def _get_aws_session(profile_name):
# Validates the profile parameter and returns the profile's AWS session,
# going through the single sign-on process if necessary. This is a wrapper
# around _login_to_jumpcloud() and _login_to_aws().
keyring = Keyring()
profile = keyring.get_profile(profile_name)
if not profile:
_print_error(f"Error: Profile \"{profile_name}\" not found; you must add it first.")
sys.exit(1)
session = keyring.get_session(profile_name)
if not session:
_login_to_aws(keyring, profile)
session = keyring.get_session(profile_name)
return session
def _remove_single_profile(args):
keyring = Keyring()
if not keyring.get_profile(args.profile):
print(f'Profile "{args.profile}" not found, nothing to do.')
return
has_session = not not keyring.get_session(args.profile)
keyring.delete_session(args.profile)
keyring.delete_profile(args.profile)
if has_session:
print(f'Profile "{args.profile}" and temporary IAM session removed.')
else:
print(f'Profile "{args.profile}" removed.')
def _rotate_single_session(args, profile_name=None):
if not profile_name:
profile_name = args.profile
assert(profile_name is not None)
keyring = Keyring()
profile = keyring.get_profile(profile_name)
if not profile:
sys.stderr.write(f"Error: Profile \"{profile_name}\" not found.\n")
sys.exit(1)
_login_to_jumpcloud(profile_name)
keyring.delete_session(profile_name)
print(f"Temporary IAM session for \"{profile_name}\" removed.")
_login_to_aws(keyring, profile)
session = keyring.get_session(profile_name)
expires_at = session.expires_at.strftime('%c %Z')
print(f"AWS temporary session rotated; new session valid until {expires_at}.\n")
def is_active(args):
keyring = Keyring()
sess = keyring.get_session(args.profile)
if sess and not sess.expired():
print(1)