def get_temp_credentials_from_environment(self): #We're looking at an auto-awsume'd profile awsRegion = 'us-east-1' #default region if 'AWS_PROFILE' in os.environ: autoProfile = awsumepy.get_ini_profile_by_name( os.environ['AWS_PROFILE'], awsumepy.get_profiles_from_ini_file( awsumepy.AWS_CREDENTIALS_FILE)) temporaryCredentials = { "sessionId": autoProfile['aws_access_key_id'], "sessionKey": autoProfile['aws_secret_access_key'], "sessionToken": autoProfile['aws_session_token'] } if autoProfile.get('region'): awsRegion = autoProfile.get('region') #We're looking at a normal awsume'd profile elif os.environ.get('AWS_ACCESS_KEY_ID') and os.environ.get( 'AWS_SECRET_ACCESS_KEY') and os.environ.get( 'AWS_SESSION_TOKEN'): temporaryCredentials = { "sessionId": os.environ['AWS_ACCESS_KEY_ID'], "sessionKey": os.environ['AWS_SECRET_ACCESS_KEY'], "sessionToken": os.environ["AWS_SESSION_TOKEN"] } if os.environ.get('AWS_REGION'): awsRegion = os.environ['AWS_REGION'] else: print("Cannot use these credentials to open the AWS Console.", file=sys.stderr) exit(0) #format the credentials into a json formatted string jsonTempCredentials = json.dumps(temporaryCredentials) return jsonTempCredentials, awsRegion
def test_get_profiles_from_ini_file(self, mock_os_path_exists, mock_config_parser): mock_os_path_exists.return_value = True expected = 'dict-of-profiles' mock_config_object = mock.Mock() mock_config_read = mock.Mock() mock_config_object.read = mock_config_read mock_config_parser.return_value = mock_config_object mock_config_object._sections = expected sections = awsumepy.get_profiles_from_ini_file('./path') self.assertEqual(sections, expected) mock_os_path_exists.return_value = False with self.assertRaises(SystemExit): awsumepy.get_profiles_from_ini_file('./path')
def test_get_profiles_from_ini_file(self, mock_os_path_exists, mock_config_parser): mock_os_path_exists.return_value = True mock_config_object = mock.Mock() mock_config_read = mock.Mock() mock_config_object.read = mock_config_read mock_config_parser.return_value = mock_config_object mock_config_object._sections = [] path = './path' awsumepy.get_profiles_from_ini_file(path) mock_config_read.assert_called_with(path) mock_os_path_exists.return_value = False with self.assertRaises(SystemExit): awsumepy.get_profiles_from_ini_file('./path')
def main(): while True: #get the list of profiles autoAwsumeProfiles = awsumepy.get_profiles_from_ini_file(AWS_CREDENTIALS_FILE) #look for the earliest expiration and if possible, refresh any expired sessions earliestExpiration = scan_through_auto_refresh_profiles(autoAwsumeProfiles) #calculate the time until the earliest expiration timeUntilEarliestExpiration = (earliestExpiration - datetime.datetime.now().replace(tzinfo=earliestExpiration.tzinfo)).total_seconds() #if that time has already expired if timeUntilEarliestExpiration <= 0: break #wait until the next session expires to run again time.sleep(timeUntilEarliestExpiration) print("#autoAwsume: No more credentials left to refresh, shutting down", file=sys.stderr)