Clean up ini parsing, initial logging

TODO: - clean up process_okta_org_url / process_okta_app_url logic - add getenv() calls to early_logging setup - add unit tests - add tests for original request
dowjones · Sep 20, 2022 · 701f4c3 · 701f4c3
1 parent 9f13046
commit 701f4c3
Show file tree

Hide file tree

Showing 6 changed files with 155 additions and 112 deletions.
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -2,9 +2,8 @@
 black>=22.1.0
 coveragepy-lcov; python_version >= '3.8'
 docutils
-flake8
+flake8>=5.0.0
 flake8-black
-flake8-colors
 flake8-docstrings
 flake8-import-order
 pep8-naming

diff --git a/tests/unit_test.py b/tests/unit_test.py
@@ -89,7 +89,7 @@ def test_set_okta_password(mocker):
         ("https://acme.okta.org/app/UserHome", False),
         ("http://login.acme.org/home/amazon_aws/0123456789abcdef0123/456", False),
         ("https://login.acme.org/?abc=def", False),
-        ("acme.okta.org", True),
+        ("acme.okta.org", False),
         ("https://acme.okta.org/", True),
     ],
 )

diff --git a/tokendito/aws.py b/tokendito/aws.py
@@ -150,7 +150,7 @@ def handle_assume_role(role_arn, provider_arn, encoded_xml, duration, default_er
     return assume_role_response
 
 
-def ensure_keys_work(assume_role_response):
+def assert_credentials(assume_role_response):
     """Validate the temporary AWS credentials.
 
     :param aws_access_key: AWS access key
@@ -174,7 +174,8 @@ def ensure_keys_work(assume_role_response):
             aws_secret_access_key=aws_secret_key,
             aws_session_token=aws_session_token,
         )
-        client.get_caller_identity()
+        identity = client.get_caller_identity()
+        logger.debug(f"Logged on with role ARN: {identity['Arn']}")
     except Exception as auth_error:
         logger.error(f"There was an error authenticating your keys with AWS: {auth_error}")
         sys.exit(1)

diff --git a/tokendito/tool.py b/tokendito/tool.py
@@ -17,7 +17,6 @@ def cli(args):
     """Tokendito retrieves AWS credentials after authenticating with Okta."""
     # Set some required initial values
     user.process_options(args)
-    user.setup_logging(config.user)
     logger.debug(f"Final configuration is {config}")
 
     user.process_okta_org_url(config)
@@ -55,7 +54,7 @@ def cli(args):
 
     assume_role_response, role_name = aws.select_assumeable_role(auth_apps)
 
-    aws.ensure_keys_work(assume_role_response)
+    aws.assert_credentials(assume_role_response)
 
     user.set_local_credentials(
         assume_role_response, role_name, config.aws["region"], config.aws["output"]