From 3a374df8f97c9c97792bcfd9f78984c246144452 Mon Sep 17 00:00:00 2001 From: charaka Wijesuriya Date: Wed, 17 Oct 2018 23:56:44 +1100 Subject: [PATCH 1/5] added a parameter to print the creds --- .gitignore | 1 + aws_google_auth/__init__.py | 10 +++- aws_google_auth/configuration.py | 1 + aws_google_auth/tests/test_init.py | 86 ++++++++++++++++++++++++++++-- 4 files changed, 92 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 7630eb4..6754b2e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ build/ .idea/ Pipfile Pipfile.lock +venv/* \ No newline at end of file diff --git a/aws_google_auth/__init__.py b/aws_google_auth/__init__.py index 18c9efe..48b11c9 100644 --- a/aws_google_auth/__init__.py +++ b/aws_google_auth/__init__.py @@ -30,6 +30,7 @@ def parse_args(args): parser.add_argument('-p', '--profile', help='AWS profile (defaults to value of $AWS_PROFILE, then falls back to \'sts\')') parser.add_argument('-D', '--disable-u2f', action='store_true', help='Disable U2F functionality.') parser.add_argument('--no-cache', dest="saml_cache", action='store_false', help='Do not cache the SAML Assertion.') + parser.add_argument('--print-creds', action='store_true', help='Print Credentials.') parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases.') parser.add_argument('--save-failure-html', action='store_true', help='Write HTML failure responses to file for troubleshooting.') @@ -147,6 +148,10 @@ def resolve_config(args): args.keyring, config.keyring) + config.print_creds = coalesce( + args.print_creds, + config.print_creds) + return config @@ -215,10 +220,11 @@ def process_auth(args, config): print("Assuming " + config.role_arn) print("Credentials Expiration: " + format(amazon_client.expiration.astimezone(get_localzone()))) + if config.print_creds: + amazon_client.print_export_line() + if config.profile: config.write(amazon_client) - else: - amazon_client.print_export_line() def main(): diff --git a/aws_google_auth/configuration.py b/aws_google_auth/configuration.py index 2ec7f4a..fb7b8cf 100644 --- a/aws_google_auth/configuration.py +++ b/aws_google_auth/configuration.py @@ -33,6 +33,7 @@ def __init__(self, **kwargs): self.u2f_disabled = False self.resolve_aliases = False self.username = None + self.print_creds = False # For the "~/.aws/config" file, we use the format "[profile testing]" # for the 'testing' profile. The credential file will just be "[testing]" diff --git a/aws_google_auth/tests/test_init.py b/aws_google_auth/tests/test_init.py index ec2414a..99b3d3d 100644 --- a/aws_google_auth/tests/test_init.py +++ b/aws_google_auth/tests/test_init.py @@ -56,6 +56,7 @@ def test_main_method_chaining(self, process_auth, resolve_config, exit_if_unsupp save_failure_html=False, saml_cache=True, sp_id=None, + print_creds=False, username=None)) ], resolve_config.mock_calls) @@ -72,6 +73,7 @@ def test_main_method_chaining(self, process_auth, resolve_config, exit_if_unsupp save_failure_html=False, saml_cache=True, sp_id=None, + print_creds=False, username=None), mock_config) ], @@ -107,7 +109,7 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util): mock_util.Util = mock_util_obj mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[]) - mock_amazon_client.print_export_line = Mock() + # mock_amazon_client.print_export_line = Mock() mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client) mock_google.Google = MagicMock(return_value=mock_google_client) @@ -134,9 +136,6 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util): 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])], mock_util.mock_calls) - self.assertEqual([call()], - mock_amazon_client.print_export_line.mock_calls) - self.assertEqual([call.do_login(), call.parse_saml()], mock_google_client.mock_calls) @@ -152,6 +151,85 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util): 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, []) ], mock_util_obj.pick_a_role.mock_calls) + @patch('aws_google_auth.util', spec=True) + @patch('aws_google_auth.amazon', spec=True) + @patch('aws_google_auth.google', spec=True) + def test_process_auth_print_creds(self, mock_google, mock_amazon, mock_util): + mock_config = Mock() + mock_config.profile = False + mock_config.saml_cache = False + mock_config.keyring = False + mock_config.username = None + mock_config.idp_id = None + mock_config.sp_id = None + mock_config.return_value = None + mock_config.print_creds = True + + mock_amazon_client = Mock() + mock_google_client = Mock() + + mock_amazon_client.roles = { + 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', + 'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps' + } + + mock_util_obj = MagicMock() + mock_util_obj.pick_a_role = MagicMock(return_value=("da_role", "da_provider")) + mock_util_obj.get_input = MagicMock(side_effect=["input", "input2", "input3"]) + mock_util_obj.get_password = MagicMock(return_value="pass") + + mock_util.Util = mock_util_obj + + mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[]) + mock_amazon_client.print_export_line = Mock() + + mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client) + mock_google.Google = MagicMock(return_value=mock_google_client) + + args = aws_google_auth.parse_args([]) + + # Method Under Test + aws_google_auth.process_auth(args, mock_config) + + # Assert values collected + self.assertEqual(mock_config.username, "input") + self.assertEqual(mock_config.idp_id, "input2") + self.assertEqual(mock_config.sp_id, "input3") + self.assertEqual(mock_config.password, "pass") + self.assertEqual(mock_config.provider, "da_provider") + self.assertEqual(mock_config.role_arn, "da_role") + + # Assert calls occur + self.assertEqual([call.Util.get_input('Google username: '), + call.Util.get_input('Google IDP ID: '), + call.Util.get_input('Google SP ID: '), + call.Util.get_password('Google Password: '), + call.Util.pick_a_role({ + 'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', + 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, + [])], + mock_util.mock_calls) + + self.assertEqual([call.do_login(), call.parse_saml()], + mock_google_client.mock_calls) + + self.assertEqual([call.raise_if_invalid()], + mock_config.mock_calls) + + self.assertEqual( + [call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', + 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps' + })], + mock_amazon_client.resolve_aws_aliases.mock_calls) + + self.assertEqual( + [call({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', + 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, []) + ], mock_util_obj.pick_a_role.mock_calls) + + self.assertEqual([call()], + mock_amazon_client.print_export_line.mock_calls) + @patch('aws_google_auth.util', spec=True) @patch('aws_google_auth.amazon', spec=True) @patch('aws_google_auth.google', spec=True) From d66d641944a81ae223227cc17cfddc10b6da57a7 Mon Sep 17 00:00:00 2001 From: charaka Wijesuriya Date: Wed, 17 Oct 2018 23:59:01 +1100 Subject: [PATCH 2/5] update test --- aws_google_auth/tests/test_init.py | 1 - 1 file changed, 1 deletion(-) diff --git a/aws_google_auth/tests/test_init.py b/aws_google_auth/tests/test_init.py index 99b3d3d..448d3b4 100644 --- a/aws_google_auth/tests/test_init.py +++ b/aws_google_auth/tests/test_init.py @@ -109,7 +109,6 @@ def test_process_auth_standard(self, mock_google, mock_amazon, mock_util): mock_util.Util = mock_util_obj mock_amazon_client.resolve_aws_aliases = MagicMock(return_value=[]) - # mock_amazon_client.print_export_line = Mock() mock_amazon.Amazon = MagicMock(return_value=mock_amazon_client) mock_google.Google = MagicMock(return_value=mock_google_client) From 016445100eca8ac33fa60f75cdd14892004afcda Mon Sep 17 00:00:00 2001 From: charaka Wijesuriya Date: Thu, 18 Oct 2018 00:02:51 +1100 Subject: [PATCH 3/5] update the readme --- README.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/README.rst b/README.rst index 42e525d..0bd0094 100644 --- a/README.rst +++ b/README.rst @@ -137,6 +137,7 @@ Usage falls back to 'sts') -D, --disable-u2f Disable U2F functionality. --no-cache Do not cache the SAML Assertion. + --print-creds Print the credentials to the terminal. -a, --ask-role Set true to always pick the role -r ROLE_ARN, --role-arn ROLE_ARN The ARN of the role to assume From e3cfa831ab96fbb8e7730fee281163af4f285107 Mon Sep 17 00:00:00 2001 From: charaka Wijesuriya Date: Thu, 18 Oct 2018 22:43:16 +1100 Subject: [PATCH 4/5] update the tests --- aws_google_auth/tests/test_args_parser.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aws_google_auth/tests/test_args_parser.py b/aws_google_auth/tests/test_args_parser.py index 7bd3e10..4e0fc2c 100644 --- a/aws_google_auth/tests/test_args_parser.py +++ b/aws_google_auth/tests/test_args_parser.py @@ -17,6 +17,7 @@ def test_no_arguments(self): self.assertTrue(parser.saml_cache) self.assertFalse(parser.ask_role) + self.assertFalse(parser.print_creds) self.assertFalse(parser.keyring) self.assertFalse(parser.resolve_aliases) self.assertFalse(parser.disable_u2f, None) @@ -33,7 +34,7 @@ def test_no_arguments(self): # Assert the size of the parameter so that new parameters trigger a review of this function # and the appropriate defaults are added here to track backwards compatibility in the future. - self.assertEqual(len(vars(parser)), 13) + self.assertEqual(len(vars(parser)), 14) def test_username(self): From 9d01128d880cf990b52e5aaf5b49574d7a98a026 Mon Sep 17 00:00:00 2001 From: charaka Wijesuriya Date: Fri, 19 Oct 2018 08:05:20 +1100 Subject: [PATCH 5/5] fix file formatting --- aws_google_auth/tests/test_init.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/aws_google_auth/tests/test_init.py b/aws_google_auth/tests/test_init.py index 448d3b4..5bca2fd 100644 --- a/aws_google_auth/tests/test_init.py +++ b/aws_google_auth/tests/test_init.py @@ -203,9 +203,8 @@ def test_process_auth_print_creds(self, mock_google, mock_amazon, mock_util): call.Util.get_input('Google IDP ID: '), call.Util.get_input('Google SP ID: '), call.Util.get_password('Google Password: '), - call.Util.pick_a_role({ - 'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', - 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, + call.Util.pick_a_role({'arn:aws:iam::123456789012:role/read-only': 'arn:aws:iam::123456789012:saml-provider/GoogleApps', + 'arn:aws:iam::123456789012:role/admin': 'arn:aws:iam::123456789012:saml-provider/GoogleApps'}, [])], mock_util.mock_calls)