def add_profile(args): if args.external_id and not args.role_to_assume: _print_error("Error: Cannot use --external-id without --role.") sys.exit(1) keyring = Keyring() if keyring.get_profile(args.profile): _print_error(f"Error: Profile \"{args.profile}\" already exists. If you want to modify " "the profile, remove the profile and add it again.") sys.exit(1) jumpcloud_url = args.url or input(f"Enter the JumpCloud SSO URL for \"{args.profile}\": ") jumpcloud_url = jumpcloud_url.strip() if not jumpcloud_url.startswith("https://sso.jumpcloud.com/saml2/"): _print_error("Error: That's not a valid JumpCloud SSO URL. SSO URLs must " "start with \"https://sso.jumpcloud.com/saml2/\".") sys.exit(1) if args.role_to_assume: if is_arn(args.role_to_assume): arn_parts = parse_arn(args.role_to_assume) assumed_role = AssumedRole(aws_account_id=arn_parts.aws_account_id, aws_role=arn_parts.aws_role, external_id=args.external_id) else: assumed_role = AssumedRole(aws_account_id=None, aws_role=args.role_to_assume, external_id=args.external_id) else: assumed_role = None profile = Profile(args.profile, jumpcloud_url, assumed_role) keyring.store_profile(profile) print(f"Profile \"{args.profile}\" added.")
def _remove_single_profile(args): keyring = Keyring() if not keyring.get_profile(args.profile): print(f'Profile "{args.profile}" not found, nothing to do.') return has_session = not not keyring.get_session(args.profile) keyring.delete_session(args.profile) keyring.delete_profile(args.profile) if has_session: print(f'Profile "{args.profile}" and temporary IAM session removed.') else: print(f'Profile "{args.profile}" removed.')
def _get_aws_session(profile_name): # Validates the profile parameter and returns the profile's AWS session, # going through the single sign-on process if necessary. This is a wrapper # around _login_to_jumpcloud() and _login_to_aws(). keyring = Keyring() profile = keyring.get_profile(profile_name) if not profile: _print_error(f"Error: Profile \"{profile_name}\" not found; you must add it first.") sys.exit(1) session = keyring.get_session(profile_name) if not session: _login_to_aws(keyring, profile) session = keyring.get_session(profile_name) return session
def _rotate_single_session(args, profile_name=None): if not profile_name: profile_name = args.profile assert(profile_name is not None) keyring = Keyring() profile = keyring.get_profile(profile_name) if not profile: sys.stderr.write(f"Error: Profile \"{profile_name}\" not found.\n") sys.exit(1) _login_to_jumpcloud(profile_name) keyring.delete_session(profile_name) print(f"Temporary IAM session for \"{profile_name}\" removed.") _login_to_aws(keyring, profile) session = keyring.get_session(profile_name) expires_at = session.expires_at.strftime('%c %Z') print(f"AWS temporary session rotated; new session valid until {expires_at}.\n")