From 934983e09252df0d757081b6c4d8d984251b8949 Mon Sep 17 00:00:00 2001
From: thoward <thoward@godaddy.com>
Date: Thu, 10 Dec 2020 13:36:55 -0700
Subject: [PATCH] only match against the account alias

---
 src/aws_okta_processor/__init__.py  | 2 +-
 src/aws_okta_processor/core/saml.py | 3 ++-
 tests/core/test_fetcher.py          | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/aws_okta_processor/__init__.py b/src/aws_okta_processor/__init__.py
index c3b3841..0bb84ff 100644
--- a/src/aws_okta_processor/__init__.py
+++ b/src/aws_okta_processor/__init__.py
@@ -1 +1 @@
-__version__ = '1.5.2'
+__version__ = '1.5.3'
diff --git a/src/aws_okta_processor/core/saml.py b/src/aws_okta_processor/core/saml.py
index 3f53a6f..b3c8a95 100644
--- a/src/aws_okta_processor/core/saml.py
+++ b/src/aws_okta_processor/core/saml.py
@@ -57,7 +57,8 @@ def get_aws_roles(saml_assertion=None, accounts_filter=None):
         for account_role in account_roles:
             account_name = account_role.account_name
             if accounts_filter is not None and len(accounts_filter) > 0:
-                if fnmatch(account_name, accounts_filter) is False:
+                account_name_alias = account_name.split(" ")[1]
+                if not fnmatch(account_name_alias, accounts_filter):
                     continue
 
             role_arn = account_role.role_arn
diff --git a/tests/core/test_fetcher.py b/tests/core/test_fetcher.py
index 8fd7589..517f6e0 100644
--- a/tests/core/test_fetcher.py
+++ b/tests/core/test_fetcher.py
@@ -57,7 +57,7 @@ def assume_role_side_effect(*args, **kwargs):
                 }
             raise RuntimeError('invalid RoleArn')
 
-        self.OPTIONS["--account-alias"] = '* 1'
+        self.OPTIONS["--account-alias"] = '1*'
         self.OPTIONS["--pass"] = 'testpass'
 
         mock_c = mock.Mock()