Major Codebase Refactor for Easier Maintenance #38
Conversation
|
Wow, only 4.8% increase? That's disappointing. |
|
I can't see any reason to not accept this work - looks really good, and setup much better to improve the quality of the testing. Only 4.8% is a good start, and will hopefully allow future enhancements to only improve on that value. I personally prefer storing the details in the What effort is there for adding that back in? |
|
+1 for maintaining AWS/config support. We have started using google auth with a read only profile and elevating to a rw role as needed, ala sudo. We use AWS-google-auth for the read only login, naming the profile, we then have additional profiles in the config file which are based off the ro one ( we use this between organisations as well) |
|
Sounds good @stevemac007 and @SamBarker - I will add the I do want to clarify though (for @SamBarker) the feature that I did remove (and will put back) is not writing the STS ( 👍 Thanks for the quick feedback folks. I'll get right on that change. |
- Changes configuration object to allow for empty creation, and added "raise_if_invalid()" function to determine if the config is good. - Added the ability to read from ~/.aws/config cached values.
2 similar comments
3 similar comments
|
Implemented feedback; coverage is looking sad, which is a reminder to write tests for the new persistence logic. |
1 similar comment
3 similar comments
|
Okay, this should be ready for another set of feedback. Please let me know your thoughts. |
|
Dropping 2.6 is fine so long as we can make sure that people running 2.6 get a Helpful Message which lets them know why the tool stopped working, and what to do about it. Otherwise, this PR looks shmick (which is a Good Thing) |
|
Okay, good feedback @nonspecialist - I will have it display a note if the user is on Python 2.6. |
|
I think my description is confusing, so I'll adjust it. Missing any default value for the |
|
Hmmm, okay. That's an interesting case. I'll take a look at that in the morning @nonspecialist. (I'm in the US - New York time zone) |
|
@nonspecialist I was able to reproduce the problem and I feel that 2a53e49 should solve your problem. That being said, I don't think we want the default to be |
3 similar comments
When no profile was specified, the code would take "None" as the default, instead of "sts", which caused issues as None is not a string. See #38 (comment)
3 similar comments
|
@mide sorry for the slow reply. Being back in front of the computer again I've just outlined our cross account usage a bit more on #42 (comment) hopefully that makes our current use case a bit clearer. |
|
@SamBarker - I think I'm a little lost, is that just for context, or do you expect changes from that comment? |
|
Just for context! Not expecting anything else at all.
On Wed, 17 Jan 2018 at 10:18, Mark Ide ***@***.***> wrote:
@SamBarker <https://github.com/sambarker> - I think I'm a little lost, is
that just for context, or do you expect changes from that comment?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#38 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACs8qkgdhcqIP9nf6u8oXi8t3NJYm1oDks5tLRIxgaJpZM4RWd6w>
.
--
[image: MahiFX]
Sam Barker
Senior Developer
…------------------------------
MahiFX
Level 3,
50 Victoria Street,
Christchurch, 8013
------------------------------
Mobile: +64 (0)21 1917157
Skype: sammahifx
[image: MFX Compass]
--
------------------------------
*IMPORTANT NOTICE*: MahiFX Limited (*MahiFX Ltd*) and MahiFX (UK) Limited (*MahiFX
(UK)*) are operating subsidiaries within the MahiFX group of companies
(collectively, the MahiFX Group). All references to “*MahiFX*” refer to the
MahiFX Group. MahiFX Limited is registered in New Zealand (Company no.
2446590, NZBusNo 9429031595070) and Australia (Australian registered body
number ARBN 152-535-085). MahiFX Limited is authorised and regulated under
the Australian Securities and Investment Commission (AFSL number 414198)
and the New Zealand Financial Markets Authority (FSPR number FSP197465).
MahiFX (UK) Limited is registered in the United Kingdom, (registered
company number 08107062). MahiFX (UK) Limited is authorised and regulated
under the Financial Conduct Authority (reference number 751019).
This email, its attachments and any rights attaching hereto are
confidential and intended exclusively for the person to whom the email is
addressed. If you are not the intended recipient, do not read, copy,
disclose or use the contents in any way. Please notify the sender by return
email and destroy the email and attachments immediately. MahiFX does not
accept any liability for any changes made to this email or attachments
after sending by MahiFX. You must scan this email and attachments for
viruses. The opinions expressed are not necessarily those of MahiFX. MahiFX
accepts no liability for any loss, damage or consequence, whether caused by
our own negligence or not, resulting directly or indirectly from the use of
this email and attachments.
For more information about MahiFX Limited see mahifx.com.
|
|
Great! Thank you! |
|
Excellent! Works for my bizarre-o 👍 |
|
Thanks! |
|
Looks great @mide - I've confirmed that my existing config works well. |
|
@stevemac007 Could we get a new python package please? |
|
@cliveza the travis build should publish a new package automatically, but TravisCI has had some problems over the past 24 hours. I'll check the build and kick it manually if need be |
|
@cliveza pypi and Docker tags have been updated |
Breaking Changes
pipdoesn't support 2.6 since fall 2016 Drop support for Python 2.6? pypa/pip#3955pytestdoesn't support 2.6 since fall 2017 finally drop python2.6 support pytest-dev/pytest#2812setuptoolsdoesn't support 2.6 since fall 2017 Drop support for Python 2.6 pypa/setuptools#8782.*support, but I'm not going that far yet.)Remove persistent (to file) profiles.Previously,(Edit: Per feedback in Major Codebase Refactor for Easier Maintenance #38, I will add this back in)aws-google-authwould write to a user's~/.aws/configfile and read the values when run the next time. I feel this adds a complexity in trying to configure the tool to determine defaults.aws-google-authsupports command line params, user input, environment variables and adding another may be too much to maintain. Of course, we can add this back if desired.Under-the-hood Changes
__init__.pyinto the following files (along with their purproses):google.pyis for all Google related functions. It includes the logic to perform the page scraping and SAML fetching.amazon.pyfor AWS related fucntions. This performs the role extraction from the SAML and performs the AWS API call to get the access tokens.configuration.py- This only maintains user options (anything the user specifies). Breaking this into it's own object allows us to perform much more robust testing and just pass around a single object instead of a handful of options.util.pyfor common toolingAdded the following tests
Flake8 Python style testing. This is added into the TravisCI build script (
.travis.yml).test_configuration.py:durationvalues get rejected.durationvalues are accepted.durationismax_durationask_rolevalues get rejected.ask_rolevalues are accepted.ask_roleis an optional setting.idp_idvalues get rejected.idp_idvalues are accepted.sp_idvalues get rejected.usernamevalues are accepted.usernamevalues get rejected.sp_idvalues are accepted.profileisstsprofilevalues get rejected.profilevalues are accepted.regionvalues get rejected.regionvalues are accepted.regionisap_southeast_2role_arnvalues get rejected.role_arn_isis an optional setting.role_arnvalues are accepted.u2f_disabledvalues get rejected.u2f_disabledvalues are accepted.u2f_disabled_isis an optional setting.test_amazon.pystsbotoclient properly returns an STS client object.Needed Work
In order to get tests to pass, I had to ignore Flake8 rule E722. We should go back and determine what the correct exceptions are to catch and only catch those.
Note
Please don't feel you need to accept this, but do please let me know. If this breaks Cevo's workflows, I may just end up maintaining my own fork.