fixup for bad profile

tests/conftest.py

@@ -18,3 +18,4 @@ def pytest_addoption(parser):
         default="/dev/null",
         help="Sets an optional config file to read from",
     )
+    parser.addoption("--aws-profile", default="pytest", help="Sets the AWS profile name")

tests/functional_test.py

@@ -78,6 +78,7 @@ def custom_args(request):
         "--okta-mfa-response",
         "--aws-role-arn",
         "--config-file",
+        "--aws-profile",
     ]
     arg_list = []
     # pytest does not have a method for listing options, so we have look them up.
@@ -211,6 +212,8 @@ def test_generate_credentials(custom_args):
     args = [
         "--aws-role-arn",
         f"{config.aws['role_arn']}",
+        "--aws-profile",
+        f"{config.aws['profile']}",
         "--okta-app-url",
         f"{config.okta['app_url']}",
         "--okta-mfa-method",
@@ -247,8 +250,8 @@ def test_aws_credentials(custom_args):
 
     if not config.aws["role_arn"]:
         pytest.skip("No AWS profile defined, test will be skipped.")
-    profile = config.aws["role_arn"].split("/")[-1]
-    runnable = ["aws", "--profile", profile, "sts", "get-caller-identity"]
+
+    runnable = ["aws", "--profile", config.aws["profile"], "sts", "get-caller-identity"]
     proc = run_process(runnable)
     assert not proc["stderr"]
     assert proc["exit_status"] == 0

tests/unit_test.py

@@ -1002,6 +1002,27 @@ def test_process_interactive_input(mocker):
         assert user.process_interactive_input({"pytest": "pytest"}) == error
 
 
+@pytest.mark.parametrize(
+    "value,submit,expected",
+    [
+        ("pytest", None, "pytest"),
+        ("pytest", "deadbeef", "pytest"),
+        ("pytest", 0xDEADBEEF, "pytest"),
+        (None, None, "default"),
+        (None, "", "default"),
+        (None, 0xDEADBEEF, str(0xDEADBEEF)),
+    ],
+)
+def test_set_role_name(value, submit, expected):
+    """Test setting the AWS Role (profile) name."""
+    from tokendito import user, Config
+
+    pytest_config = Config(aws=dict(profile=value))
+
+    ret = user.set_role_name(pytest_config, submit)
+    assert ret.aws["profile"] == expected
+
+
 @pytest.mark.parametrize(
     "config,expected",
     [

tokendito/aws.py

@@ -169,7 +169,7 @@ def assert_credentials(role_response={}):
         aws_access_key = role_response["Credentials"]["AccessKeyId"]
         aws_secret_key = role_response["Credentials"]["SecretAccessKey"]
         aws_session_token = role_response["Credentials"]["SessionToken"]
-    except KeyError:
+    except (KeyError, TypeError):
         logger.error("SAML Response did not contain credentials")
         sys.exit(1)
 
@@ -194,8 +194,8 @@ def assert_credentials(role_response={}):
 def select_assumeable_role(apps):
     """Select the role to perform the AssumeRoleWithSaml.
 
-    # :param apps: apps metadata, list of tuples
-    # :return: AWS AssumeRoleWithSaml response, role name, tuple
+    :param apps: apps metadata, list of tuples
+    :return: tuple with AWS AssumeRoleWithSaml response and role name
     """
     authenticated_aps = {}
     for url, saml_response, saml, label in apps:
@@ -217,4 +217,4 @@ def select_assumeable_role(apps):
         authenticated_aps[_id]["saml"],
     )
 
-    return assume_role_response, role_name
+    return (assume_role_response, role_name)

tokendito/tool.py

@@ -55,11 +55,13 @@ def cli(args):
         )
         sys.exit(1)
 
+    user.set_role_name(config, role_name)
+
     user.set_local_credentials(
         response=role_response,
-        role=role_name,
+        role=config.aws["profile"],
         region=config.aws["region"],
         output=config.aws["output"],
     )
 
-    user.display_selected_role(profile_name=role_name, role_response=role_response)
+    user.display_selected_role(profile_name=config.aws["profile"], role_response=role_response)

tokendito/user.py

@@ -796,6 +796,21 @@ def get_password():
     return res
 
 
+def set_role_name(config_obj, name):
+    """Set AWS Role alias name based on user preferences.
+
+    :param config: Config object.
+    :param name: Role name. Defaults to the string "default"
+    :return: Config object.
+    """
+    if name is None or name == "":
+        name = "default"
+    if config_obj.aws["profile"] is None:
+        config_obj.aws["profile"] = str(name)
+
+    return config_obj
+
+
 def update_configuration(ini_file, profile):
     """Update configuration file on local system.
 

tox.ini

@@ -5,6 +5,7 @@ envlist = lint, py{36,37,38,39,310}, auth, coverage
 [testenv]
 deps = -r requirements-dev.txt
 commands =
+    coverage erase
     pytest --cov=tokendito --cov-append -v -ra -k 'unit' -s tests/ --
     pytest --cov=tokendito --cov-append -v -ra -k 'functional and not credentials' -s tests/ --