From dc886fe38ba5c80b26118379e1e87179bec75e87 Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Thu, 31 Jan 2019 13:25:11 -0800 Subject: [PATCH 1/6] Add version to user agent --- awsprocesscreds/saml.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/awsprocesscreds/saml.py b/awsprocesscreds/saml.py index 1665f51..aaec918 100644 --- a/awsprocesscreds/saml.py +++ b/awsprocesscreds/saml.py @@ -15,6 +15,7 @@ from botocore.credentials import CachedCredentialFetcher import botocore.session +import awsprocesscreds from .compat import escape @@ -370,7 +371,12 @@ def _get_credentials(self): def _create_client(self): return self._client_creator( - 'sts', config=Config(signature_version=botocore.UNSIGNED) + 'sts', config=Config( + signature_version=botocore.UNSIGNED, + user_agent_extra=( + 'awsprocesscreds-saml/%s' % awsprocesscreds.__version__ + ) + ) ) def _get_role_and_principal_arn(self, assertion): From 38ab637af76f5db828dde08b43b3713176db710c Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Thu, 31 Jan 2019 13:50:00 -0800 Subject: [PATCH 2/6] Update readme --- README.rst | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/README.rst b/README.rst index e89a5de..1af65d6 100644 --- a/README.rst +++ b/README.rst @@ -8,6 +8,9 @@ AWS Process Credential Providers A collection of process-based credential providers to be used with the AWS CLI and related tools. +This is an experimental package, breaking changes may occur on any minor +version bump. + Installation ------------ @@ -68,3 +71,33 @@ Example adfs configuration:: credential_process = awsprocesscreds-saml -e 'https://corp.example.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices' -u Monty -p adfs -a arn:aws:iam::123456789012:role/ADFS-Dev .. _AWS CLI Config docs: http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config-vars + + +Custom Providers +---------------- + +The mechanism this package uses to provide credentials is generally available, +and not specific to this package. It can be used to implement any custom +credential provider that will work with the AWS CLI, boto3, and other SDKs as +they implement support. + +A detailed breakdown of this mechanism along with a live demo of implementing a +credential provider that hooks into the macOS keychain can be seen on this +recorded talk from re:Invent 2017: +`AWS CLI: 2107 and Beyond `_ + +The CLI will call the process provided as the value for ``credential_process``. +This process must return credentials on stdout in the following JSON form:: + + { + "Version": 1, + "AccessKeyId": "string", + "SecretAccessKey": "string", + "SessionToken": "string", + "Expiration": "2019-01-31T21:45:41+00:00" + } + +Where ``Expiration`` is an RFC 3339 compatible timestamp. As the expiration +time nears, the process will be called again to get a new set of credentials. +The ``Version`` denotes the version of this format, whose only current valid +value is ``1``. The remaining keys are the AWS credentials you wish to use. From 718f6c92b4691bc9f32f797eab06b2f825977e16 Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Thu, 31 Jan 2019 13:53:25 -0800 Subject: [PATCH 3/6] Bump patch version --- awsprocesscreds/__init__.py | 2 ++ setup.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/awsprocesscreds/__init__.py b/awsprocesscreds/__init__.py index 89ee45e..13df3e0 100644 --- a/awsprocesscreds/__init__.py +++ b/awsprocesscreds/__init__.py @@ -1,5 +1,7 @@ import logging +__version__ = '0.0.2' + class NullHandler(logging.Handler): def emit(self, record): diff --git a/setup.py b/setup.py index ca8cb83..1193f5a 100644 --- a/setup.py +++ b/setup.py @@ -13,7 +13,7 @@ setup( name='awsprocesscreds', - version='0.0.1', + version='0.0.2', description='AWS Process Credential Providers.', long_description=README, author='Amazon Web Services', From 8a1ed8ae020e162e87feeffaa0add1ba30bf845d Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Fri, 1 Feb 2019 11:07:02 -0800 Subject: [PATCH 4/6] Pin astroid version --- requirements-dev.txt | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index ef32402..0b6b547 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -5,7 +5,11 @@ pytest-catchlog==1.2.2 coverage==4.3.4 flake8==3.5.0 mock==2.0.0 -# Pylint will fail on py3. Locking to a commit on master -# until pylint2 is released. --e git://github.com/PyCQA/pylint.git@7cb3ffddfd96f5e099ca697f6b1e30e727544627#egg=pylint -pydocstyle==2.1.1 \ No newline at end of file +# The latest version of pylint only works on python3. +pylint==2.2.2 ; python_version >= '3.6' +astroid==2.1.0 ; python_version >= '3.6' +# For python2, there are a few bugs in the latest versions of 1.x, +# so we're locking to a specific version that we know works. +pylint==1.9.3 ; python_version <= '2.7' +astroid==1.6.5 ; python_version <= '2.7' +pydocstyle==2.1.1 From 27ee14e9e12e5e7c876fbb7009a2a116857d4ed8 Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Fri, 1 Feb 2019 11:12:28 -0800 Subject: [PATCH 5/6] Update pylint exceptions This add an exception for a pylint error which triggers on subclassing from objec in python3. This is needed becuase it's compat code. It also adds a file-specific exception for a linting rule singling out conditionally returning expressions as the specific usage will return None in other cases. --- .pylintrc | 2 +- awsprocesscreds/saml.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.pylintrc b/.pylintrc index 4230edc..4423272 100644 --- a/.pylintrc +++ b/.pylintrc @@ -59,7 +59,7 @@ confidence= # --enable=similarities". If you want to run only the classes checker, but have # no Warning level messages displayed, use"--disable=all --enable=classes # --disable=W" -disable=R0201,W0613,I0021,I0020,C0111,W1618,W1619,R0902,R0903,W0231,W0611,R0913,W0703,C0330,R0204,I0011,R0904 +disable=R0201,W0613,I0021,I0020,C0111,W1618,W1619,R0902,R0903,W0231,W0611,R0913,W0703,C0330,R0204,I0011,R0904,R0205 [REPORTS] diff --git a/awsprocesscreds/saml.py b/awsprocesscreds/saml.py index aaec918..16ed432 100644 --- a/awsprocesscreds/saml.py +++ b/awsprocesscreds/saml.py @@ -1,3 +1,4 @@ +# pylint: disable=R1710 import base64 import getpass import logging From 29805e0305cf2efd02020eec70da906d15f2b990 Mon Sep 17 00:00:00 2001 From: JordonPhillips Date: Fri, 1 Feb 2019 11:37:55 -0800 Subject: [PATCH 6/6] Auto find version in setup.py --- setup.py | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/setup.py b/setup.py index 1193f5a..1720358 100644 --- a/setup.py +++ b/setup.py @@ -1,8 +1,24 @@ #!/usr/bin/env python +import codecs +import os.path +import re from setuptools import setup, find_packages -with open('README.rst') as readme_file: - README = readme_file.read() +HERE = os.path.abspath(os.path.dirname(__file__)) + + +def read(*parts): + return codecs.open(os.path.join(HERE, *parts), 'r').read() + + +def find_version(*file_paths): + version_file = read(*file_paths) + version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", + version_file, re.M) + if version_match: + return version_match.group(1) + raise RuntimeError("Unable to find version string.") + install_requires = [ @@ -13,9 +29,9 @@ setup( name='awsprocesscreds', - version='0.0.2', + version=find_version('awsprocesscreds', '__init__.py'), description='AWS Process Credential Providers.', - long_description=README, + long_description=read('README.rst'), author='Amazon Web Services', url='https://github.com/awslabs/awsprocesscreds', packages=find_packages(exclude=['tests']),