washingtonpost / clokta Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
clokta's People
Contributors
Stargazers
Watchers
clokta's Issues
publish to pypi?
publish to pypi? README says: pip3 install clokta
add role_preference
Similar to multifactor_preference, it would be great to have a role_preference as well.
1 - AWS-WPIT_EC2-S3-RDS_Admin
2 - AWS-WPIT_DevAdmin
Choose a Role ARN to use: 2
This would prevent one from having to choose the Role ARN each time for certain AWS accounts.
catch PASSWORD_EXPIRED status
Currently it gives me an error:
Unexpected error: 'sessionToken'
I thought it was a clokta issue. Turns out, my password just expired.
Lines 163 to 175 in bdf7b59
The value of mfa_response looks like:
{'_embedded': {'policy': {'age': {'historyCount': 24, 'minAgeMinutes': 1440},
'complexity': {'excludeAttributes': ['firstName',
'lastName'],
'excludeUsername': True,
'minLength': 15,
'minLowerCase': 1,
'minNumber': 1,
'minSymbol': 1,
'minUpperCase': 1}},
'user': {'id': '****************',
'profile': {'firstName': 'Al',
'lastName': 'Johri',
'locale': 'en',
'login': '****************',
'timeZone': 'America/Los_Angeles'}}},
'_links': {'cancel': {'hints': {'allow': ['POST']},
'href': 'https://washpost.okta.com/api/v1/authn/cancel'},
'next': {'hints': {'allow': ['POST']},
'href': 'https://washpost.okta.com/api/v1/authn/credentials/change_password',
'name': 'changePassword'}},
'expiresAt': '2019-02-18T17:09:29.000Z',
'stateToken': '****************',
'status': 'PASSWORD_EXPIRED'}boto EndpointConnectionError in assume_role()
My graphics colleague @helloeujin got a botocore.exceptions.EndpointConnectionError when running clokta --profile pub.
The error happened inside clokta/role_assumer.py, line 58, in assume_role(). It seems it was trying to connect to a url in the form "https://sts.[long alphanumeric string].amazonaws.com/"
Any ideas? She is using SMS for two factor, if that matters. I've pasted a screenshot in #aws-automation with the full error stack (I'm wary of pasting it in this public repo just in case).
Thanks!
Improve order of "Okta Verify", "Okta Verify with Push" in options
Recently push notifications for Okta Verify stopped being sent, instead I was prompted for the passcode. Decided to reach out in #aws-automation on Slack.
Erik Reyna directed me to ~/.clokta/clokta.cfg where multifactor_preference was set to "Okta Verify" when it had previously been "Okta Verify with Push". Updating that fixed my issue and push notifications began working again.
After that Robert Antonucci suggested this issue be created. His words:
It’s probably bad that we list “Okta Verify” before “Okta Verify with Push” in the options as no one uses “Okta Verify” but new people think they do. @kevin.rux You should enter a GitHub issue in the clokta Github project requesting a better order.
Can the order of the options change to:
- "Okta Verify with Push"
- "Okta Verify"
Okta change makes regex url checking break
It appears that Okta has changed their default behavior of apps on the dashboard so they no longer append the ?fromHome=true url parameter. Without that url parameter, the regex parsing fails, returning this error:
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Theoretically the regex match should be fine without the url parameter; but, maybe the argument is coming in with some extra character at the end (new line, space, something?), and without the url parameter that messes it up?
If you add the ?fromHome=true text to the end of the url, it then accepts the url and finishes creating the profile.
New Okta interface removes `fromHome=true` URL parameter resulting in an error
About
In the last couple of months, Okta redesigned its interface.
Now when you go to copy a URL for an AWS account for instance it will look like this:
https://xxx.okta.com/home/amazon_aws/xxxxxxxx/272
Where it used to look something like this:
https://xxx.okta.com/home/amazon_aws/xxxxxxxx/272?fromHome=true
When setting up a new profile and you paste the url and will recieve this error.
❯ clokta --profile test
No profile "test" in clokta.cfg, but enter the information and clokta will create a profile.
Copy the link from the Okta App: https://xxx.okta.com/home/amazon_aws/xxxxxxxxx/272
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Full traceback:
Invalid App URL. URL usually of the form https://xxxxxxxx.okta.com/.../272?fromHome=true
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.9/bin/clokta", line 8, in <module>
sys.exit(assume_role())
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/cloktacli.py", line 40, in assume_role
assumer.assume_role(reset_default_role=no_default_role)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/role_assumer.py", line 34, in assume_role
clokta_config = CloktaConfiguration(profile_name=self.profile,
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/clokta_configuration.py", line 47, in __init__
self.__initialize_configuration()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/clokta/clokta_configuration.py", line 177, in __initialize_configuration
raise ValueError("Invalid URL")
ValueError: Invalid URL
Unable to register a profile if the AWS_PROFILE is set with the name profile
- set the env variable AWS_PROFILE like test
export AWS_PROFILE=test
- Create the clokta profile
clokta -p test
- Save and you willl see the botocore error for
ProfileNotFound
Also, you can try deleting the ~/.aws and ~/.clokta directories
Clokta incorrectly expecting `?fromHome=true` at end of copy-and-pasted Okta tile urls
Clokta has a minor issue where it expects ?fromHome=true at the end of any Okta url that is copied from Guidepost and pasted in to the terminal set up a profile. Is there a reason for this? I've had to append ?fromHome=true to copied Okta tile urls manually a couple times recently to get things working.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.