correct. I will try to try to look more why it fails. If can't find anything I will remove the answer. – Marcin Feb 12 '21 at 03:27