def test_get_profile_ak(tmpdir, fake_profile):
path = tmpdir.mkdir(".aws").join("credentials")
path.write(fake_profile)
config = aws_config.get(path)
assert aws_config.get_profile_ak_id("test", config) == "AKEXAMPLE"
def execute(profile_path, deactivate, expire, profile, user_name, yes):
print(f"Access Key rotation for profile {profile} ...")
profile_config = aws_config.get(profile_path)
if not profile_config.has_section(profile):
sys.exit(
f"The profile {profile} does not exists in your credential file\nPlease select a valid profile"
)
if not profile_config.has_option(profile, "aws_access_key_id"):
sys.exit(
f"The profile {profile} does not have access key id configured")
access_key_id = aws_config.get_profile_ak_id(profile, profile_config)
session = boto3.session.Session(profile_name=profile)
iam = session.client("iam")
try:
access_keys = iam.list_access_keys(UserName=user_name)
except ClientError as error:
raise error
access_key = keymgt.check_access_key_exist(access_key_id, access_keys)
if keymgt.is_access_key_expired(access_key["CreateDate"], expire) is True:
print("Your access key is expired ...")
change_key(profile_config, profile_path, iam, deactivate, profile,
user_name)
else:
if yes:
change_key(profile_config, profile_path, iam, deactivate, profile,
user_name)
else:
print("Your access key is not expired ...")
answer = input(
"Do you want to change it anyway ? (Only 'yes' is good answer)"
)
if answer.lower == "yes":
change_key(profile_config, profile_path, iam, deactivate,
profile, user_name)
else:
remaining_days = (access_key["CreateDate"] + timedelta(
days=expire)) - datetime.now().replace(tzinfo=tzutc())
print(
f"Your access key will expire in {remaining_days.days} days "
)
sys.exit("The key has not been renewed")
def test_update_config(tmpdir, fake_profile, iam_create_access_key_return):
path = tmpdir.mkdir(".aws").join("credentials")
path.write(fake_profile)
config = aws_config.get(path)
aws_config.update_profile(path, "test", config,
iam_create_access_key_return)
assert config.has_section("test") is True
assert config.get("test", "aws_access_key_id") == "accesskey"
assert config.get("test", "aws_secret_access_key") == "secretkey"
def test_write_config(tmpdir, fake_profile, sts_get_session_response):
path = tmpdir.mkdir(".aws").join("credentials")
path.write(fake_profile)
config = aws_config.get(path)
aws_config.write(path, "test", config, sts_get_session_response)
assert config.has_section("test-tmp") is True
assert config.get("test-tmp", "aws_access_key_id") == "accesskey"
assert config.get("test-tmp", "aws_secret_access_key") == "secretkey"
assert config.get("test-tmp", "aws_session_token") == "sessiontoken"
def execute(profile_path, profile, user_name, user_token):
profile_config = aws_config.get(profile_path)
if not profile_config.has_section(profile):
sys.exit(
f"The profile {profile} does not exists in your credential file\nPlease select a valid profile"
)
while not token.validity(user_token):
print("The token must be composed by 6 digits")
user_token = input("Token:\n")
session = boto3.session.Session(profile_name=profile)
sts = session.client("sts")
credentials = token.get_session_token(sts, user_name, user_token)
aws_config.write(profile_path, profile, profile_config, credentials)
print(
f"Profile [{profile}-tmp] has been updated and will expire on {credentials['Credentials']['Expiration']}"
)
def test_get_config(tmpdir, fake_profile):
path = tmpdir.mkdir(".aws").join("credentials")
path.write(fake_profile)
with patch("akm.main.AWS_PROFILE_FILE", path):
assert isinstance(aws_config.get(path), configparser.ConfigParser)