def test_error(self):
result = Result()
error_message = 'there was an error'
result.error(error_message)
self.assertEqual(False, result.was_success)
self.assertEqual(True, result.was_error)
self.assertEqual(error_message, result.error_message)
def fetch_role_credentials(user_name: str,
profile_group: ProfileGroup) -> Result:
result = Result()
credentials_file = _load_credentials_file()
logger.info('fetch role credentials')
try:
for profile in profile_group.profiles:
logger.info(f'fetch {profile.profile}')
source_profile = profile.source or 'session-token'
secrets = _assume_role(source_profile, user_name, profile.account,
profile.role)
_add_profile_credentials(credentials_file, profile.profile,
secrets)
if profile.default:
_add_profile_credentials(credentials_file, 'default', secrets)
_write_credentials_file(credentials_file)
credentials_file = _remove_unused_profiles(credentials_file,
profile_group)
except Exception:
error_text = 'error while fetching role credentials'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
_write_credentials_file(credentials_file)
result.set_success()
return result
def edit_config(self, config: Config) -> Result:
result = Result()
try:
self.config = config
self.config.save_to_disk()
except Exception as error:
logger.error(str(error), exc_info=True)
result.error('could not save config')
return result
result.set_success()
return result
def has_access_key() -> Result:
logger.info('has access key')
result = Result()
credentials_file = _load_credentials_file()
if not credentials_file.has_section('access-key'):
error_text = 'could not find profile \'access-key\' in .aws/credentials'
result.error(error_text)
logger.warning(error_text)
return result
result.set_success()
return result
def _renew_session(self, mfa_callback: Callable) -> Result:
logger.info('renew session')
logger.info('get mfa from console')
token = mfa.fetch_mfa_token_from_shell(self.config.mfa_shell_command)
if not token:
logger.info('get mfa from user')
token = mfa_callback()
if not token:
result = Result()
result.error('invalid mfa token')
return result
session_result = credentials.fetch_session_token(token)
return session_result
def delete_iam_access_key(user_name, key_id):
result = Result()
session = boto3.Session(profile_name='session-token')
client = session.client('iam')
try:
client.delete_access_key(UserName=user_name, AccessKeyId=key_id)
except Exception:
error_text = 'could not remove old key'
logger.error(error_text, exc_info=True)
result.error(error_text)
return result
result.set_success()
return result
def write_profile_config(profile_group: ProfileGroup, region: str):
result = Result()
config_file = _load_config_file()
try:
for profile in profile_group.profiles:
logger.info(f'add config for {profile.profile}')
_add_profile_config(config_file, profile.profile, region)
if profile.default:
_add_profile_config(config_file, 'default', region)
config_file = _remove_unused_configs(config_file, profile_group)
except Exception:
error_text = 'error writing config'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
_write_config_file(config_file)
result.set_success()
return result
def check_session() -> Result:
result = Result()
credentials_file = _load_credentials_file()
if not credentials_file.has_section('session-token'):
logger.warning('no session token found')
return result
try:
client = _get_client('session-token', 'sts', timeout=2, retries=2)
client.get_caller_identity()
except ClientError:
# this is the normal case when the session token is not valid. Proceed then to fetch a new one
return result
except (EndpointConnectionError, ReadTimeoutError):
error_text = 'could not reach sts service'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
result.set_success()
return result
def fetch_session_token(mfa_token: str) -> Result:
result = Result()
credentials_file = _load_credentials_file()
logger.info('fetch session-token')
profile = 'session-token'
try:
secrets = _get_session_token(mfa_token)
except ClientError:
error_text = 'could not fetch session token'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
except ParamValidationError:
error_text = 'invalid mfa token'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
except NoCredentialsError:
error_text = 'access_key credentials invalid'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
_add_profile_credentials(credentials_file, profile, secrets)
_write_credentials_file(credentials_file)
logger.info('session-token successfully fetched')
result.set_success()
return result
def check_access_key() -> Result:
logger.info('check access key')
access_key_result = has_access_key()
if not access_key_result.was_success:
return access_key_result
result = Result()
try:
client = _get_client('access-key', 'sts', timeout=2, retries=2)
client.get_caller_identity()
except ClientError:
error_text = 'access key is not valid'
result.error(error_text)
logger.warning(error_text)
return result
except (EndpointConnectionError, ReadTimeoutError):
error_text = 'could not reach sts service'
result.error(error_text)
logger.error(error_text, exc_info=True)
return result
result.set_success()
return result
def create_access_key(user_name) -> Result:
result = Result()
session = boto3.Session(profile_name='session-token')
client = session.client('iam')
try:
response = client.create_access_key(UserName=user_name)
except client.exceptions.LimitExceededException:
error_text = 'key limit reached, creation failed'
logger.warning(error_text)
result.error(error_text)
return result
if 'AccessKey' not in response:
error_text = 'unknown error with iam'
logger.error(error_text)
logger.error(response)
result.error(error_text)
return result
result.add_payload(response['AccessKey'])
result.set_success()
return result
def get_error_result() -> Result:
result = Result()
result.error('some error')
return result
