Skip to content

Commit

Permalink
fix assume role client loop with dummy credential
Browse files Browse the repository at this point in the history
  • Loading branch information
snigdhasjg committed Nov 14, 2023
1 parent 271c2ba commit 420a99c
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 6 deletions.
1 change: 0 additions & 1 deletion aws_fusion/app.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import os
import argparse

from importlib.metadata import version
Expand Down
14 changes: 12 additions & 2 deletions aws_fusion/aws/assume_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def does_valid_token_cache_exists(self):

def credential_process(self):
credentials = self.__response['Credentials']
LOG.debug(f'Giving credential as aws credential process format. The credential: {credentials}')
LOG.debug(f'Giving credential as aws credential process format')

# https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
return json.dumps({
Expand All @@ -44,10 +44,20 @@ def credential_process(self):
"SessionToken": credentials['SessionToken'],
"Expiration": credentials['Expiration'].strftime('%Y-%m-%dT%H:%M:%S%Z')
})

def environement_variable(self):
credentials = self.__response['Credentials']
LOG.debug(f'Giving credential as environement variable format')

command = '$env:' if sys.platform == 'win32' else 'export '

print(f'{command}AWS_ACCESS_KEY_ID="{credentials["AccessKeyId"]}"')
print(f'{command}AWS_SECRET_ACCESS_KEY="{credentials["SecretAccessKey"]}"')
print(f'{command}AWS_SESSION_TOKEN="{credentials["SessionToken"]}"')

def assume_role_with_saml(self, saml_response, roles, sessoion_duration):
LOG.debug(f'Started assumning role with SAML')
client = boto3.client('sts')
client = boto3.Session(aws_access_key_id='dummy', aws_secret_access_key='dummy').client('sts')
selected_role = self.__role
try:
response = client.assume_role_with_saml(
Expand Down
2 changes: 2 additions & 0 deletions aws_fusion/commands/generate_okta_device_auth_credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,6 @@ def run(args):

if args.credential_process:
print(assume_role_with_cache.credential_process())
else:
print(assume_role_with_cache.environement_variable())

6 changes: 5 additions & 1 deletion aws_fusion/commands/iam_user_credentials.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import argparse
import json
import keyring
import sys

def setup(subparsers, parent_parser):
common_parser = argparse.ArgumentParser(add_help=False)
Expand Down Expand Up @@ -35,6 +36,9 @@ def run_get(args):
"SecretAccessKey": secret_key
}))
else:
print(secret_key)
command = '$env:' if sys.platform == 'win32' else 'export '

print(f'{command}AWS_ACCESS_KEY_ID="{args.access_key}"')
print(f'{command}AWS_SECRET_ACCESS_KEY="{secret_key}"')


5 changes: 3 additions & 2 deletions aws_fusion/okta/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,18 +36,19 @@ def verifiction_and_token(org_domain, oidc_client_id, device_code):
while True:
request = requests.post(url, headers=headers, data=payload)
response = request.json()
time.sleep(5)

# Check for authorization pending
if request.status_code == 400 and response['error'] == 'authorization_pending':
LOG.debug('Waiting for verification')
time.sleep(5)
continue

# Check for successful verification
if request.status_code == 200:
break

# Unexpected state. Die.
print(response, file=sys.stderr)
LOG.error(response)
sys.exit(1)

LOG.debug('Validated device code and got access_token & id_token')
Expand Down

0 comments on commit 420a99c

Please sign in to comment.