scout24 / afp-cli Goto Github PK
View Code? Open in Web Editor NEWCLI for the AWS Federation Proxy
License: Apache License 2.0
CLI for the AWS Federation Proxy
License: Apache License 2.0
Does anyone have any issues changing the api_url
config item to api-url
?
I've tried using the --password-provider
option on OSX 10.11.5. I can store the password, but every subsequent invocation of afp fails with the error "Can't fetch password from system":
$ afp --password-provider keyring accountname ✭
No password found in keychain, please enter it now to store it.
Password for kaeffetter:
Entering AFP subshell for account accountname, role full-access.
Press CTRL+D to exit.
bash: git_prompt_info: command not found
(AWS accountname/full-access 59 Min) (cfn-sphere)%{[red]%}➜ %{[green]%}%p %{[cyan]%}%c %{[blue]%}%{[blue]%} % %{%}exit
Left AFP subshell.
Works: The keychain now contains an entry called "afp".
$ afp --password-provider keyring accountname ✭
Traceback (most recent call last):
File "/Users/kaeff/.virtualenvs/cfn-sphere/bin/afp", line 10, in <module>
main()
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/cli.py", line 50, in main
unprotected_main()
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/cli.py", line 74, in unprotected_main
password = get_password(password_provider, username)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/password_providers.py", line 61, in get_password
password = keyring_get_password(username)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/afp_cli/password_providers.py", line 49, in keyring_get_password
password = keyring.get_password('afp', username)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/core.py", line 42, in get_password
return _keyring_backend.get_password(service_name, username)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/OS_X.py", line 44, in get_password
return api.find_generic_password(self.keychain, service, username)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 92, in find_generic_password
NotFound.raise_for_status(status, msg)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 43, in raise_for_status
Error.raise_for_status(status, msg)
File "/Users/kaeff/.virtualenvs/cfn-sphere/lib/python2.7/site-packages/keyring/backends/_OS_X_API.py", line 35, in raise_for_status
raise cls(status, msg)
keyring.backends._OS_X_API.Error: (-25293, "Can't fetch password from system")
Fails.
The configuration file contains user
and api_url
entries.
It sucks that I have to retype my password all the time. It would be easier and more secure if this could work automagically (kerberos) or at least with password caching (keyring).
👎 for keyring since this stores the password on disk though.
As a windows user I would like to write the received credentials to the AWS-configuration (.aws/credentials
in the User Directory) to enable my SDK-based application to use the credentials automatically.
With this command-line-switch I would not need to set the Environment variables manually.
Currently the only place the version is stored is in the build.py
. This means the cli can not report it's own version with --version
for example.
It would be nice if there where some install instruction on top of the readme file. I would like to link the project from a howto-guide and don't wont to explain it there.
this would be useful in custom scripts that run inside the shell.
If you like the feature I could try to knit a pull request.
--output-format
switch--server
switchThe keyring feature in #27 is really great. The only pitfall is that the password expiration will come soon. To tackle that you could re-prompt for a password if the authentication on the afp-server fails and save the new password in keyring
» afpv2 show account-name
Password for mriehl:
Traceback (most recent call last):
File "/usr/local/bin/afpv2", line 9, in <module>
load_entry_point('afp-cli==1.3.1.post166', 'console_scripts', 'afpv2')()
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 59, in main
unprotected_main()
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 106, in unprotected_main
role = arguments['<rolename>'] or get_first_role(federation_client, account)
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cli_functions.py", line 48, in get_first_role
accounts_and_roles = federation_client.get_account_and_role_list()
File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 43, in get_account_and_role_list
accounts_and_roles = self.call_api("/account")
File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 30, in call_api
self._password))
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 454, in request
prep = self.prepare_request(req)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 388, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 297, in prepare
self.prepare_auth(auth, url)
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 490, in prepare_auth
r = auth(self)
File "/usr/local/lib/python2.7/dist-packages/requests/auth.py", line 51, in __call__
r.headers['Authorization'] = _basic_auth_str(self.username, self.password)
File "/usr/local/lib/python2.7/dist-packages/requests/auth.py", line 31, in _basic_auth_str
b64encode(('%s:%s' % (username, password)).encode('latin1')).strip()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 8: ordinal not in range(128)
I am using git-bash as both bash
and cmd
and got my Python from miniconda and it is Version Python 2.7.10 :: Continuum Analytics, Inc.
. I installed afp-cli
from PyPi and get the following errors:
$ afp
Traceback (most recent call last):
File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\runpy.py", line 162, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\runpy.py", line 72, in _run_code
exec code in run_globals
File "C:\Users\VHaenel\AppData\Local\Continuum\Miniconda\Scripts\afp.exe\__main__.py", line 9, in <module>
File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\site-packages\afp_cli\cli.py", line 189, in main
password = get_password(username)
File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\site-packages\afp_cli\cli.py", line 46, in get_password
return getpass.getpass("Password for {0}: ".format(username))
File "c:\users\vhaenel\appdata\local\continuum\miniconda\lib\getpass.py", line 95, in win_getpass
msvcrt.putch(c)
TypeError: must be char, not unicode
» afpv2 show account-name role-namé
Password for mriehl:
Traceback (most recent call last):
File "/usr/local/bin/afpv2", line 9, in <module>
load_entry_point('afp-cli==1.3.1.post166', 'console_scripts', 'afpv2')()
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 59, in main
unprotected_main()
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cliv2.py", line 107, in unprotected_main
aws_credentials = get_aws_credentials(federation_client, account, role)
File "/usr/local/lib/python2.7/dist-packages/afp_cli/cli_functions.py", line 60, in get_aws_credentials
aws_credentials = federation_client.get_aws_credentials(account, role)
File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 49, in get_aws_credentials
role))
File "/usr/local/lib/python2.7/dist-packages/afp_cli/client.py", line 38, in call_api
self.api_url, url_suffix, api_result.json()['message']))
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 78: ordinal not in range(128)
For easier debugging of the command line.
Some nice command-line tests would help us see issues such as #11 in future.
I got some errors when installing this in python 3:
zsh» pip install afp-cli
Collecting afp-cli
Downloading afp-cli-1.0.6-0.tar.gz
Collecting docopt (from afp-cli)
Collecting requests (from afp-cli)
Using cached requests-2.7.0-py2.py3-none-any.whl
Collecting yamlreader>=3.0.1 (from afp-cli)
Downloading yamlreader-3.0.2.tar.gz
Collecting PyYAML (from yamlreader>=3.0.1->afp-cli)
Using cached PyYAML-3.11.tar.gz
Collecting six (from yamlreader>=3.0.1->afp-cli)
Using cached six-1.9.0-py2.py3-none-any.whl
Building wheels for collected packages: afp-cli, yamlreader, PyYAML
Running setup.py bdist_wheel for afp-cli
Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/afp-cli/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmppnzemucopip-wheel-:
/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/setuptools-18.3.2-py3.5.egg/setuptools/dist.py:285: UserWarning: Normalizing '1.0.6-0' to '1.0.6.post0'
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: invalid command 'bdist_wheel'
----------------------------------------
Failed building wheel for afp-cli
Running setup.py bdist_wheel for yamlreader
Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/yamlreader/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmpjvquden3pip-wheel-:
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: invalid command 'bdist_wheel'
----------------------------------------
Failed building wheel for yamlreader
Running setup.py bdist_wheel for PyYAML
Complete output from command /data/home/vhaenel/anaconda/envs/afp/bin/python3 -c "import setuptools;__file__='/tmp/pip-build-510l7b0j/PyYAML/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /tmp/tmpjh8t14mapip-wheel-:
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: invalid command 'bdist_wheel'
----------------------------------------
Failed building wheel for PyYAML
Failed to build afp-cli yamlreader PyYAML
Installing collected packages: docopt, requests, PyYAML, six, yamlreader, afp-cli
Running setup.py install for PyYAML
Running setup.py install for yamlreader
Running setup.py install for afp-cli
Successfully installed PyYAML-3.11 afp-cli-1.0.6.post0 docopt-0.6.2 requests-2.7.0 six-1.9.0 yamlreader-3.0.2
I use afp-cli
in a zsh so this would be really neat.
As Bash user I would like to be helped with an autocompletion.
Maybe can be copied over from #48 or stolen from the bash completion in AWSCLI
Coveralls seems to be reporting a strange coverage: 59% where use on the command-line via pybuilder gives 89%
Do we want to keep the post0
suffix?
zsh» afp --user=vhaenel
Password for vhaenel:
Traceback (most recent call last):
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 216, in main
federation_client.print_account_and_role_list()
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 52, in print_account_and_role_list
accounts_and_roles = sorted(self.get_account_and_role_list().items())
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 36, in get_account_and_role_list
accounts_and_roles = self.call_api("/account")
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/client.py", line 28, in call_api
self.api_url, url_suffix, api_result.status_code, api_result.reason))
Exception: API call to AWS (https://{HOST}/afp-api/latest//account) failed: 401 Authorization Required
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/data/home/vhaenel/anaconda/envs/afp/bin/afp", line 9, in <module>
load_entry_point('afp-cli==1.0.6.post0', 'console_scripts', 'afp')()
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 218, in main
error("Failed to get account list from AWS: %s" % exc)
File "/data/home/vhaenel/anaconda/envs/afp/lib/python3.5/site-packages/afp_cli/cli.py", line 35, in error
print >>sys.stderr, message
TypeError: unsupported operand type(s) for >>: 'builtin_function_or_method' and '_io.TextIOWrapper'
NB: I replaced the real host with {HOST}
.
Leftover from #36
Use -s,--server
on the command line interface and server
in the config to configure on the name of the server and not the full --api-url
.
I guess api-url
should take precedence if given in the config-file or on the command-line, might be a bit tricky to handle that correctly.
I am mostly using "afp write" since I need credentials in my IDE and several open shell windows. Often commands (such as DataWario) fail late when there are expired credentials, so I want to avoid that situation.
I am currently working[1] on a small feature which uses python TK (TKinter) to show a count-down of validity for credentials in a small window which I can place whereever I want on my screen. The window shall have:
I am adding this issue so anyone can give feedback before I spend too much time on it.
Also, I only test on Ubuntu and would be happy about people testing it on Mac (and possibly further OS's).
We are using landscape, however it never seeems to complete on pull-requests and is missing a badge in the README,
What are every ones thoughts on this one?
I don't know if there is a use case for this (I don't have one) but afp-cli seems to truncate the role when it encounters a hash.
» afpv2 show account-name role-\#name
Password for mriehl:
Failed to get credentials from AWS: API call to AWS (https://afp.invalid/afp-api/latest//account/account-name/role-#name) failed: User 'mriehl' may not access role 'role-' in account 'account-name'
This is probably due to the hash becoming an anchor. It also allows for things like URL traversal (a malicious role name could make you log in to another account) so I think the user set parameters should be transmitted over json, not URL.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.