def test_get_item_no_items(self, mock_sys, mock_print_tty): mock_sys.exit.side_effect = SystemExit with self.assertRaises(SystemExit): prompt.get_item(items={}, label="Item") mock_sys.exit.assert_called_once_with(1) mock_print_tty.assert_called_with("ERROR: No Items were found!")
def test_get_item_config_no_match(self, mock_sys, mock_print_tty): items = {"item_one": "value_one", "item_two": "value_two"} mock_sys.exit.side_effect = SystemExit with self.assertRaises(SystemExit): prompt.get_item(items=items, label="Item", key="item_three") mock_sys.exit.assert_called_once_with(1) mock_print_tty.assert_any_call("ERROR: Item item_three not found!")
def test_get_item_select(self, mock_get_selection, mock_get_options, mock_print_tty): # noqa options = ["ValueOne", "ValueTwo"] mock_get_options.return_value = options prompt.get_item(items=ITEMS, label="Item") mock_print_tty.assert_called_once_with("Select Item:") mock_get_options.assert_called_once_with(items=ITEMS) mock_get_selection.assert_called_once_with(options=options)
def _get_credentials(self): # Do NOT load credentials from ENV or ~/.aws/credentials client = boto3.client( 'sts', aws_access_key_id='', aws_secret_access_key='', aws_session_token='', region_name=self._configuration["AWS_OKTA_REGION"]) okta = Okta( user_name=self._configuration["AWS_OKTA_USER"], user_pass=self._authenticate.get_pass(), organization=self._configuration["AWS_OKTA_ORGANIZATION"], factor=self._configuration["AWS_OKTA_FACTOR"], silent=self._configuration["AWS_OKTA_SILENT"], no_okta_cache=self._configuration["AWS_OKTA_NO_OKTA_CACHE"]) self._configuration["AWS_OKTA_USER"] = '' self._configuration["AWS_OKTA_PASS"] = '' if self._configuration["AWS_OKTA_APPLICATION"]: application_url = self._configuration["AWS_OKTA_APPLICATION"] else: applications = okta.get_applications() application_url = prompt.get_item( items=applications, label="AWS application", key=self._configuration["AWS_OKTA_APPLICATION"]) saml_response = okta.get_saml_response(application_url=application_url) saml_assertion = saml.get_saml_assertion(saml_response=saml_response) aws_roles = saml.get_aws_roles(saml_assertion=saml_assertion, accounts_filter=self._configuration.get( 'AWS_OKTA_ACCOUNT_ALIAS', None)) aws_role = prompt.get_item(items=aws_roles, label="AWS Role", key=self._configuration["AWS_OKTA_ROLE"]) print_tty("Role: {}".format(aws_role.role_arn), silent=self._configuration["AWS_OKTA_SILENT"]) response = client.assume_role_with_saml( RoleArn=aws_role.role_arn, PrincipalArn=aws_role.principal_arn, SAMLAssertion=saml_assertion, DurationSeconds=int(self._configuration["AWS_OKTA_DURATION"])) expiration = ( response['Credentials']['Expiration'].isoformat().replace( "+00:00", "Z")) response['Credentials']['Expiration'] = expiration return response
def _get_credentials(self): # Do NOT load credentials from ENV or ~/.aws/credentials client = boto3.client( 'sts', aws_access_key_id='', aws_secret_access_key='', aws_session_token='', region_name=self._configuration["AWS_OKTA_REGION"]) aws_roles, saml_assertion, _application_url, _user, _organization = self._get_app_roles( ) aws_role = prompt.get_item(items=aws_roles, label="AWS Role", key=self._configuration["AWS_OKTA_ROLE"]) print_tty("Role: {}".format(aws_role.role_arn), silent=self._configuration["AWS_OKTA_SILENT"]) response = client.assume_role_with_saml( RoleArn=aws_role.role_arn, PrincipalArn=aws_role.principal_arn, SAMLAssertion=saml_assertion, DurationSeconds=int(self._configuration["AWS_OKTA_DURATION"])) expiration = ( response['Credentials']['Expiration'].isoformat().replace( "+00:00", "Z")) response['Credentials']['Expiration'] = expiration return response
def _get_app_roles(self): user = self._configuration["AWS_OKTA_USER"] organization = self._configuration["AWS_OKTA_ORGANIZATION"] okta = Okta( user_name=user, user_pass=self._authenticate.get_pass(), organization=organization, factor=self._configuration["AWS_OKTA_FACTOR"], silent=self._configuration["AWS_OKTA_SILENT"], no_okta_cache=self._configuration["AWS_OKTA_NO_OKTA_CACHE"]) self._configuration["AWS_OKTA_USER"] = '' self._configuration["AWS_OKTA_PASS"] = '' if self._configuration["AWS_OKTA_APPLICATION"]: application_url = self._configuration["AWS_OKTA_APPLICATION"] else: applications = okta.get_applications() application_url = prompt.get_item( items=applications, label="AWS application", key=self._configuration["AWS_OKTA_APPLICATION"]) saml_response = okta.get_saml_response(application_url=application_url) saml_assertion = saml.get_saml_assertion(saml_response=saml_response) aws_roles = saml.get_aws_roles(saml_assertion=saml_assertion, accounts_filter=self._configuration.get( 'AWS_OKTA_ACCOUNT_ALIAS', None)) return aws_roles, saml_assertion, application_url, okta.user_name, okta.organization
def handle_factor(self, response_json=None): state_token = response_json["stateToken"] factors = get_supported_factors( factors=response_json["_embedded"]["factors"]) factor = prompt.get_item(items=factors, label="Factor", key=self.factor) return self.verify_factor(factor=factor, state_token=state_token)
def test_get_item_config(self): items = {"item_one": "value_one", "item_two": "value_two"} item_value = prompt.get_item(items=items, label="Item", key="item_two") # noqa self.assertEqual(item_value, "value_two")
def test_get_item(self): items = {"ItemOne": "ValueOne"} item_value = prompt.get_item(items=items, label="ItemOne") self.assertEqual(item_value, "ValueOne")