Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add duration parameter #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add duration parameter #9

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions lp-aws-saml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python2
# -*- coding: utf8 -*-
#
# Amazon Web Services CLI - LastPass SAML integration
Expand Down Expand Up @@ -249,12 +249,13 @@ def prompt_for_role(roles):
return roles[choice - 1]


def aws_assume_role(session, assertion, role_arn, principal_arn):
def aws_assume_role(session, assertion, role_arn, principal_arn, duration):
client = boto3.client('sts')
return client.assume_role_with_saml(
RoleArn=role_arn,
PrincipalArn=principal_arn,
SAMLAssertion=b64encode(assertion))
SAMLAssertion=b64encode(assertion),
DurationSeconds=duration)


def aws_set_profile(profile_name, response):
Expand Down Expand Up @@ -297,17 +298,24 @@ def main():
help='the lastpass SAML config id')
parser.add_argument('--profile-name', dest='profile_name',
help='the name of AWS profile to save the data in (default username)')
parser.add_argument('--duration', dest='duration', type=int,
help='the duration, in seconds, of the role session (default 3600)')

args = parser.parse_args()

username = args.username
saml_cfg_id = args.saml_config_id

if args.profile_name is not None:
profile_name = args.profile_name
else:
profile_name = username


if args.duration is not None:
duration = args.duration
else:
duration = 3600

password = getpass()

session = requests.Session()
Expand All @@ -323,15 +331,15 @@ def main():

role = prompt_for_role(roles)

response = aws_assume_role(session, assertion, role[0], role[1])
response = aws_assume_role(session, assertion, role[0], role[1], duration)
aws_set_profile(profile_name, response)

print "A new AWS CLI profile '%s' has been added." % profile_name
print "You may now invoke the aws CLI tool as follows:"
print
print " aws --profile %s [...] " % profile_name
print
print "This token expires in one hour."
print "This token expires in %d seconds." % duration


if __name__ == "__main__":
Expand Down