def test_get_profile_ak(tmpdir, fake_profile): path = tmpdir.mkdir(".aws").join("credentials") path.write(fake_profile) config = aws_config.get(path) assert aws_config.get_profile_ak_id("test", config) == "AKEXAMPLE"
def execute(profile_path, deactivate, expire, profile, user_name, yes): print(f"Access Key rotation for profile {profile} ...") profile_config = aws_config.get(profile_path) if not profile_config.has_section(profile): sys.exit( f"The profile {profile} does not exists in your credential file\nPlease select a valid profile" ) if not profile_config.has_option(profile, "aws_access_key_id"): sys.exit( f"The profile {profile} does not have access key id configured") access_key_id = aws_config.get_profile_ak_id(profile, profile_config) session = boto3.session.Session(profile_name=profile) iam = session.client("iam") try: access_keys = iam.list_access_keys(UserName=user_name) except ClientError as error: raise error access_key = keymgt.check_access_key_exist(access_key_id, access_keys) if keymgt.is_access_key_expired(access_key["CreateDate"], expire) is True: print("Your access key is expired ...") change_key(profile_config, profile_path, iam, deactivate, profile, user_name) else: if yes: change_key(profile_config, profile_path, iam, deactivate, profile, user_name) else: print("Your access key is not expired ...") answer = input( "Do you want to change it anyway ? (Only 'yes' is good answer)" ) if answer.lower == "yes": change_key(profile_config, profile_path, iam, deactivate, profile, user_name) else: remaining_days = (access_key["CreateDate"] + timedelta( days=expire)) - datetime.now().replace(tzinfo=tzutc()) print( f"Your access key will expire in {remaining_days.days} days " ) sys.exit("The key has not been renewed")
def test_update_config(tmpdir, fake_profile, iam_create_access_key_return): path = tmpdir.mkdir(".aws").join("credentials") path.write(fake_profile) config = aws_config.get(path) aws_config.update_profile(path, "test", config, iam_create_access_key_return) assert config.has_section("test") is True assert config.get("test", "aws_access_key_id") == "accesskey" assert config.get("test", "aws_secret_access_key") == "secretkey"
def test_write_config(tmpdir, fake_profile, sts_get_session_response): path = tmpdir.mkdir(".aws").join("credentials") path.write(fake_profile) config = aws_config.get(path) aws_config.write(path, "test", config, sts_get_session_response) assert config.has_section("test-tmp") is True assert config.get("test-tmp", "aws_access_key_id") == "accesskey" assert config.get("test-tmp", "aws_secret_access_key") == "secretkey" assert config.get("test-tmp", "aws_session_token") == "sessiontoken"
def execute(profile_path, profile, user_name, user_token): profile_config = aws_config.get(profile_path) if not profile_config.has_section(profile): sys.exit( f"The profile {profile} does not exists in your credential file\nPlease select a valid profile" ) while not token.validity(user_token): print("The token must be composed by 6 digits") user_token = input("Token:\n") session = boto3.session.Session(profile_name=profile) sts = session.client("sts") credentials = token.get_session_token(sts, user_name, user_token) aws_config.write(profile_path, profile, profile_config, credentials) print( f"Profile [{profile}-tmp] has been updated and will expire on {credentials['Credentials']['Expiration']}" )
def test_get_config(tmpdir, fake_profile): path = tmpdir.mkdir(".aws").join("credentials") path.write(fake_profile) with patch("akm.main.AWS_PROFILE_FILE", path): assert isinstance(aws_config.get(path), configparser.ConfigParser)