-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automate prompt for mfa, app, role selections #354
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -55,6 +55,8 @@ def __init__(self, gac_ui, create_config=True): | |
self.action_output_format = False | ||
self.output_format = 'export' | ||
self.roles = [] | ||
self.okta_app = None | ||
self.okta_role = None | ||
|
||
if self.ui.environ.get("OKTA_USERNAME") is not None: | ||
self.username = self.ui.environ.get("OKTA_USERNAME") | ||
|
@@ -145,6 +147,8 @@ def get_args(self): | |
'--action-setup-fido-authenticator', action='store_true', | ||
help='Sets up a new FIDO WebAuthn authenticator in Okta' | ||
) | ||
parser.add_argument('--okta-app', type=int) | ||
parser.add_argument('--okta-role', type=int) | ||
args = parser.parse_args(self.ui.args) | ||
|
||
self.action_configure = args.action_configure | ||
|
@@ -173,6 +177,11 @@ def get_args(self): | |
self.output_format = args.output_format | ||
if args.roles is not None: | ||
self.roles = [role.strip() for role in args.roles.split(',') if role.strip()] | ||
if args.okta_app is not None: | ||
self.okta_app = args.okta_app | ||
if args.okta_role is not None: | ||
self.okta_role = args.okta_role | ||
|
||
self.conf_profile = args.profile or 'DEFAULT' | ||
|
||
def _handle_config(self, config, profile_config, include_inherits = True): | ||
|
@@ -578,4 +587,4 @@ def fail_if_profile_not_found(self, profile_config, conf_profile, default_sectio | |
""" | ||
if not profile_config and conf_profile == default_section: | ||
raise errors.GimmeAWSCredsError( | ||
'DEFAULT profile is missing! This is profile is required when not using --profile') | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have no idea why there is a change on this line. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This was done by your editor when you saved the file, not a big deal. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Your editor added a newline character at the end of the line. GitHub indicates the absence of this with a red circle around a horizontal line. When the character exists at the end of the last line of the file, GitHub just shows the line from the file. You can see the difference locally by running |
||
'DEFAULT profile is missing! This is profile is required when not using --profile') |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -319,6 +319,10 @@ def _choose_app(self, aws_info): | |
if len(aws_info) == 1: | ||
return aws_info[0] # auto select when only 1 choice | ||
|
||
if self.config.okta_app is not None: | ||
self.ui.info("Detected app in config: {}".format(aws_info[self.config.okta_app]['name'])) | ||
return aws_info[self.config.okta_app] | ||
|
||
app_strs = [] | ||
for i, app in enumerate(aws_info): | ||
app_strs.append('[{}] {}'.format(i, app["name"])) | ||
|
@@ -415,6 +419,10 @@ def _choose_roles(self, roles): | |
self.ui.info("Detected single role: {}".format(single_role)) | ||
return {single_role} | ||
|
||
if self.config.okta_role is not None: | ||
self.ui.info("Detected role in config: {}".format(roles[self.config.okta_role].role)) | ||
return {roles[self.config.okta_role].role} | ||
|
||
# Gather the roles available to the user. | ||
role_strs = self.resolver._display_role(roles) | ||
|
||
|
@@ -549,6 +557,9 @@ def okta(self): | |
if self.conf_dict.get('preferred_mfa_type'): | ||
okta.set_preferred_mfa_type(self.conf_dict['preferred_mfa_type']) | ||
|
||
if self.conf_dict.get('preffered_mfa_provider'): | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I added |
||
okta.set_preferred_mfa_provider(self.conf_dict['preffered_mfa_provider']) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Spelling error - |
||
|
||
if self.config.mfa_code is not None: | ||
okta.set_mfa_code(self.config.mfa_code) | ||
elif self.conf_dict.get('okta_mfa_code'): | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added two of new arguments;
--okta-app
,--okta-role
are automatically select the specific app and role.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the inputs should be the app and role names, not their position in the list from Okta. Those positions will change as accounts/roles are added and removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, there are existing config options for these settings (
aws_appname
andaws_rolename
) the parameters should match those names