def test_error(self): result = Result() error_message = 'there was an error' result.error(error_message) self.assertEqual(False, result.was_success) self.assertEqual(True, result.was_error) self.assertEqual(error_message, result.error_message)
def fetch_role_credentials(user_name: str, profile_group: ProfileGroup) -> Result: result = Result() credentials_file = _load_credentials_file() logger.info('fetch role credentials') try: for profile in profile_group.profiles: logger.info(f'fetch {profile.profile}') source_profile = profile.source or 'session-token' secrets = _assume_role(source_profile, user_name, profile.account, profile.role) _add_profile_credentials(credentials_file, profile.profile, secrets) if profile.default: _add_profile_credentials(credentials_file, 'default', secrets) _write_credentials_file(credentials_file) credentials_file = _remove_unused_profiles(credentials_file, profile_group) except Exception: error_text = 'error while fetching role credentials' result.error(error_text) logger.error(error_text, exc_info=True) return result _write_credentials_file(credentials_file) result.set_success() return result
def edit_config(self, config: Config) -> Result: result = Result() try: self.config = config self.config.save_to_disk() except Exception as error: logger.error(str(error), exc_info=True) result.error('could not save config') return result result.set_success() return result
def has_access_key() -> Result: logger.info('has access key') result = Result() credentials_file = _load_credentials_file() if not credentials_file.has_section('access-key'): error_text = 'could not find profile \'access-key\' in .aws/credentials' result.error(error_text) logger.warning(error_text) return result result.set_success() return result
def _renew_session(self, mfa_callback: Callable) -> Result: logger.info('renew session') logger.info('get mfa from console') token = mfa.fetch_mfa_token_from_shell(self.config.mfa_shell_command) if not token: logger.info('get mfa from user') token = mfa_callback() if not token: result = Result() result.error('invalid mfa token') return result session_result = credentials.fetch_session_token(token) return session_result
def delete_iam_access_key(user_name, key_id): result = Result() session = boto3.Session(profile_name='session-token') client = session.client('iam') try: client.delete_access_key(UserName=user_name, AccessKeyId=key_id) except Exception: error_text = 'could not remove old key' logger.error(error_text, exc_info=True) result.error(error_text) return result result.set_success() return result
def write_profile_config(profile_group: ProfileGroup, region: str): result = Result() config_file = _load_config_file() try: for profile in profile_group.profiles: logger.info(f'add config for {profile.profile}') _add_profile_config(config_file, profile.profile, region) if profile.default: _add_profile_config(config_file, 'default', region) config_file = _remove_unused_configs(config_file, profile_group) except Exception: error_text = 'error writing config' result.error(error_text) logger.error(error_text, exc_info=True) return result _write_config_file(config_file) result.set_success() return result
def check_session() -> Result: result = Result() credentials_file = _load_credentials_file() if not credentials_file.has_section('session-token'): logger.warning('no session token found') return result try: client = _get_client('session-token', 'sts', timeout=2, retries=2) client.get_caller_identity() except ClientError: # this is the normal case when the session token is not valid. Proceed then to fetch a new one return result except (EndpointConnectionError, ReadTimeoutError): error_text = 'could not reach sts service' result.error(error_text) logger.error(error_text, exc_info=True) return result result.set_success() return result
def fetch_session_token(mfa_token: str) -> Result: result = Result() credentials_file = _load_credentials_file() logger.info('fetch session-token') profile = 'session-token' try: secrets = _get_session_token(mfa_token) except ClientError: error_text = 'could not fetch session token' result.error(error_text) logger.error(error_text, exc_info=True) return result except ParamValidationError: error_text = 'invalid mfa token' result.error(error_text) logger.error(error_text, exc_info=True) return result except NoCredentialsError: error_text = 'access_key credentials invalid' result.error(error_text) logger.error(error_text, exc_info=True) return result _add_profile_credentials(credentials_file, profile, secrets) _write_credentials_file(credentials_file) logger.info('session-token successfully fetched') result.set_success() return result
def check_access_key() -> Result: logger.info('check access key') access_key_result = has_access_key() if not access_key_result.was_success: return access_key_result result = Result() try: client = _get_client('access-key', 'sts', timeout=2, retries=2) client.get_caller_identity() except ClientError: error_text = 'access key is not valid' result.error(error_text) logger.warning(error_text) return result except (EndpointConnectionError, ReadTimeoutError): error_text = 'could not reach sts service' result.error(error_text) logger.error(error_text, exc_info=True) return result result.set_success() return result
def create_access_key(user_name) -> Result: result = Result() session = boto3.Session(profile_name='session-token') client = session.client('iam') try: response = client.create_access_key(UserName=user_name) except client.exceptions.LimitExceededException: error_text = 'key limit reached, creation failed' logger.warning(error_text) result.error(error_text) return result if 'AccessKey' not in response: error_text = 'unknown error with iam' logger.error(error_text) logger.error(response) result.error(error_text) return result result.add_payload(response['AccessKey']) result.set_success() return result
def get_error_result() -> Result: result = Result() result.error('some error') return result