Merge pull request #104 from cevoaustralia/print_creds_on_parameter

printing credentials on parameter
cevoaustralia · Nov 6, 2018 · 3a110cc · 3a110cc
2 parents 86e4811 + 9d01128
commit 3a110cc
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@ build/
 .idea/
 Pipfile
 Pipfile.lock
+venv/*
diff --git a/README.rst b/README.rst
@@ -137,6 +137,7 @@ Usage
                             falls back to 'sts')
       -D, --disable-u2f     Disable U2F functionality.
       --no-cache            Do not cache the SAML Assertion.
+      --print-creds         Print the credentials to the terminal.
       -a, --ask-role        Set true to always pick the role
       -r ROLE_ARN, --role-arn ROLE_ARN
                             The ARN of the role to assume

diff --git a/aws_google_auth/__init__.py b/aws_google_auth/__init__.py
@@ -30,6 +30,7 @@ def parse_args(args):
     parser.add_argument('-p', '--profile', help='AWS profile (defaults to value of $AWS_PROFILE, then falls back to \'sts\')')
     parser.add_argument('-D', '--disable-u2f', action='store_true', help='Disable U2F functionality.')
     parser.add_argument('--no-cache', dest="saml_cache", action='store_false', help='Do not cache the SAML Assertion.')
+    parser.add_argument('--print-creds', action='store_true', help='Print Credentials.')
     parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases.')
     parser.add_argument('--save-failure-html', action='store_true', help='Write HTML failure responses to file for troubleshooting.')
 
@@ -147,6 +148,10 @@ def resolve_config(args):
         args.keyring,
         config.keyring)
 
+    config.print_creds = coalesce(
+        args.print_creds,
+        config.print_creds)
+
     return config
 
 
@@ -215,10 +220,11 @@ def process_auth(args, config):
     print("Assuming " + config.role_arn)
     print("Credentials Expiration: " + format(amazon_client.expiration.astimezone(get_localzone())))
 
+    if config.print_creds:
+        amazon_client.print_export_line()
+
     if config.profile:
         config.write(amazon_client)
-    else:
-        amazon_client.print_export_line()
 
 
 def main():

diff --git a/aws_google_auth/configuration.py b/aws_google_auth/configuration.py
@@ -33,6 +33,7 @@ def __init__(self, **kwargs):
         self.u2f_disabled = False
         self.resolve_aliases = False
         self.username = None
+        self.print_creds = False
 
     # For the "~/.aws/config" file, we use the format "[profile testing]"
     # for the 'testing' profile. The credential file will just be "[testing]"

diff --git a/aws_google_auth/tests/test_args_parser.py b/aws_google_auth/tests/test_args_parser.py
@@ -17,6 +17,7 @@ def test_no_arguments(self):
 
         self.assertTrue(parser.saml_cache)
         self.assertFalse(parser.ask_role)
+        self.assertFalse(parser.print_creds)
         self.assertFalse(parser.keyring)
         self.assertFalse(parser.resolve_aliases)
         self.assertFalse(parser.disable_u2f, None)
@@ -33,7 +34,7 @@ def test_no_arguments(self):
 
         # Assert the size of the parameter so that new parameters trigger a review of this function
         # and the appropriate defaults are added here to track backwards compatibility in the future.
-        self.assertEqual(len(vars(parser)), 13)
+        self.assertEqual(len(vars(parser)), 14)
 
     def test_username(self):
 

diff --git a/aws_google_auth/tests/test_init.py b/aws_google_auth/tests/test_init.py
@@ -56,6 +56,7 @@ def test_main_method_chaining(self, process_auth, resolve_config, exit_if_unsupp
                                          save_failure_html=False,
                                          saml_cache=True,
                                          sp_id=None,
+                                         print_creds=False,
                                          username=None))
                           ],
                          resolve_config.mock_calls)
@@ -72,6 +73,7 @@ def test_main_method_chaining(self, process_auth, resolve_config, exit_if_unsupp
                                          save_failure_html=False,
                                          saml_cache=True,
                                          sp_id=None,
+                                         print_creds=False,
                                          username=None),
                                mock_config)
                           ],
@@ -107,7 +109,6 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util):
         mock_util.Util = mock_util_obj
 
         mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[])
-        mock_amazon_client.print_export_line = Mock()
 
         mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client)
         mock_google.Google = MagicMock(return_value=mock_google_client)
@@ -134,9 +135,6 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util):
                                                 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])],
                          mock_util.mock_calls)
 
-        self.assertEqual([call()],
-                         mock_amazon_client.print_export_line.mock_calls)
-
         self.assertEqual([call.do_login(), call.parse_saml()],
                          mock_google_client.mock_calls)
 
@@ -152,6 +150,84 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util):
                                 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])
                           ], mock_util_obj.pick_a_role.mock_calls)
 
+    @patch('aws_google_auth.util', spec=True)
+    @patch('aws_google_auth.amazon', spec=True)
+    @patch('aws_google_auth.google', spec=True)
+    def test_process_auth_print_creds(self, mock_google, mock_amazon, mock_util):
+        mock_config = Mock()
+        mock_config.profile = False
+        mock_config.saml_cache = False
+        mock_config.keyring = False
+        mock_config.username = None
+        mock_config.idp_id = None
+        mock_config.sp_id = None
+        mock_config.return_value = None
+        mock_config.print_creds = True
+
+        mock_amazon_client = Mock()
+        mock_google_client = Mock()
+
+        mock_amazon_client.roles = {
+            'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
+            'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
+        }
+
+        mock_util_obj = MagicMock()
+        mock_util_obj.pick_a_role = MagicMock(return_value=("da_role", "da_provider"))
+        mock_util_obj.get_input = MagicMock(side_effect=["input", "input2", "input3"])
+        mock_util_obj.get_password = MagicMock(return_value="pass")
+
+        mock_util.Util = mock_util_obj
+
+        mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[])
+        mock_amazon_client.print_export_line = Mock()
+
+        mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client)
+        mock_google.Google = MagicMock(return_value=mock_google_client)
+
+        args = aws_google_auth.parse_args([])
+
+        # Method Under Test
+        aws_google_auth.process_auth(args, mock_config)
+
+        # Assert values collected
+        self.assertEqual(mock_config.username, "input")
+        self.assertEqual(mock_config.idp_id, "input2")
+        self.assertEqual(mock_config.sp_id, "input3")
+        self.assertEqual(mock_config.password, "pass")
+        self.assertEqual(mock_config.provider, "da_provider")
+        self.assertEqual(mock_config.role_arn, "da_role")
+
+        # Assert calls occur
+        self.assertEqual([call.Util.get_input('Google username: '),
+                          call.Util.get_input('Google IDP ID: '),
+                          call.Util.get_input('Google SP ID: '),
+                          call.Util.get_password('Google Password: '),
+                          call.Util.pick_a_role({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
+                                                'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'},
+                                                [])],
+                         mock_util.mock_calls)
+
+        self.assertEqual([call.do_login(), call.parse_saml()],
+                         mock_google_client.mock_calls)
+
+        self.assertEqual([call.raise_if_invalid()],
+                         mock_config.mock_calls)
+
+        self.assertEqual(
+            [call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
+                   'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'
+                   })],
+            mock_amazon_client.resolve_aws_aliases.mock_calls)
+
+        self.assertEqual(
+            [call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps',
+                   'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])
+             ], mock_util_obj.pick_a_role.mock_calls)
+
+        self.assertEqual([call()],
+                         mock_amazon_client.print_export_line.mock_calls)
+
     @patch('aws_google_auth.util', spec=True)
     @patch('aws_google_auth.amazon', spec=True)
     @patch('aws_google_auth.google', spec=True)
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,3 +7,4 @@ build/ @@
     .idea/
     Pipfile
     Pipfile.lock
+    venv/*