Support alternative AWS account types (#29)

* support region flag * revert editor formatting * tab more
godaddy · Oct 30, 2020 · 671b264 · 671b264
1 parent 72762b0
commit 671b264
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 2 deletions.
diff --git a/README.rst b/README.rst
@@ -128,6 +128,8 @@ role          --role          AWS_OKTA_ROLE          AWS Role ARN
 ------------- --------------- ---------------------- ----------------------------------------
 account_alias --account-alias AWS_OKTA_ACCOUNT_ALIAS AWS Account Filter
 ------------- --------------- ---------------------- ----------------------------------------
+region        --region        AWS_OKTA_REGION        AWS Region
+------------- --------------- ---------------------- ----------------------------------------
 duration      --duration      AWS_OKTA_DURATION      Duration in seconds for AWS session
 ------------- --------------- ---------------------- ----------------------------------------
 key           --key           AWS_OKTA_KEY           Key used in generating AWS session cache

diff --git a/src/aws_okta_processor/cli.py b/src/aws_okta_processor/cli.py
@@ -5,7 +5,7 @@
   aws-okta-processor authenticate [--environment] [--organization=<okta_organization>]
                                   [--user=<user_name>] [--pass=<user_pass>]
                                   [--application=<okta_application>]
-                                  [--role=<role_name>]
+                                  [--role=<role_name>][--region=<region_name>]
                                   [--account-alias=<account_alias>]
                                   [--duration=<duration_seconds>]
                                   [--key=<key>]
@@ -27,6 +27,7 @@
   -o <okta_organization> --organization=<okta_organization>  Okta organization domain.
   -a <okta_application> --application=<okta_application>     Okta application url.
   -r <role_name> --role=<role_name>                          AWS role ARN.
+  -R <region_name> --region=<region_name>                    AWS region name.
   -A <account> --account-alias=<account>                     AWS account alias filter (uses wildcards).
   -d <duration_seconds> --duration=<duration_seconds>        Duration of role session [default: 3600].
   -k <key> --key=<key>                                       Key used for generating and accessing cache.

diff --git a/src/aws_okta_processor/commands/authenticate.py b/src/aws_okta_processor/commands/authenticate.py
@@ -29,6 +29,7 @@
             "--organization": "AWS_OKTA_ORGANIZATION",
             "--application": "AWS_OKTA_APPLICATION",
             "--role": "AWS_OKTA_ROLE",
+            "--region": "AWS_OKTA_REGION",
             "--duration": "AWS_OKTA_DURATION",
             "--key": "AWS_OKTA_KEY",
             "--factor": "AWS_OKTA_FACTOR",
@@ -46,6 +47,7 @@
             "AWS_OKTA_ORGANIZATION": "organization",
             "AWS_OKTA_APPLICATION": "application",
             "AWS_OKTA_ROLE": "role",
+            "AWS_OKTA_REGION": "region",
             "AWS_OKTA_DURATION": "duration",
             "AWS_OKTA_KEY": "key",
             "AWS_OKTA_FACTOR": "factor",

diff --git a/src/aws_okta_processor/core/fetcher.py b/src/aws_okta_processor/core/fetcher.py
@@ -50,7 +50,8 @@ def _get_credentials(self):
             'sts',
             aws_access_key_id='',
             aws_secret_access_key='',
-            aws_session_token=''
+            aws_session_token='',
+            region_name=self._configuration["AWS_OKTA_REGION"]
         )
 
         okta = Okta(

diff --git a/tests/test_base.py b/tests/test_base.py
@@ -33,6 +33,7 @@ def setUp(self):
             "--organization": "org.okta.com",
             "--application": None,
             "--role": None,
+            "--region": None,
             "--key": "key",
             "--duration": "3600",
             "--factor": None,