From 6802ef1e6d66f9a2d48a0ac8d44095a3c527322f Mon Sep 17 00:00:00 2001 From: Fred Cox Date: Wed, 3 Mar 2021 16:35:23 +0200 Subject: [PATCH] Fix boolean flags envvars --- README.rst | 12 ++++++------ aws_google_auth/__init__.py | 27 +++++++-------------------- 2 files changed, 13 insertions(+), 26 deletions(-) diff --git a/README.rst b/README.rst index 268f03f..fb961fe 100644 --- a/README.rst +++ b/README.rst @@ -132,8 +132,8 @@ Usage usage: aws-google-auth [-h] [-u USERNAME | -b | --redirect-server] [-I IDP_ID] [-S SP_ID] [-R REGION] [-d DURATION | --auto-duration] [-p PROFILE] [-A ACCOUNT] [-D] [-q] [--bg-response BG_RESPONSE] [--saml-assertion SAML_ASSERTION] [--no-cache] [--print-creds] [--resolve-aliases] - [--save-failure-html] [--save-saml-flow] [--port PORT] [-a | -r ROLE_ARN] [-k] - [-l {debug,info,warn}] [-V] + [--save-failure-html] [--save-saml-flow] [--port PORT] [-a | -r ROLE_ARN] [-k] [-l {debug,info,warn}] + [-V] Acquire temporary AWS credentials via Google SSO @@ -141,7 +141,7 @@ Usage -h, --help show this help message and exit -u USERNAME, --username USERNAME Google Apps username ($GOOGLE_USERNAME) - -b, --browser Google login in the browser (Requires SAML redirect server) + -b, --browser Google login in the browser (Requires SAML redirect server) ($GOOGLE_BROWSER=1) --redirect-server Run the redirect server on port ($PORT) -I IDP_ID, --idp-id IDP_ID Google SSO IDP identifier ($GOOGLE_IDP_ID) @@ -151,7 +151,7 @@ Usage AWS region endpoint ($AWS_DEFAULT_REGION) -d DURATION, --duration DURATION Credential duration in seconds (defaults to value of $DURATION, then falls back to 43200) - --auto-duration Tries to use the longest allowed duration ($AUTO_DURATION) + --auto-duration Tries to use the longest allowed duration ($AUTO_DURATION=1) -p PROFILE, --profile PROFILE AWS profile (defaults to value of $AWS_PROFILE, then falls back to 'sts') -A ACCOUNT, --account ACCOUNT @@ -164,11 +164,11 @@ Usage Base64 encoded SAML assertion to use. --no-cache Do not cache the SAML Assertion. --print-creds Print Credentials. - --resolve-aliases Resolve AWS account aliases. + --resolve-aliases Resolve AWS account aliases. ($RESOLVE_AWS_ALIASES=1) --save-failure-html Write HTML failure responses to file for troubleshooting. --save-saml-flow Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting. --port PORT Port for the redirect server ($PORT) - -a, --ask-role Set true to always pick the role + -a, --ask-role Set true to always pick the role ($AWS_ASK_ROLE=1) -r ROLE_ARN, --role-arn ROLE_ARN The ARN of the role to assume -k, --keyring Use keyring for storing the password. diff --git a/aws_google_auth/__init__.py b/aws_google_auth/__init__.py index b3d52bd..381f9bf 100644 --- a/aws_google_auth/__init__.py +++ b/aws_google_auth/__init__.py @@ -33,7 +33,7 @@ def parse_args(args): parser.add_argument('-R', '--region', help='AWS region endpoint ($AWS_DEFAULT_REGION)') duration_group = parser.add_mutually_exclusive_group() duration_group.add_argument('-d', '--duration', type=int, help='Credential duration in seconds (defaults to value of $DURATION, then falls back to 43200)') - duration_group.add_argument('--auto-duration', action='store_true', help='Tries to use the longest allowed duration ($AUTO_DURATION)') + duration_group.add_argument('--auto-duration', action='store_true', help='Tries to use the longest allowed duration ($AUTO_DURATION=1)') parser.add_argument('-p', '--profile', help='AWS profile (defaults to value of $AWS_PROFILE, then falls back to \'sts\')') parser.add_argument('-A', '--account', help='Filter for specific AWS account.') parser.add_argument('-D', '--disable-u2f', action='store_true', help='Disable U2F functionality.') @@ -42,13 +42,13 @@ def parse_args(args): parser.add_argument('--saml-assertion', dest="saml_assertion", help='Base64 encoded SAML assertion to use.') parser.add_argument('--no-cache', dest="saml_cache", action='store_false', help='Do not cache the SAML Assertion.') parser.add_argument('--print-creds', action='store_true', help='Print Credentials.') - parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases.') + parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases. ($RESOLVE_AWS_ALIASES=1)') parser.add_argument('--save-failure-html', action='store_true', help='Write HTML failure responses to file for troubleshooting.') parser.add_argument('--save-saml-flow', action='store_true', help='Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting.') parser.add_argument('--port', type=int, help='Port for the redirect server ($PORT)') role_group = parser.add_mutually_exclusive_group() - role_group.add_argument('-a', '--ask-role', action='store_true', help='Set true to always pick the role') + role_group.add_argument('-a', '--ask-role', action='store_true', help='Set true to always pick the role ($AWS_ASK_ROLE=1)') role_group.add_argument('-r', '--role-arn', help='The ARN of the role to assume') parser.add_argument('-k', '--keyring', action='store_true', help='Use keyring for storing the password.') parser.add_argument('-l', '--log', dest='log_level', choices=['debug', @@ -110,10 +110,7 @@ def resolve_config(args): config.read(config.profile) # Ask Role (Option priority = ARGS, ENV_VAR, DEFAULT) - config.ask_role = bool(coalesce( - args.ask_role, - os.getenv('AWS_ASK_ROLE'), - config.ask_role)) + config.ask_role = args.ask_role or os.getenv('AWS_ASK_ROLE') != None # Duration (Option priority = ARGS, ENV_VAR, DEFAULT) config.duration = int(coalesce( @@ -122,11 +119,7 @@ def resolve_config(args): config.duration)) # Automatic duration (Option priority = ARGS, ENV_VAR, DEFAULT) - config.auto_duration = coalesce( - args.auto_duration, - os.getenv('AUTO_DURATION'), - config.auto_duration - ) + config.auto_duration = args.auto_duration or os.getenv('AUTO_DURATION') != None # IDP ID (Option priority = ARGS, ENV_VAR, DEFAULT) config.idp_id = coalesce( @@ -153,16 +146,10 @@ def resolve_config(args): config.sp_id) # U2F Disabled (Option priority = ARGS, ENV_VAR, DEFAULT) - config.u2f_disabled = coalesce( - args.disable_u2f, - os.getenv('U2F_DISABLED'), - config.u2f_disabled) + config.u2f_disabled = args.disable_u2f or os.getenv('U2F_DISABLED') # Resolve AWS aliases enabled (Option priority = ARGS, ENV_VAR, DEFAULT) - config.resolve_aliases = coalesce( - args.resolve_aliases, - os.getenv('RESOLVE_AWS_ALIASES'), - config.resolve_aliases) + config.resolve_aliases = args.resolve_aliases or os.getenv('RESOLVE_AWS_ALIASES') != None config.browser = args.browser or os.getenv('GOOGLE_BROWSER') != None