示例#1
0
    def get_temp_credentials_from_environment(self):
        #We're looking at an auto-awsume'd profile
        awsRegion = 'us-east-1'  #default region

        if 'AWS_PROFILE' in os.environ:
            autoProfile = awsumepy.get_ini_profile_by_name(
                os.environ['AWS_PROFILE'],
                awsumepy.get_profiles_from_ini_file(
                    awsumepy.AWS_CREDENTIALS_FILE))
            temporaryCredentials = {
                "sessionId": autoProfile['aws_access_key_id'],
                "sessionKey": autoProfile['aws_secret_access_key'],
                "sessionToken": autoProfile['aws_session_token']
            }
            if autoProfile.get('region'):
                awsRegion = autoProfile.get('region')
        #We're looking at a normal awsume'd profile
        elif os.environ.get('AWS_ACCESS_KEY_ID') and os.environ.get(
                'AWS_SECRET_ACCESS_KEY') and os.environ.get(
                    'AWS_SESSION_TOKEN'):
            temporaryCredentials = {
                "sessionId": os.environ['AWS_ACCESS_KEY_ID'],
                "sessionKey": os.environ['AWS_SECRET_ACCESS_KEY'],
                "sessionToken": os.environ["AWS_SESSION_TOKEN"]
            }
            if os.environ.get('AWS_REGION'):
                awsRegion = os.environ['AWS_REGION']
        else:
            print("Cannot use these credentials to open the AWS Console.",
                  file=sys.stderr)
            exit(0)
        #format the credentials into a json formatted string
        jsonTempCredentials = json.dumps(temporaryCredentials)
        return jsonTempCredentials, awsRegion
示例#2
0
    def test_get_profiles_from_ini_file(self, mock_os_path_exists,
                                        mock_config_parser):
        mock_os_path_exists.return_value = True
        expected = 'dict-of-profiles'
        mock_config_object = mock.Mock()
        mock_config_read = mock.Mock()
        mock_config_object.read = mock_config_read
        mock_config_parser.return_value = mock_config_object
        mock_config_object._sections = expected

        sections = awsumepy.get_profiles_from_ini_file('./path')
        self.assertEqual(sections, expected)

        mock_os_path_exists.return_value = False
        with self.assertRaises(SystemExit):
            awsumepy.get_profiles_from_ini_file('./path')
示例#3
0
    def test_get_profiles_from_ini_file(self, mock_os_path_exists,
                                        mock_config_parser):
        mock_os_path_exists.return_value = True
        mock_config_object = mock.Mock()
        mock_config_read = mock.Mock()
        mock_config_object.read = mock_config_read
        mock_config_parser.return_value = mock_config_object
        mock_config_object._sections = []

        path = './path'

        awsumepy.get_profiles_from_ini_file(path)
        mock_config_read.assert_called_with(path)

        mock_os_path_exists.return_value = False
        with self.assertRaises(SystemExit):
            awsumepy.get_profiles_from_ini_file('./path')
示例#4
0
def main():
    while True:
        #get the list of profiles
        autoAwsumeProfiles = awsumepy.get_profiles_from_ini_file(AWS_CREDENTIALS_FILE)
        #look for the earliest expiration and if possible, refresh any expired sessions
        earliestExpiration = scan_through_auto_refresh_profiles(autoAwsumeProfiles)
        #calculate the time until the earliest expiration
        timeUntilEarliestExpiration = (earliestExpiration - datetime.datetime.now().replace(tzinfo=earliestExpiration.tzinfo)).total_seconds()
        #if that time has already expired
        if timeUntilEarliestExpiration <= 0:
            break
        #wait until the next session expires to run again
        time.sleep(timeUntilEarliestExpiration)

    print("#autoAwsume: No more credentials left to refresh, shutting down", file=sys.stderr)