From 891637a1c38ef8bcfac9bb0a1d4b80259e9dd005 Mon Sep 17 00:00:00 2001 From: Michael Choi <1226798+choilive@users.noreply.github.com> Date: Fri, 11 Nov 2022 23:47:28 -0800 Subject: [PATCH 1/2] Support setting the suffixes via environment variables. --- README.md | 5 ++++- awsmfa/__init__.py | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a0f4805..09b22e9 100644 --- a/README.md +++ b/README.md @@ -155,11 +155,14 @@ Usage identify the long term credential section by []. Omit to identify the long term credential section by [-long-term]. + The value can also be provided via the environment + variable 'MFA_LONG_TERM_SUFFIX. --short-term-suffix SHORT_TERM_SUFFIX To identify the short term credential section by [-SHORT_TERM_SUFFIX]. Omit or use 'none' to identify the short term credential section by - []. + []. The value can also be provided via + the environment variable 'MFA_SHORT_TERM_SUFFIX. --assume-role arn:aws:iam::123456788990:role/RoleName The ARN of the AWS IAM Role you would like to assume, if specified. This value can also be provided via the diff --git a/awsmfa/__init__.py b/awsmfa/__init__.py index 21e7096..0683561 100755 --- a/awsmfa/__init__.py +++ b/awsmfa/__init__.py @@ -128,14 +128,22 @@ def validate(args, config): args.profile = 'default' if not args.long_term_suffix: - long_term_name = '%s-long-term' % (args.profile,) + if os.environ.get('MFA_LONG_TERM_SUFFIX'): + args.long_term_suffix = os.environ.get('MFA_LONG_TERM_SUFFIX') + long_term_name = '%s-%s' % (args.profile, args.long_term_suffix) + else: + long_term_name = '%s-long-term' % (args.profile,) elif args.long_term_suffix.lower() == 'none': long_term_name = args.profile else: long_term_name = '%s-%s' % (args.profile, args.long_term_suffix) if not args.short_term_suffix or args.short_term_suffix.lower() == 'none': - short_term_name = args.profile + if os.environ.get('MFA_SHORT_TERM_SUFFIX'): + args.short_term_suffix = os.environ.get('MFA_SHORT_TERM_SUFFIX') + short_term_name = '%s-%s' % (args.profile, args.short_term_suffix) + else: + short_term_name = args.profile else: short_term_name = '%s-%s' % (args.profile, args.short_term_suffix) From 2f8a0ae314159afe0f4837a4369c08e904fe6a82 Mon Sep 17 00:00:00 2001 From: Michael Choi Date: Sat, 12 Nov 2022 02:29:53 -0600 Subject: [PATCH 2/2] Support setting the suffix to 'none' via env vars. Add debug logging --- awsmfa/__init__.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/awsmfa/__init__.py b/awsmfa/__init__.py index 0683561..27f4c4f 100755 --- a/awsmfa/__init__.py +++ b/awsmfa/__init__.py @@ -133,10 +133,11 @@ def validate(args, config): long_term_name = '%s-%s' % (args.profile, args.long_term_suffix) else: long_term_name = '%s-long-term' % (args.profile,) - elif args.long_term_suffix.lower() == 'none': - long_term_name = args.profile else: long_term_name = '%s-%s' % (args.profile, args.long_term_suffix) + if args.long_term_suffix.lower() == 'none': + long_term_name = args.profile + logger.debug('Using long term name: %s' % (long_term_name,)) if not args.short_term_suffix or args.short_term_suffix.lower() == 'none': if os.environ.get('MFA_SHORT_TERM_SUFFIX'): @@ -146,12 +147,12 @@ def validate(args, config): short_term_name = args.profile else: short_term_name = '%s-%s' % (args.profile, args.short_term_suffix) + logger.debug('Using short term name: %s' % (short_term_name,)) if long_term_name == short_term_name: log_error_and_exit(logger, "The value for '--long-term-suffix' cannot " "be equal to the value for '--short-term-suffix'") - if args.assume_role: role_msg = "with assumed role: %s" % (args.assume_role,) elif config.has_option(args.profile, 'assumed_role_arn'):