Merge pull request #74 from mverkerk-godaddy/add-expiration-to-output

adding credential expiration to output
godaddy · Nov 5, 2024 · 8cd4861 · 8cd4861
2 parents 86b630e + 206fa28
commit 8cd4861
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 16 deletions.
diff --git a/aws_okta_processor/commands/authenticate.py b/aws_okta_processor/commands/authenticate.py
@@ -48,21 +48,24 @@
 UNIX_EXPORT_STRING = (
     "export AWS_ACCESS_KEY_ID='{}' && "
     "export AWS_SECRET_ACCESS_KEY='{}' && "
-    "export AWS_SESSION_TOKEN='{}'"
+    "export AWS_SESSION_TOKEN='{}' && "
+    "export AWS_CREDENTIAL_EXPIRATION='{}'"
 )
 
 # Template for Fish shell
 UNIX_FISH_EXPORT_STRING = (
     "set --export AWS_ACCESS_KEY_ID '{}'; and "
     "set --export AWS_SECRET_ACCESS_KEY '{}'; and "
-    "set --export AWS_SESSION_TOKEN '{}';"
+    "set --export AWS_SESSION_TOKEN '{}'; and "
+    "set --export AWS_CREDENTIAL_EXPIRATION '{}';"
 )
 
 # Template for Windows PowerShell
 NT_EXPORT_STRING = (
     "$env:AWS_ACCESS_KEY_ID='{}'; "
     "$env:AWS_SECRET_ACCESS_KEY='{}'; "
-    "$env:AWS_SESSION_TOKEN='{}'"
+    "$env:AWS_SESSION_TOKEN='{}'; "
+    "$env:AWS_CREDENTIAL_EXPIRATION='{}'"
 )
 
 # Map command-line options to environment variable names.
@@ -163,6 +166,7 @@ def nt_output(self, credentials):
             credentials["AccessKeyId"],
             credentials["SecretAccessKey"],
             credentials["SessionToken"],
+            credentials["Expiration"]
         )
 
     def unix_output(self, credentials):
@@ -188,6 +192,7 @@ def unix_output(self, credentials):
             credentials["AccessKeyId"],
             credentials["SecretAccessKey"],
             credentials["SessionToken"],
+            credentials["Expiration"]
         )
 
     def get_pass(self):

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "aws-okta-processor"
-version = "1.9.3"
+version = "1.10.0"
 description = "Resource for fetching AWS Role credentials from Okta"
 authors = ["Cloud Platform Solutions <[email protected]>"]
 readme = "README.rst"

diff --git a/tests/commands/test_authenticate.py b/tests/commands/test_authenticate.py
@@ -10,7 +10,8 @@
 CREDENTIALS = {
     "AccessKeyId": "access_key_id",
     "SecretAccessKey": "secret_access_key",
-    "SessionToken": "session_token"
+    "SessionToken": "session_token",
+    "Expiration": "expiration"
 }
 
 
@@ -35,6 +36,7 @@ def test_run(self, mock_print):
             '{"AccessKeyId": "access_key_id", '
             '"SecretAccessKey": "secret_access_key", '
             '"SessionToken": "session_token", '
+            '"Expiration": "expiration", '
             '"Version": 1}'
         )
 
@@ -50,7 +52,8 @@ def test_run_nt(self, mock_print, mock_os):
         mock_print.assert_called_once_with(
             "$env:AWS_ACCESS_KEY_ID='access_key_id'; "
             "$env:AWS_SECRET_ACCESS_KEY='secret_access_key'; "
-            "$env:AWS_SESSION_TOKEN='session_token'"
+            "$env:AWS_SESSION_TOKEN='session_token'; "
+            "$env:AWS_CREDENTIAL_EXPIRATION='expiration'"
         )
 
     @patch("aws_okta_processor.commands.authenticate.os")
@@ -65,7 +68,8 @@ def test_run_linux(self, mock_print, mock_os):
         mock_print.assert_called_once_with(
             "export AWS_ACCESS_KEY_ID='access_key_id' && "
             "export AWS_SECRET_ACCESS_KEY='secret_access_key' && "
-            "export AWS_SESSION_TOKEN='session_token'"
+            "export AWS_SESSION_TOKEN='session_token' && "
+            "export AWS_CREDENTIAL_EXPIRATION='expiration'"
         )
 
     def test_get_configuration_env(self):
@@ -81,9 +85,10 @@ def test_output_export_command_with_fish_as_target_shell(self):
         self.OPTIONS["--target-shell"] = "fish"
         auth = Authenticate(self.OPTIONS)
         credentials = {
-            "AccessKeyId": "XXXXX",
-            "SecretAccessKey": "YYYYY",
-            "SessionToken": "ZZZZZ"
+            "AccessKeyId": "WWWWW",
+            "SecretAccessKey": "XXXXX",
+            "SessionToken": "YYYYY",
+            "Expiration": "ZZZZZ"
         }
         self.assertNotIsInstance(
             auth.unix_output(credentials).index("set --export"),
@@ -95,9 +100,10 @@ def test_output_export_command_with_default_target_shell(self):
 
         auth = Authenticate(self.OPTIONS)
         credentials = {
-            "AccessKeyId": "XXXXX",
-            "SecretAccessKey": "YYYYY",
-            "SessionToken": "ZZZZZ"
+            "AccessKeyId": "WWWWW",
+            "SecretAccessKey": "XXXXX",
+            "SessionToken": "YYYYY",
+            "Expiration": "ZZZZZ"
         }
         self.assertNotIsInstance(
             auth.unix_output(credentials).index("export "),
@@ -113,9 +119,10 @@ def test_output_export_command_for_windows(self):
 
         auth = Authenticate(self.OPTIONS)
         credentials = {
-            "AccessKeyId": "XXXXX",
-            "SecretAccessKey": "YYYYY",
-            "SessionToken": "ZZZZZ"
+            "AccessKeyId": "WWWWW",
+            "SecretAccessKey": "XXXXX",
+            "SessionToken": "YYYYY",
+            "Expiration": "ZZZZZ"
         }
         self.assertNotIsInstance(
             auth.nt_output(credentials).index("$env:"),