washingtonpost / clokta Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
publish to pypi? README says: pip3 install clokta
Similar to multifactor_preference
, it would be great to have a role_preference
as well.
1 - AWS-WPIT_EC2-S3-RDS_Admin
2 - AWS-WPIT_DevAdmin
Choose a Role ARN to use: 2
This would prevent one from having to choose the Role ARN each time for certain AWS accounts.
Currently it gives me an error:
Unexpected error: 'sessionToken'
I thought it was a clokta issue. Turns out, my password just expired.
Lines 163 to 175 in bdf7b59
The value of mfa_response
looks like:
{'_embedded': {'policy': {'age': {'historyCount': 24, 'minAgeMinutes': 1440},
'complexity': {'excludeAttributes': ['firstName',
'lastName'],
'excludeUsername': True,
'minLength': 15,
'minLowerCase': 1,
'minNumber': 1,
'minSymbol': 1,
'minUpperCase': 1}},
'user': {'id': '****************',
'profile': {'firstName': 'Al',
'lastName': 'Johri',
'locale': 'en',
'login': '****************',
'timeZone': 'America/Los_Angeles'}}},
'_links': {'cancel': {'hints': {'allow': ['POST']},
'href': 'https://washpost.okta.com/api/v1/authn/cancel'},
'next': {'hints': {'allow': ['POST']},
'href': 'https://washpost.okta.com/api/v1/authn/credentials/change_password',
'name': 'changePassword'}},
'expiresAt': '2019-02-18T17:09:29.000Z',
'stateToken': '****************',
'status': 'PASSWORD_EXPIRED'}
My graphics colleague @helloeujin got a botocore.exceptions.EndpointConnectionError
when running clokta --profile pub
.
The error happened inside clokta/role_assumer.py, line 58, in assume_role(). It seems it was trying to connect to a url in the form "https://sts.[long alphanumeric string].amazonaws.com/"
Any ideas? She is using SMS for two factor, if that matters. I've pasted a screenshot in #aws-automation with the full error stack (I'm wary of pasting it in this public repo just in case).
Thanks!
Recently push notifications for Okta Verify stopped being sent, instead I was prompted for the passcode. Decided to reach out in #aws-automation on Slack.
Erik Reyna directed me to ~/.clokta/clokta.cfg
where multifactor_preference
was set to "Okta Verify" when it had previously been "Okta Verify with Push". Updating that fixed my issue and push notifications began working again.
After that Robert Antonucci suggested this issue be created. His words:
It’s probably bad that we list “Okta Verify” before “Okta Verify with Push” in the options as no one uses “Okta Verify” but new people think they do. @kevin.rux You should enter a GitHub issue in the clokta Github project requesting a better order.
Can the order of the options change to:
It appears that Okta has changed their default behavior of apps on the dashboard so they no longer append the ?fromHome=true
url parameter. Without that url parameter, the regex parsing fails, returning this error:
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Theoretically the regex match should be fine without the url parameter; but, maybe the argument is coming in with some extra character at the end (new line, space, something?), and without the url parameter that messes it up?
If you add the ?fromHome=true
text to the end of the url, it then accepts the url and finishes creating the profile.
In the last couple of months, Okta redesigned its interface.
Now when you go to copy a URL for an AWS account for instance it will look like this:
https://xxx.okta.com/home/amazon_aws/xxxxxxxx/272
Where it used to look something like this:
https://xxx.okta.com/home/amazon_aws/xxxxxxxx/272?fromHome=true
When setting up a new profile and you paste the url and will recieve this error.
❯ clokta --profile test
No profile "test" in clokta.cfg, but enter the information and clokta will create a profile.
Copy the link from the Okta App: https://xxx.okta.com/home/amazon_aws/xxxxxxxxx/272
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Full traceback:
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.9/bin/clokta", line 8, in <module>
sys.exit(assume_role())
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/cloktacli.py", line 40, in assume_role
assumer.assume_role(reset_default_role=no_default_role)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/role_assumer.py", line 34, in assume_role
clokta_config = CloktaConfiguration(profile_name=self.profile,
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/clokta_configuration.py", line 47, in __init__
self.__initialize_configuration()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/clokta_configuration.py", line 177, in __initialize_configuration
raise ValueError("Invalid URL")
ValueError: Invalid URL
export AWS_PROFILE=test
clokta -p test
ProfileNotFound
Also, you can try deleting the ~/.aws and ~/.clokta directories
Clokta has a minor issue where it expects ?fromHome=true
at the end of any Okta url that is copied from Guidepost and pasted in to the terminal set up a profile. Is there a reason for this? I've had to append ?fromHome=true
to copied Okta tile urls manually a couple times recently to get things working.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.