fix assume role client loop with dummy credential

snigdhasjg · Nov 14, 2023 · 420a99c · 420a99c
1 parent 271c2ba
commit 420a99c
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 6 deletions.
diff --git a/aws_fusion/app.py b/aws_fusion/app.py
@@ -1,4 +1,3 @@
-import os
 import argparse
 
 from importlib.metadata import version

diff --git a/aws_fusion/aws/assume_role.py b/aws_fusion/aws/assume_role.py
@@ -34,7 +34,7 @@ def does_valid_token_cache_exists(self):
 
     def credential_process(self):
         credentials = self.__response['Credentials']
-        LOG.debug(f'Giving credential as aws credential process format. The credential: {credentials}')
+        LOG.debug(f'Giving credential as aws credential process format')
 
         # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
         return json.dumps({
@@ -44,10 +44,20 @@ def credential_process(self):
             "SessionToken": credentials['SessionToken'],
             "Expiration": credentials['Expiration'].strftime('%Y-%m-%dT%H:%M:%S%Z')
         })
+
+    def environement_variable(self):
+        credentials = self.__response['Credentials']
+        LOG.debug(f'Giving credential as environement variable format')
+
+        command = '$env:' if sys.platform == 'win32' else 'export '
+
+        print(f'{command}AWS_ACCESS_KEY_ID="{credentials["AccessKeyId"]}"')
+        print(f'{command}AWS_SECRET_ACCESS_KEY="{credentials["SecretAccessKey"]}"')
+        print(f'{command}AWS_SESSION_TOKEN="{credentials["SessionToken"]}"')
 
     def assume_role_with_saml(self, saml_response, roles, sessoion_duration):
         LOG.debug(f'Started assumning role with SAML')
-        client = boto3.client('sts')
+        client = boto3.Session(aws_access_key_id='dummy', aws_secret_access_key='dummy').client('sts')
         selected_role = self.__role
         try:
             response = client.assume_role_with_saml(

diff --git a/aws_fusion/commands/generate_okta_device_auth_credentials.py b/aws_fusion/commands/generate_okta_device_auth_credentials.py
@@ -31,4 +31,6 @@ def run(args):
 
     if args.credential_process:
         print(assume_role_with_cache.credential_process())
+    else:
+        print(assume_role_with_cache.environement_variable())
 
diff --git a/aws_fusion/commands/iam_user_credentials.py b/aws_fusion/commands/iam_user_credentials.py
@@ -1,6 +1,7 @@
 import argparse
 import json
 import keyring
+import sys
 
 def setup(subparsers, parent_parser):
     common_parser = argparse.ArgumentParser(add_help=False)
@@ -35,6 +36,9 @@ def run_get(args):
             "SecretAccessKey": secret_key
         }))
     else:
-        print(secret_key)
+        command = '$env:' if sys.platform == 'win32' else 'export '
+
+        print(f'{command}AWS_ACCESS_KEY_ID="{args.access_key}"')
+        print(f'{command}AWS_SECRET_ACCESS_KEY="{secret_key}"')
 
 
diff --git a/aws_fusion/okta/api.py b/aws_fusion/okta/api.py
@@ -36,18 +36,19 @@ def verifiction_and_token(org_domain, oidc_client_id, device_code):
     while True:
         request = requests.post(url, headers=headers, data=payload)
         response = request.json()
-        time.sleep(5)
 
         # Check for authorization pending
         if request.status_code == 400 and response['error'] == 'authorization_pending':
+            LOG.debug('Waiting for verification')
+            time.sleep(5)
             continue
 
         # Check for successful verification
         if request.status_code == 200:
             break
 
         # Unexpected state. Die.
-        print(response, file=sys.stderr)
+        LOG.error(response)
         sys.exit(1)
 
     LOG.debug('Validated device code and got access_token & id_token')