username will be used as session name

CHANGELOG.md

@@ -9,6 +9,7 @@ This changelog is inspired by [keepachangelog.com](http://http://keepachangelog.
 
 ### Changed
 - removed writing of support files for active account and team.
+- username will be used as session name
 
 ## 3.1.0 - 2020-01-30
 

app/aws/credentials.py

@@ -121,15 +121,15 @@ def fetch_session_token(mfa_token: str) -> Result:
     return result
 
 
-def fetch_role_credentials(profile_group: ProfileGroup) -> Result:
+def fetch_role_credentials(user_name: str, profile_group: ProfileGroup) -> Result:
     result = Result()
     credentials_file = _load_credentials_file()
     logger.info('fetch role credentials')
 
     try:
         for profile in profile_group.profiles:
             logger.info(f'fetch {profile.profile}')
-            secrets = _assume_role(profile.account, profile.role)
+            secrets = _assume_role(user_name, profile.account, profile.role)
             _add_profile_credentials(credentials_file, profile.profile, secrets)
             if profile.default:
                 _add_profile_credentials(credentials_file, 'default', secrets)
@@ -247,8 +247,8 @@ def _get_session_token(mfa_token) -> dict:
     return response['Credentials']
 
 
-def _assume_role(account_id, role) -> dict:
+def _assume_role(user_name, account_id, role) -> dict:
     client = _get_client('session-token', 'sts')
-    response = client.assume_role(RoleArn='arn:aws:iam::{}:role/{}'.format(account_id, role),
-                                  RoleSessionName='session-{}-{}'.format(account_id, role))
+    response = client.assume_role(RoleArn=f'arn:aws:iam::{account_id}:role/{role}',
+                                  RoleSessionName=user_name)
     return response['Credentials']

app/logsmith.py

@@ -70,7 +70,8 @@ def login(self, profile_group: ProfileGroup, action: QAction):
                 self.to_reset_state()
                 return
 
-        role_result = credentials.fetch_role_credentials(profile_group)
+        user_name = credentials.get_user_name()
+        role_result = credentials.fetch_role_credentials(user_name, profile_group)
         if not self._check_and_signal_error(role_result):
             return
         self.set_region()

tests/test_aws/test_credentials.py

@@ -158,7 +158,7 @@ def test_fetch_role_credentials(self, mock_credentials, mock_assume, mock_add_pr
         mock_assume.return_value = self.test_secrets
 
         profile_group = ProfileGroup('test', test_accounts.get_test_group())
-        result = credentials.fetch_role_credentials(profile_group)
+        result = credentials.fetch_role_credentials('test_user', profile_group)
 
         self.assertEqual(True, result.was_success)
         self.assertEqual(False, result.was_error)
@@ -190,7 +190,7 @@ def test_fetch_role_credentials__no_default(self, mock_credentials, mock_assume,
         mock_assume.return_value = self.test_secrets
 
         profile_group = ProfileGroup('test', test_accounts.get_test_group_no_default())
-        result = credentials.fetch_role_credentials(profile_group)
+        result = credentials.fetch_role_credentials('test-user', profile_group)
 
         self.assertEqual(True, result.was_success)
         self.assertEqual(False, result.was_error)

tests/test_logsmith_login.py

@@ -115,6 +115,7 @@ def test_login__mfa_no_token(self, mock_credentials):
     def test_login__valid_session(self, mock_credentials):
         mock_credentials.has_access_key.return_value = get_success_result()
         mock_credentials.check_session.return_value = get_success_result()
+        mock_credentials.get_user_name.return_value = 'test-user'
         mock_credentials.fetch_role_credentials.return_value = get_success_result()
 
         mock_action = Mock()
@@ -129,7 +130,8 @@ def test_login__valid_session(self, mock_credentials):
 
         expected = [call.has_access_key(),
                     call.check_session(),
-                    call.fetch_role_credentials(profile_group)]
+                    call.get_user_name(),
+                    call.fetch_role_credentials('test-user', profile_group)]
         self.assertEqual(expected, mock_credentials.mock_calls)
 
         expected = [call.disable_actions(True)]
@@ -148,6 +150,7 @@ def test_login__valid_session(self, mock_credentials):
     def test_login__first_login(self, mock_credentials):
         mock_credentials.has_access_key.return_value = get_success_result()
         mock_credentials.check_session.return_value = get_failed_result()
+        mock_credentials.get_user_name.return_value = 'test-user'
         mock_credentials.fetch_role_credentials.return_value = get_success_result()
         self.logsmith._renew_session.return_value = get_success_result()
 
@@ -163,7 +166,8 @@ def test_login__first_login(self, mock_credentials):
 
         expected = [call.has_access_key(),
                     call.check_session(),
-                    call.fetch_role_credentials(profile_group)]
+                    call.get_user_name(),
+                    call.fetch_role_credentials('test-user', profile_group)]
         self.assertEqual(expected, mock_credentials.mock_calls)
 
         expected = [call.disable_actions(True)]