Example #1
0
    def __init__(self, arn, token, step):
        super().__init__(arn, token, step)

        # Secrets that are commonly used by NPM credential rotators for authentication etc.
        # This avoids fetching these inside every method and thereby making less network calls
        self.login_username = get_secret_value(
            self.service_client,
            get_secret_config('npm_login_username_secret'))
        self.otp_seed = get_secret_value(
            self.service_client, get_secret_config('npm_otp_seed_secret'))
        self.login_password = get_secret_value(
            self.service_client,
            get_secret_config('npm_login_password_secret'))
Example #2
0
    def test_secret(self):
        """Test the secret
        This method should validate that the pending new password secret works for the NPM user
        Raises:
            HttpError: If the API call to fetch user profile information fails
        """
        pending_login_password = get_secret_value(self.service_client,
                                                  get_secret_config('npm_login_password_secret'),
                                                  'AWSPENDING',
                                                  token=self.token)

        get_user_info_using_password(self.login_username, self.otp_seed, pending_login_password)
        self.logger.info('testSecret: Successfully tested secret')
Example #3
0
    def set_secret(self):
        """Set the secret
        This method should set the AWSPENDING secret in as the updated login password for the NPM user
        Raises:
            HttpError: If the API call to update user login password fails
        """
        new_login_password = get_secret_value(self.service_client,
                                              get_secret_config('npm_login_password_secret'),
                                              'AWSPENDING',
                                              token=self.token)

        update_login_password(self.login_username, self.otp_seed, self.login_password, new_login_password)
        self.logger.info('setSecret: Successfully set secret')
Example #4
0
    def test_secret(self):
        """Test the secret
        This method should validate that the pending acess token secret is properly for the NPM user
        Raises:
            HttpError: If the access token is not added to the user account
        """
        # create a new access token
        access_token = get_secret_value(self.service_client,
                                        self.secret_config,
                                        'AWSPENDING',
                                        token=self.token)

        get_user_info_using_access_token(self.login_username, self.otp_seed,
                                         access_token)
        self.logger.info('testSecret: Successfully tested secret')
Example #5
0
    def finish_secret(self):
        """
        Finalize the secret rotation and delete the old access token from the account
        Raises:
            ResourceNotFoundException: If the secret with the specified arn does not exist
            HttpError: If the old access token deletion fails
        """
        access_token = get_secret_value(self.service_client,
                                        self.secret_config)

        super(UserAccessTokenRotator, self).finish_secret()

        # delete the old access token post rotation
        delete_access_token(self.login_username, self.otp_seed,
                            self.login_password, access_token)
        self.logger.info(
            'finishSecret: Successfully finalized secret rotation')