Merge pull request #1 from beeva/nomfa

Nomfa #1 merged
WesleyDevLab · Jun 19, 2015 · f4e37b4 · f4e37b4
2 parents cd26383 + eed3349
commit f4e37b4
Showing 1 changed file with 22 additions and 15 deletions.
diff --git a/anwbis/anwbis.py b/anwbis/anwbis.py
@@ -44,6 +44,7 @@
         choices=['developer', 'devops', 'admin'])
 parser.add_argument('--region', required=False, action = 'store', help = 'Set region for EC2', default=False,
         choices=['eu-west-1', 'us-east-1', 'us-west-1'])
+parser.add_argument('--nomfa', required=False, action='store_true', help='Disables Multi-Factor Authenticacion', default=False)
 parser.add_argument('--browser', '-b', required=False, action = 'store', help = 'Set browser to use', default=False,
             choices=['firefox','chrome','link','default', 'chromium'])
 parser.add_argument('--list', '-l', required=False, action = 'store', help = 'List available instances', default=False,
@@ -179,8 +180,14 @@ def save_credentials(access_key,  session_key,  session_token, role_session_name
             "session_token": session_token } } } }
             json.dump(data, json_file)
 
-def get_sts_token(sts_connection, role_arn, mfa_token, mfa_serial_number, role_session_name, project_name, environment_name, role_name):
+def get_sts_token(sts_connection, role_arn, mfa_serial_number, role_session_name, project_name, environment_name, role_name):
     try:
+
+        if not args.nomfa:
+            mfa_token = raw_input("Enter the MFA code: ")
+        else:
+            mfa_token = None
+
         assumed_role_object = sts_connection.assume_role(
             role_arn=role_arn,
             role_session_name=role_session_name,
@@ -467,7 +474,10 @@ def token(self):
         colormsg("You are authenticated as " + role_session_name, "ok")
 
         #MFA
-        mfa_serial_number = "arn:aws:iam::"+account_id+":mfa/"+role_session_name
+        if not args.nomfa:
+            mfa_serial_number = "arn:aws:iam::"+account_id+":mfa/"+role_session_name
+        else:
+            mfa_serial_number = None
 
         # Create an ARN out of the information provided by the user.
         role_arn = "arn:aws:iam::" + account_id_from_user + ":role/"
@@ -480,11 +490,12 @@ def token(self):
             sts_connection = STSConnection()
 
         # Assume the role
-        verbose("Assuming role "+ role_arn+ " using MFA device " + mfa_serial_number + "...")
-        colormsg("Assuming role "+ role+ " from project "+ project+ " using MFA device from user "+ role_session_name+ "...", "normal")
-
-        json_data = None
-        json_file = None
+        if not args.nomfa:
+            verbose("Assuming role "+ role_arn+ " using MFA device " + mfa_serial_number + "...")
+            colormsg("Assuming role "+ role+ " from project "+ project+ " using MFA device from user "+ role_session_name+ "...", "normal")
+        else:
+            verbose("Assuming role "+ role_arn+ "...")
+            colormsg("Assuming role "+ role+ " from project "+ project+ " from user "+ role_session_name+ "...", "normal")
 
         if os.path.isfile(os.path.expanduser('~/.anwbis')):
             #print "existe"
@@ -498,26 +509,22 @@ def token(self):
 
                     #check if the token has expired
                     if int(time.time()) - int(anwbis_last_timestamp) > 3600 :
+
                         #print "token has expired"
-                        mfa_token = raw_input("Enter the MFA code: ")
-                        sts_token = get_sts_token(sts_connection, role_arn, mfa_token, mfa_serial_number, role_session_name, project, env, role)
+                        sts_token = get_sts_token(sts_connection, role_arn, mfa_serial_number, role_session_name, project, env, role)
 
                     else:
                         #print "token has not expired, trying to login..."
                         login_to_fedaccount(json_data["access_key"], json_data["session_key"], json_data["session_token"], json_data["role_session_name"])
                         sts_token = {'access_key':json_data["access_key"], 'session_key':json_data["session_key"], 'session_token': json_data["session_token"], 'role_session_name': json_data["role_session_name"]}
 
                 else:
-
-                    mfa_token = raw_input("Enter the MFA code: ")
-                    sts_token = get_sts_token(sts_connection, role_arn, mfa_token, mfa_serial_number, role_session_name, project, env, role)
+                    sts_token = get_sts_token(sts_connection, role_arn, mfa_serial_number, role_session_name, project, env, role)
 
         else:
             #print ".anwbis configuration file doesnt exists"
-            # Prompt for MFA one-time-password and assume role
             print "role is " +  role
-            mfa_token = raw_input("Enter the MFA code: ")
-            sts_token = get_sts_token(sts_connection, role_arn, mfa_token, mfa_serial_number, role_session_name, project, env, role)
+            sts_token = get_sts_token(sts_connection, role_arn, mfa_serial_number, role_session_name, project, env, role)
 
         return sts_token