only match against the account alias

godaddy · Dec 10, 2020 · 934983e · 934983e
1 parent 84c8e80
commit 934983e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/src/aws_okta_processor/__init__.py b/src/aws_okta_processor/__init__.py
@@ -1 +1 @@
-__version__ = '1.5.2'
+__version__ = '1.5.3'
diff --git a/src/aws_okta_processor/core/saml.py b/src/aws_okta_processor/core/saml.py
@@ -57,7 +57,8 @@ def get_aws_roles(saml_assertion=None, accounts_filter=None):
         for account_role in account_roles:
             account_name = account_role.account_name
             if accounts_filter is not None and len(accounts_filter) > 0:
-                if fnmatch(account_name, accounts_filter) is False:
+                account_name_alias = account_name.split(" ")[1]
+                if not fnmatch(account_name_alias, accounts_filter):
                     continue
 
             role_arn = account_role.role_arn

diff --git a/tests/core/test_fetcher.py b/tests/core/test_fetcher.py
@@ -57,7 +57,7 @@ def assume_role_side_effect(*args, **kwargs):
                 }
             raise RuntimeError('invalid RoleArn')
 
-        self.OPTIONS["--account-alias"] = '* 1'
+        self.OPTIONS["--account-alias"] = '1*'
         self.OPTIONS["--pass"] = 'testpass'
 
         mock_c = mock.Mock()