Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the ability to setting proxy in both configure file and arguements #37

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ In a typical AWS credentials file (located at `~/.aws/credentials`), credentials

By default long term credential sections are identified by the convention `[<profile_name>-long-term]` and short term credentials are identified by the typical convention: `[<profile_name>]`. The following illustrates how you would configure you credentials file using **aws-mfa** with your default credentials:


```ini
[default-long-term]
aws_access_key_id = YOUR_LONGTERM_KEY_ID
Expand Down Expand Up @@ -75,6 +76,22 @@ aws_secret_access_key = <POPULATED_BY_AWS-MFA>
aws_security_token = <POPULATED_BY_AWS-MFA>
```

Proxy set up
--------------------------

In proxies section, you can set up the proxy you want to
```ini
[proxies]
http=http.proxy.com:8080
https=https.proxy.com:3128
```
or you can use the --proxies argument with dictionary data of proxy like:

```
{http: 'http.proxy.com:8080'}
```


The default naming convention for the credential section can be overriden by using the `--long-term-suffix` and
`--short-term-suffix` command line arguments. For example, in a multi account scenario you can have one AWS account
that manages the IAM users for your organization and have other AWS accounts for development, staging and production
Expand Down
32 changes: 24 additions & 8 deletions awsmfa/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@
import os
import sys
import boto3
from botocore.config import Config

from botocore.exceptions import ClientError, ParamValidationError
from awsmfa.config import initial_setup
from awsmfa.util import log_error_and_exit, prompter
from awsmfa.util import log_error_and_exit, prompter, merge_dict

logger = logging.getLogger('aws-mfa')

Expand Down Expand Up @@ -83,6 +84,10 @@ def main():
type=str,
help="Provide MFA token as an argument",
required=False)
parser.add_argument('--proxies',
type=dict,
help="Setup proxy for aws client, using dict format like {'http':'foo.bar:3128'}",
required=False)
args = parser.parse_args()

level = getattr(logging, args.log_level)
Expand All @@ -99,7 +104,6 @@ def main():
else:
log_error_and_exit(logger, 'Could not locate credentials file at '
'%s' % (AWS_CREDS_PATH,))

config = get_config(AWS_CREDS_PATH)

if args.setup:
Expand Down Expand Up @@ -144,6 +148,11 @@ def validate(args, config):
"The value for '--long-term-suffix' cannot "
"be equal to the value for '--short-term-suffix'")

if args.proxies or 'proxies' in config.sections():
args.real_proxies = merge_dict(args.proxies, dict(config.items('proxies')))
else:
args.real_proxies= None

if args.assume_role:
role_msg = "with assumed role: %s" % (args.assume_role,)
elif config.has_option(args.profile, 'assumed_role_arn'):
Expand Down Expand Up @@ -285,12 +294,19 @@ def get_credentials(short_term_name, lt_key_id, lt_access_key, args, config):
mfa_token = console_input('Enter AWS MFA code for device [%s] '
'(renewing for %s seconds):' %
(args.device, args.duration))

client = boto3.client(
'sts',
aws_access_key_id=lt_key_id,
aws_secret_access_key=lt_access_key
)
if args.real_proxies:
client = boto3.client(
'sts',
aws_access_key_id=lt_key_id,
aws_secret_access_key=lt_access_key,
config=Config(proxies=args.real_proxies)
)
else:
client = boto3.client(
'sts',
aws_access_key_id=lt_key_id,
aws_secret_access_key=lt_access_key
)

if args.assume_role:

Expand Down
11 changes: 10 additions & 1 deletion awsmfa/util.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import sys

import copy

def log_error_and_exit(logger, message):
"""Log an error message and exit with error"""
Expand All @@ -14,3 +14,12 @@ def prompter():
console_input = input

return console_input

def merge_dict(x, y):
z=copy.deepcopy(x)
if z:
z.update(y)
return z
else:
return y