Feat filter selection: adds --filter-selection/-f option to filter generated role selection screen

README.md

@@ -184,7 +184,7 @@ You can run a specific configuration profile with the `--profile` parameter:
 
 The username and password you are prompted for are the ones you login to Okta with. You can predefine your username by setting the `OKTA_USERNAME` environment variable or using the `-u username` parameter.
 
-If you have not configured an Okta App or Role, you will prompted to select one.
+If you have not configured an Okta App or Role, you will prompted to select one. If you want to filter the resulting list (for those with access to hundreds of roles), you can make use of the `--filter-selection/-f` option like so: `gimme-aws-creds -f prod` which would return only the roles where the account name contains the string `prod`. Note: use of the `-f` option requires `resolve_aws_alias` to be set to `True` to work as intended.
 
 If all goes well you will get your temporary AWS access, secret key and token, these will either be written to stdout or `~/.aws/credentials`.
 

gimme_aws_creds/config.py

@@ -55,6 +55,7 @@ def __init__(self, gac_ui, create_config=True):
  self.action_output_format = False
  self.output_format = 'export'
  self.roles = []
+ self.filter_selection = ""
 
  if self.ui.environ.get("OKTA_USERNAME") is not None:
  self.username = self.ui.environ.get("OKTA_USERNAME")
@@ -106,6 +107,15 @@ def get_args(self):
  'for example: arn:aws:iam::123456789012:role/Admin,/:210987654321:/ '
  'would match both account 123456789012 by ARN and 210987654321 by regexp'
  )
+ parser.add_argument(
+ '--filter-selection', '-f',
+ help='If set, the input will be used to filter the list of roles presented to the user. '
+ 'The filter acts on the so called \'friendly_account_name\' associated with each role. '
+ 'The friendly account name contains the account name and number. '
+ 'For example: \'nonprod\' would match any roles where the text \'nonprod\' is found. '
+ 'If only one match is found, it will be auto selected and credentials generated. '
+ 'If no results are found, the program exits.'
+ )
  parser.add_argument(
  '--resolve', '-r',
  action='store_true',
@@ -173,6 +183,8 @@ def get_args(self):
  self.output_format = args.output_format
  if args.roles is not None:
  self.roles = [role.strip() for role in args.roles.split(',') if role.strip()]
+ if args.filter_selection is not None:
+ self.filter_selection = args.filter_selection.strip()
  self.conf_profile = args.profile or 'DEFAULT'
 
  def _handle_config(self, config, profile_config, include_inherits = True):

gimme_aws_creds/main.py

@@ -372,12 +372,13 @@ def _get_user_int_selection(self, min_int, max_int, max_retries=5):
 
  return selection
 
- def _get_selected_roles(self, requested_roles, aws_roles):
+ def _get_selected_roles(self, requested_roles, aws_roles, filter_selection=""):
  """ select the role from the config file if it exists in the
  results from Okta. If not, present the user with a menu. """
+ filtered_roles = [role for role in aws_roles if filter_selection in role.friendly_account_name]
  # 'all' is a special case - skip processing
  if requested_roles == 'all':
- return set(role.role for role in aws_roles)
+ return set(role.role for role in filtered_roles)
  # check to see if a role is in the config and look for it in the results from Okta
  if requested_roles:
  ret = set()
@@ -399,6 +400,9 @@ def _get_selected_roles(self, requested_roles, aws_roles):
  return ret
  self.ui.error("ERROR: AWS roles [{}] not found!".format(', '.join(requested_roles)))
 
+ if filter_selection:
+ return self._choose_roles(filtered_roles)
+
  # Present the user with a list of roles to choose from
  return self._choose_roles(aws_roles)
 
@@ -669,7 +673,7 @@ def aws_roles(self):
  def aws_selected_roles(self):
  if 'aws_selected_roles' in self._cache:
  return self._cache['aws_selected_roles']
- selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles)
+ selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles, self.config.filter_selection)
  self._cache['aws_selected_roles'] = ret = [
  role
  for role in self.aws_roles

tests/test_config.py

@@ -31,6 +31,7 @@ def tearDown(self):
  remember_device=False,
  output_format=None,
  roles=None,
+ filter_selection = None,
  action_register_device=False,
  action_configure=False,
  action_list_profiles=False,