Automate prompt for mfa, app, role selections

[odg0318]

Description

I implemented that the prompts can be skipped by configuring ~/.okta_aws_login_config and command line arguments.

Related Issue

• Add optional cookiejar support to reduce password/MFA prompts #342

Motivation and Context

To get AWS credentials, multiple prompts are required like the followings.

$ gimme-aws-creds --profile default
Using password from keyring for XXX@example.com
Multi-factor Authentication required.
Detected preferred provider in config: GOOGLE
Enter verification code:
done

Pick an app:
[0] AWS Dev
[1] AWS Ops
[2] AWS Prod
Selection: 2
Pick a role:
[0] arn:aws:iam::1234567890:role/XXX
[1] arn:aws:iam::1234567891:role/XXX
Selections (comma separated): 1
Saving arn:aws:iam::1234567891:role/XXX as default
Written profile default to /Users/krust/.aws/credentials

Because of the prompts, it is impossible to automate process to get AWS credentials. With my codes, the process will be changed like the following.

$ gimme-aws-creds --profile default --okta-app 2 --okta-role 1
Using password from keyring for donny.oh@krustuniverse.com
Multi-factor Authentication required.
Detected preferred provider in config: GOOGLE
Enter verification code:
done

Detected app in config: AWS Prod
Detected role in config: arn:aws:iam::1234567891:role/XXX
Saving arn:aws:iam::1234567891:role/XXX as default
Written profile default to /Users/krust/.aws/credentials

$ cat ~/.okta_aws_login_config | grep mfa
preferred_mfa_type = token:software:totp
preffered_mfa_provider = GOOGLE

How Has This Been Tested?

I manually tested the code in my local. If you have any idea to test this code, please let me know.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[odg0318]

I have no idea why there is a change on this line.

[zelch]

This was done by your editor when you saved the file, not a big deal.

[schlueter]

Your editor added a newline character at the end of the line. GitHub indicates the absence of this with a red circle around a horizontal line. When the character exists at the end of the last line of the file, GitHub just shows the line from the file. You can see the difference locally by running tail <filename>;echo foobar and if the trailing newline is not present "foobar" will appear appended to the last line, if the trailing newline does exist, "foobar" will be on its own line. The absence of a trailing newline can cause issues with file handling, particularly with older tools (though they're likely just working as intended).

[odg0318]

I added two of new arguments; --okta-app, --okta-role are automatically select the specific app and role.

[epierce]

the inputs should be the app and role names, not their position in the list from Okta. Those positions will change as accounts/roles are added and removed.

[epierce]

also, there are existing config options for these settings (aws_appname and aws_rolename) the parameters should match those names

[odg0318]

I added preffered_mfa_provider option in okta_aws_login_config. This will automatically select the specific mfa provider type like GOOGLE.

[epierce]

The concept for the changes are good, but some changes are needed to align them with the rest of the code.

[epierce]

Spelling error - preferred_mfa_provider, not preffered_mfa_provider

[epierce]

the inputs should be the app and role names, not their position in the list from Okta. Those positions will change as accounts/roles are added and removed.

[epierce]

also, there are existing config options for these settings (aws_appname and aws_rolename) the parameters should match those names