Merge 3b630f0 into b26d2fd

.dockerignore

@@ -1,35 +1,8 @@
-**/__pycache__
-**/.venv
-**/.classpath
-**/.dockerignore
-**/.env
-**/.git
-**/.gitignore
-**/.git-blame-ignore-revs
-**/.project
-**/.settings
-**/.toolstarget
-**/.tox
-**/.vs
-**/.vscode
-**/.github
-**/*.*proj.user
-**/*.dbmdl
-**/*.jfm
-**/env
-**/venv
-**/docs
-**/tests
-**/bin
-**/charts
-**/docker-compose*
-**/compose*
-**/Dockerfile*
-**/node_modules
-**/npm-debug.log
-**/obj
-**/secrets.dev.yaml
-**/values.dev.yaml
-AUTHORS.md
-LICENSE.txt
-README.md
+**
+.**
+!.dockerignore
+!requirements.txt
+!AUTHORS.md
+!LICENSE.txt
+!README.md
+!tokendito/*.py

.github/workflows/docker.yml

@@ -0,0 +1,84 @@
+name: Publish to Dockerhub
+on:
+  push:
+    branches:
+      - chore/docker_build
+      - main
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+env:
+  REGISTRY: docker.io
+  # This could be ${{ github.repository }}
+  IMAGE_NAME: tokendito/tokendito
+
+jobs:
+  dockerhubpublish:
+    name: Build and Publish Docker Container
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      max-parallel: 2
+      matrix:
+        include:
+          # - { platform: "linux/arm64", platform-tag: "arm64" }
+          - { platform: "linux/amd64", platform-tag: "amd64" }
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: tokendito
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Extract Docker metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    - name: Build container
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        push: false
+        load: true
+        platforms: ${{ matrix.platform }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        sbom: false
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+      env:
+        DOCKER_CONTENT_TRUST: 1
+    - name: Sign and push docker image
+      uses: sudo-bot/action-docker-sign@latest
+      if: github.event_name != 'pull_request'
+      with:
+        image-ref: "${{steps.meta.outputs.tags}}"
+        private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
+        private-key: "${{ secrets.DOCKER_PRIVATE_KEY }}"
+        private-key-passphrase: "${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}"
+    # - name: Install cosign
+    #   if: github.event_name != 'pull_request'
+    #   uses: sigstore/cosign-installer@v2.8.1
+    #   with:
+    #     cosign-release: 'v1.13.1'
+    # - name: Sign container image with annotations from our environment
+    #   run: |
+    #     cosign sign --key env://COSIGN_KEY \
+    #       -a "repo=${{ github.repository }}" \
+    #       -a "workflow=${{ github.workflow }}" \
+    #       -a "ref=${{ github.sha }}" \
+    #       ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }}
+    #   if: github.event_name != 'pull_request'
+    #   env:
+    #     COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+    #     COSIGN_PASSWORD: "${{ secrets.COSIGN_PASSWORD}}"    

Dockerfile

@@ -7,8 +7,8 @@ ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 # Install pip requirements
-COPY requirements.txt .
-RUN python -m pip install -r requirements.txt
+COPY requirements.txt /app/requirements.txt
+RUN python -m pip install -r /app/requirements.txt
 
 WORKDIR /app
 COPY . /app
@@ -17,4 +17,4 @@ COPY . /app
 RUN adduser -u 5678 --disabled-password --gecos "" tokendito && chown -R tokendito /app
 USER tokendito
 
-ENTRYPOINT ["python", "tokendito/tokendito.py"]
+ENTRYPOINT ["python", "tokendito/tokendito.py"]

README.md

@@ -61,13 +61,7 @@ guide](https://github.com/dowjones/tokendito/blob/main/docs/README.md#multi-tile
 
 ## Docker
 
-Using Docker eliminates the need to install tokendito and its requirements.
-
-### Building the container image
-
-``` txt
-docker image build --pull --tag "tokendito:latest" .
-```
+Using Docker eliminates the need to install tokendito and its requirements. We are providing experimental Docker image support in [Dockerhub](https://hub.docker.com/r/tokendito/tokendito)
 
 ### Running the container image
 
@@ -93,14 +87,14 @@ docker run -ti -v ${home}:/home/tokendito/ tokendito
 Tokendito command line arguments are supported as well.
 
 ``` txt
-docker run -ti -v ${home}:/home/tokendito/ tokendito `
-  --okta-tile https://acme.okta.com/home/amazon_aws/000000000000000000x0/123 `
-  --username username@example.com `
-  --okta-mfa push `
-  --aws-output json `
-  --aws-region us-east-1 `
-  --aws-profile my-profile-name `
-  --aws-role-arn arn:aws:iam::000000000000:role/role-name
+docker run -ti -v ${home}:/home/tokendito/ tokendito \
+  --okta-tile https://acme.okta.com/home/amazon_aws/000000000000000000x0/123 \
+  --username username@example.com \
+  --okta-mfa push \
+  --aws-output json \
+  --aws-region us-east-1 \
+  --aws-profile my-profile-name \
+  --aws-role-arn arn:aws:iam::000000000000:role/role-name \
 ```
 
 Tokendito profiles are supported while using containers provided the proper volume mapping exists.

docs/README.md

@@ -59,7 +59,7 @@ Or you can put your parameters into a single [profile](tokendito.ini.md) and ref
 okta_aws_tile = https://acme.oktapreview.com/home/amazon_aws/b07384d113edec49eaa6/123
 okta_username = jane.doe@acme.com
 okta_mfa = push
-role_arn = arn:aws:iam::123456789000:role/engineer
+aws_role_arn = arn:aws:iam::123456789000:role/engineer
 ```
 
 And execute:

requirements.txt

@@ -1,4 +1,5 @@
 beautifulsoup4>=4.6.0
 botocore>=1.12.36
+certifi>=2022.12.07
 platformdirs>=2.5.4
 requests>=2.19.0

tests/unit_test.py

@@ -53,6 +53,35 @@ def test_import_location():
     assert imported_path.startswith(local_path)
 
 
+def test_cli_stdin():
+    """Test the availability of stdin."""
+    import os
+    import sys
+    from tokendito.tool import cli
+
+    # Save for reuse
+    old_stdin = sys.stdin
+    # Test for NoneType
+    with pytest.raises(SystemExit) as err:
+        sys.stdin = None
+        cli([])
+    assert err.value.code == 1
+
+    # Test for null descriptor
+    with pytest.raises(SystemExit) as err:
+        sys.stdin = open(os.devnull, "w")
+        cli([])
+    assert err.value.code == 1
+
+    sys.stdin = old_stdin
+    # Test for closed descriptor
+    with pytest.raises(SystemExit) as err:
+        sys.stdin = old_stdin
+        os.close(sys.stdin.fileno())
+        cli([])
+    assert err.value.code == 1
+
+
 def test_semver_version():
     """Ensure the package version is semver compliant."""
     from tokendito import __version__ as version
@@ -1055,6 +1084,7 @@ def test_get_mfa_response():
 def test_config_object():
     """Test proper initialization of the Config object."""
     import json
+    import sys
     from tokendito import Config
 
     # Test for invalid assignments to the object
@@ -1098,6 +1128,11 @@ def test_config_object():
     # Check that default values from the original object are kept
     assert pytest_config.get_defaults()["aws"]["region"] == pytest_config.aws["region"]
 
+    # Check that we set encoding correctly when there is no stdin
+    sys.stdin = None
+    pytest_config = Config()
+    assert pytest_config.user["encoding"] == "utf-8"
+
 
 def test_loglevel_collected_from_env(monkeypatch):
     """Ensure that the loglevel collected from env vars."""

tokendito/__init__.py

@@ -21,6 +21,10 @@
 class Config(object):
     """Creates configuration variables for the application."""
 
+    _default_encoding = "utf-8"
+    if getattr(sys, "stdin") is not None:
+        _default_encoding = sys.stdin.encoding
+
     # Instantiated objects can get Class defaults with get_defaults()
     _defaults = dict(
         user=dict(
@@ -29,7 +33,7 @@ class Config(object):
                 user_config_dir(appname=__title__, appauthor=False), f"{__title__}.ini"
             ),
             config_profile="default",
-            encoding=sys.stdin.encoding,
+            encoding=_default_encoding,
             loglevel="INFO",
             log_output_file="",
             mask_items=[],

tokendito/user.py

@@ -1047,7 +1047,14 @@ def get_input(prompt="-> "):
     :param prompt: optional string with prompt.
     :return user_input: raw from user.
     """
-    user_input = input(f"{prompt}")
+    try:
+        user_input = input(f"{prompt}")
+    except (EOFError, OSError, RuntimeError):
+        logger.error(
+            "sys.stdin is not available. Interactive invocation requires stdin to be present. "
+            "Please check the --help argument and documentation for more details.",
+        )
+        sys.exit(1)
     logger.debug(f"User input: {user_input}")
 
     return user_input