scout24 / afp-cli Goto Github PK

View Code? Open in Web Editor NEW

13.0 28.0 8.0 250 KB

CLI for the AWS Federation Proxy

License: Apache License 2.0

Python 76.48% Perl 15.42% Perl 6 8.10%

aws aws-federation-proxy credentials cli client

afp-cli's People

Contributors

Stargazers

Watchers

Forkers

schlomo tvollmer-at-is24 sdomme oliver-schoenherr snordhausen ibuystuff mseiwald fnerdwq

afp-cli's Issues

Change api url config file option

Does anyone have any issues changing the api_url config item to api-url?

Using OSX Keyring fails with "Can't fetch password from system"

I've tried using the --password-provider option on OSX 10.11.5. I can store the password, but every subsequent invocation of afp fails with the error "Can't fetch password from system":

$  afp --password-provider keyring accountname                                                                                                                                                              ✭
No password found in keychain, please enter it now to store it.
Password for kaeffetter:
Entering AFP subshell for account accountname, role full-access.
Press CTRL+D to exit.
bash: git_prompt_info: command not found
(AWS accountname/full-access 59 Min) (cfn-sphere)%{[red]%}➜ %{[green]%}%p %{[cyan]%}%c %{[blue]%}%{[blue]%} % %{%}exit
Left AFP subshell.

Works: The keychain now contains an entry called "afp".

$  afp --password-provider keyring accountname                                                                                                                                                              ✭
Traceback (most recent call last):
  File "/Users/kaeff/.virtualenvs/cfn-sphere/bin/afp", line 10, in <module>
    main()
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/cli.py", line 50, in main
    unprotected_main()
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/cli.py", line 74, in unprotected_main
    password = get_password(password_provider, username)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/password_providers.py", line 61, in get_password
    password = keyring_get_password(username)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/password_providers.py", line 49, in keyring_get_password
    password = keyring.get_password('afp', username)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/core.py", line 42, in get_password
    return _keyring_backend.get_password(service_name, username)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/OS_X.py", line 44, in get_password
    return api.find_generic_password(self.keychain, service, username)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 92, in find_generic_password
    NotFound.raise_for_status(status, msg)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 43, in raise_for_status
    Error.raise_for_status(status, msg)
  File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 35, in raise_for_status
    raise cls(status, msg)
keyring.backends._OS_X_API.Error: (-25293, "Can't fetch password from system")

Fails.

The configuration file contains user and api_url entries.

Password in keyring or kerberos auth

It sucks that I have to retype my password all the time. It would be easier and more secure if this could work automagically (kerberos) or at least with password caching (keyring).

👎 for keyring since this stores the password on disk though.

Enable writing of credentials to config

As a windows user I would like to write the received credentials to the AWS-configuration (.aws/credentials in the User Directory) to enable my SDK-based application to use the credentials automatically.

With this command-line-switch I would not need to set the Environment variables manually.

Cannot check version and build time of installed afp-cli

Currently the only place the version is stored is in the build.py. This means the cli can not report it's own version with --version for example.

please add some install instructions

It would be nice if there where some install instruction on top of the readme file. I would like to link the project from a howto-guide and don't wont to explain it there.

export AWS_ACCOUNT_NAME, AWS_ACCOUNT_ID, and AWS_ACTIVE_ROLE as environment variables into afp subshell

this would be useful in custom scripts that run inside the shell.

If you like the feature I could try to knit a pull request.

Fixup zsh completion

use new --output-format switch
implement --server switch
consider trying to make the simple call mode work

Handle case when keyring password does not work

The keyring feature in #27 is really great. The only pitfall is that the password expiration will come soon. To tackle that you could re-prompt for a password if the authentication on the afp-server fails and save the new password in keyring

Handle special characters in password

» afpv2 show account-name
Password for mriehl: 
Traceback (most recent call last):
  File "/usr/local/bin/afpv2", line 9, in <module>
    load_entry_point('afp-cli==1.3.1.post166', 'console_scripts', 'afpv2')()
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 59, in main
    unprotected_main()
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 106, in unprotected_main
    role = arguments['<rolename>'] or get_first_role(federation_client, account)
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cli_functions.py", line 48, in get_first_role
    accounts_and_roles = federation_client.get_account_and_role_list()
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 43, in get_account_and_role_list
    accounts_and_roles = self.call_api("/account")
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 30, in call_api
    self._password))
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 454, in request
    prep = self.prepare_request(req)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 388, in prepare_request
    hooks=merge_hooks(request.hooks, self.hooks),
  File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 297, in prepare
    self.prepare_auth(auth, url)
  File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 490, in prepare_auth
    r = auth(self)
  File "/usr/local/lib/python2.7/dist-packages/requests/auth.py", line 51, in __call__
    r.headers['Authorization'] = _basic_auth_str(self.username, self.password)
  File "/usr/local/lib/python2.7/dist-packages/requests/auth.py", line 31, in _basic_auth_str
    b64encode(('%s:%s' % (username, password)).encode('latin1')).strip()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 8: ordinal not in range(128)

Release procedure isn't documented

git-bash issues

I am using git-bash as both bash and cmd and got my Python from miniconda and it is Version Python 2.7.10 :: Continuum Analytics, Inc.. I installed afp-cli from PyPi and get the following errors:

$ afp
Traceback (most recent call last):
  File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\runpy.py", line 72, in _run_code
    exec code in run_globals
  File "C:\Users\VHaenel\AppData\Local\Continuum\Miniconda\Scripts\afp.exe\__main__.py", line 9, in <module>
  File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\site-packages\afp_cli\cli.py", line 189, in main
    password = get_password(username)
  File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\site-packages\afp_cli\cli.py", line 46, in get_password
    return getpass.getpass("Password for {0}: ".format(username))
  File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\getpass.py", line 95, in win_getpass
    msvcrt.putch(c)
TypeError: must be char, not unicode

Handle special characters in role name

» afpv2 show account-name role-namé
Password for mriehl: 
Traceback (most recent call last):
  File "/usr/local/bin/afpv2", line 9, in <module>
    load_entry_point('afp-cli==1.3.1.post166', 'console_scripts', 'afpv2')()
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 59, in main
    unprotected_main()
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 107, in unprotected_main
    aws_credentials = get_aws_credentials(federation_client, account, role)
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/cli_functions.py", line 60, in get_aws_credentials
    aws_credentials = federation_client.get_aws_credentials(account, role)
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 49, in get_aws_credentials
    role))
  File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 38, in call_api
    self.api_url, url_suffix, api_result.json()['message']))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 78: ordinal not in range(128)

Provide a `--debug` switch

For easier debugging of the command line.

cram tests

Some nice command-line tests would help us see issues such as #11 in future.

error messages when installing afp-cli in python3

I got some errors when installing this in python 3:

zsh» pip install afp-cli
Collecting afp-cli
  Downloading afp-cli-1.0.6-0.tar.gz
Collecting docopt (from afp-cli)
Collecting requests (from afp-cli)
  Using cached requests-2.7.0-py2.py3-none-any.whl
Collecting yamlreader>=3.0.1 (from afp-cli)
  Downloading yamlreader-3.0.2.tar.gz
Collecting PyYAML (from yamlreader>=3.0.1->afp-cli)
  Using cached PyYAML-3.11.tar.gz
Collecting six (from yamlreader>=3.0.1->afp-cli)
  Using cached six-1.9.0-py2.py3-none-any.whl
Building wheels for collected packages: afp-cli, yamlreader, PyYAML
  Running setup.py bdist_wheel for afp-cli
  Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/afp-cli/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmppnzemucopip-wheel-:
  /data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/setuptools-18.3.2-py3.5.egg/setuptools/dist.py:285: UserWarning: Normalizing '1.0.6-0' to '1.0.6.post0'
  usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: -c --help [cmd1 cmd2 ...]
     or: -c --help-commands
     or: -c cmd --help

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for afp-cli
  Running setup.py bdist_wheel for yamlreader
  Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/yamlreader/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmpjvquden3pip-wheel-:
  usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: -c --help [cmd1 cmd2 ...]
     or: -c --help-commands
     or: -c cmd --help

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for yamlreader
  Running setup.py bdist_wheel for PyYAML
  Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/PyYAML/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmpjh8t14mapip-wheel-:
  usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: -c --help [cmd1 cmd2 ...]
     or: -c --help-commands
     or: -c cmd --help

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for PyYAML
Failed to build afp-cli yamlreader PyYAML
Installing collected packages: docopt, requests, PyYAML, six, yamlreader, afp-cli
  Running setup.py install for PyYAML
  Running setup.py install for yamlreader
  Running setup.py install for afp-cli
Successfully installed PyYAML-3.11 afp-cli-1.0.6.post0 docopt-0.6.2 requests-2.7.0 six-1.9.0 yamlreader-3.0.2

Provide zsh completions

I use afp-cli in a zsh so this would be really neat.

Cannot auto-complete afpv2 CLI commands in Bash

As Bash user I would like to be helped with an autocompletion.

Maybe can be copied over from #48 or stolen from the bash completion in AWSCLI

Recheck Coverage with Coveralls

Coveralls seems to be reporting a strange coverage: 59% where use on the command-line via pybuilder gives 89%

Version has weird suffix

Do we want to keep the post0 suffix?

https://pypi.python.org/pypi/afp-cli/1.2.0.post0

Incorrect password doesnt yield useful error message

zsh» afp --user=vhaenel
Password for vhaenel: 
Traceback (most recent call last):
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 216, in main
    federation_client.print_account_and_role_list()
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 52, in print_account_and_role_list
    accounts_and_roles = sorted(self.get_account_and_role_list().items())
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 36, in get_account_and_role_list
    accounts_and_roles = self.call_api("/account")
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 28, in call_api
    self.api_url, url_suffix, api_result.status_code, api_result.reason))
Exception: API call to AWS (https://{HOST}/afp-api/latest//account) failed: 401 Authorization Required

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/data/home/vhaenel/anaconda/envs/afp/bin/afp", line 9, in <module>
    load_entry_point('afp-cli==1.0.6.post0', 'console_scripts', 'afp')()
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 218, in main
    error("Failed to get account list from AWS: %s" % exc)
  File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 35, in error
    print >>sys.stderr, message
TypeError: unsupported operand type(s) for >>: 'builtin_function_or_method' and '_io.TextIOWrapper'

NB: I replaced the real host with {HOST}.

Ship zsh completion with package via PyPi

Leftover from #36

Add an option to set only the server

Use -s,--server on the command line interface and server in the config to configure on the name of the server and not the full --api-url.

I guess api-url should take precedence if given in the config-file or on the command-line, might be a bit tricky to handle that correctly.

Provide XDG compatible config

http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

👍 for standards

When using bash (git or cygwin) in Windows, it should be treated as bash, not cmd

afp write: Notify user about expiring credentials + easy way to get fresh ones

I am mostly using "afp write" since I need credentials in my IDE and several open shell windows. Often commands (such as DataWario) fail late when there are expired credentials, so I want to avoid that situation.

I am currently working[1] on a small feature which uses python TK (TKinter) to show a count-down of validity for credentials in a small window which I can place whereever I want on my screen. The window shall have:

a display of remaining time in minutes (with red background when the time is < 5 minutes)
a button to delete credentials from .aws (end session)
a button to get fresh credentials to write to .aws (prolong session)

I am adding this issue so anyone can give feedback before I spend too much time on it.

Also, I only test on Ubuntu and would be happy about people testing it on Mac (and possibly further OS's).

[1] https://github.com/matey-jack

Landscape seems broken and is missing a badge in the readme

We are using landscape, however it never seeems to complete on pull-requests and is missing a badge in the README,

Replace afp with afpv2

What are every ones thoughts on this one?

Implement Kerberos Support

Following #18 and #27 this should be considered an improvement. The code and interface logic are such that new so-called password-providers can implemented in a straightforward fashion.

Handle hash in role name (?)

I don't know if there is a use case for this (I don't have one) but afp-cli seems to truncate the role when it encounters a hash.

» afpv2 show account-name role-\#name
Password for mriehl: 
Failed to get credentials from AWS: API call to AWS (https://afp.invalid/afp-api/latest//account/account-name/role-#name) failed: User 'mriehl' may not access role 'role-' in account 'account-name'

This is probably due to the hash becoming an anchor. It also allows for things like URL traversal (a malicious role name could make you log in to another account) so I think the user set parameters should be transmitted over json, not URL.