Merge pull request #79 from britive/develop

v1.4.0rc1

Author: twratl

CHANGELOG.md

@@ -1,6 +1,26 @@
 # Change Log
 
-All changes to the package starting with v0.3.1 will be logged here.
+* All changes to the package starting with v0.3.1 will be logged here.
+* As of v1.4.0 release candidates will be published in an effort to get new features out faster while still allowing time for full QA testing before moving the release candidate to a full release.
+
+## v1.4.0rc1 [2023-05-09]
+#### What's New
+* Command `request approve`
+* Command `request reject`
+* Command `ls approvals`
+
+#### Enhancements
+* None
+
+#### Bug Fixes
+* Resolved issue with profile alias names which included uppercase and special characters.
+* Resolved an issue with `checkout --mode browser-*` that was not actually launching the browser.
+
+#### Dependencies
+* `britive>=2.19.0`
+
+#### Other
+* None
 
 ## v1.3.0 [2023-03-28]
 #### What's New

requirements.txt

@@ -1,4 +1,4 @@
-britive>=2.18.0
+britive>=2.19.0
 certifi>=2022.12.7
 charset-normalizer==2.1.0
 click==8.1.3

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = pybritive
-version = 1.3.0
+version = 1.4.0rc1
 author = Britive Inc.
 author_email = support@britive.com
 description = A pure Python CLI for Britive
@@ -26,7 +26,7 @@ install_requires =
     toml
     cryptography~=39.0.1
     python-dateutil
-    britive>=2.18.0
+    britive>=2.19.0
     jmespath
     pyjwt
 

src/pybritive/britive_cli.py

@@ -205,6 +205,26 @@ def list_secrets(self):
         self.login()
         self.print(self.b.my_secrets.list(), ignore_silent=True)
 
+    def list_approvals(self):
+        self.login()
+        approvals = []
+        for approval in self.b.my_access.list_approvals():
+            approval.pop('resource', None)
+            approval.pop('consumer', None)
+            approval.pop('timeToApprove', None)
+            approval.pop('validFor', None)
+            approval.pop('action', None)
+            approval.pop('approvers', None)
+            approval.pop('expirationTimeApproval', None)
+            approval.pop('updatedAt', None)
+            approval.pop('actionBy', None)
+            approval.pop('validForInDays', None)
+            approvals.append(approval)
+
+        approvals = sorted(approvals, key=lambda x: x['createdAt'])
+        approvals.reverse()
+        self.print(approvals, ignore_silent=True)
+
     def list_profiles(self, checked_out: bool = False):
         self.login()
         self._set_available_profiles()
@@ -415,7 +435,7 @@ def _should_check_force_renew(app, force_renew, console):
         return app in ['AWS', 'AWS Standalone'] and force_renew and not console
 
     def _split_profile_into_parts(self, profile):
-        profile_real = self.config.profile_aliases.get(profile, profile)
+        profile_real = self.config.profile_aliases.get(profile.lower(), profile)
         parts = profile_split(profile_real)
         if len(parts) == 2:  # handle shortcut for profiles where the app and environment name are the same
             parts = [parts[0], parts[0], parts[1]]
@@ -438,7 +458,7 @@ def checkout(self, alias, blocktime, console, justification, mode, maxpolltime,
 
         # these 2 modes implicitly say that console access should be checked out without having to provide
         # the --console flag
-        if mode in ['browser', 'console']:
+        if mode == 'console' or mode.startswith('browser'):
             console = True
 
         self._validate_justification(justification)
@@ -1003,4 +1023,10 @@ def aws_console(profile, duration, browser):
         browser = webbrowser.get(using=browser)
         browser.open(console_url)
 
+    def request_disposition(self, request_id, decision):
+        self.login()
 
+        if decision == 'approve':
+            self.b.my_access.approve_request(request_id=request_id)
+        if decision == 'reject':
+            self.b.my_access.reject_request(request_id=request_id)

src/pybritive/commands/ls.py

@@ -41,4 +41,9 @@ def secrets(ctx, output_format, tenant, token, silent, passphrase, federation_pr
     ctx.obj.britive.list_secrets()
 
 
-
+@ls.command()
+@build_britive
+@britive_options(names='format,tenant,token,silent,passphrase,federation_provider')
+def approvals(ctx, output_format, tenant, token, silent, passphrase, federation_provider):
+    """List approvals for the currently authenticated identity."""
+    ctx.obj.britive.list_approvals()

src/pybritive/commands/request.py

@@ -47,3 +47,34 @@ def withdraw(ctx, tenant, token, silent, passphrase, federation_provider, profil
     ctx.obj.britive.request_withdraw(
         profile=profile
     )
+
+
+@request.command()
+@build_britive
+@britive_options(names='tenant,token,silent,passphrase,federation_provider')
+@click.argument('request-id')
+def approve(ctx, tenant, token, silent, passphrase, federation_provider, request_id):
+    """Approve a request to checkout a profile.
+
+    This command takes 1 required argument `request-id`. Find the `request-id` via `ls approvals`.
+    """
+
+    ctx.obj.britive.request_disposition(
+        request_id=request_id,
+        decision='approve'
+    )
+
+@request.command()
+@build_britive
+@britive_options(names='tenant,token,silent,passphrase,federation_provider')
+@click.argument('request-id')
+def reject(ctx, tenant, token, silent, passphrase, federation_provider, request_id):
+    """Reject a request to checkout a profile.
+
+    This command takes 1 required argument `request-id`. Find the `request-id` via `ls approvals`.
+    """
+
+    ctx.obj.britive.request_disposition(
+        request_id=request_id,
+        decision='reject'
+    )

src/pybritive/helpers/cloud_credential_printer.py

@@ -31,43 +31,41 @@ def __init__(self, app_type, console, mode, profile, silent, credentials, cli):
         self.console = console
         mode = mode or 'json'  # set a default if nothing is provided via flag --mode/-m
         helper = mode.split('-')
-        env_prefix = helper[1] if 1 < len(helper) else None
         self.mode = helper[0]
+        self.mode_modifier = safe_list_get(mode.split('-', maxsplit=1), 1, None)
         self.credentials = credentials
-        self.on_windows = True if platform.system().lower() == 'windows' else False
-        if env_prefix:
-            self.env_command = env_options[env_prefix]
-        else:
-            self.env_command = env_options['wincmd'] if self.on_windows else env_options['nix']
+        if self.mode == 'env':
+            if self.mode_modifier:
+                self.env_command = env_options[self.mode_modifier]
+            else:
+                self.on_windows = True if platform.system().lower() == 'windows' else False
+                self.env_command = env_options['wincmd'] if self.on_windows else env_options['nix']
 
     def print(self):
         if self.console:
             self.print_console()
             return
-        mode_prefix = self.mode.split('-')[0]
-        if mode_prefix == 'text':
+        if self.mode == 'text':
             self.print_text()
-        if mode_prefix == 'json':
+        if self.mode == 'json':
             self.print_json()
-        if mode_prefix == 'env':
+        if self.mode == 'env':
             self.print_env()
-        if mode_prefix == 'integrate':
+        if self.mode == 'integrate':
             self.print_integrate()
-        if mode_prefix == 'azlogin':
+        if self.mode == 'azlogin':
             self.print_azlogin()
-        if mode_prefix == 'awscredentialprocess':
+        if self.mode == 'awscredentialprocess':
             self.print_awscredentialprocess()
-        if mode_prefix == 'azps':
+        if self.mode == 'azps':
             self.print_azps()
-        if mode_prefix == 'gcloudauth':
+        if self.mode == 'gcloudauth':
             self.print_gcloudauth()
 
     def print_console(self):
         url = self.credentials.get('url', self.credentials)
-
-        if self.mode.startswith('browser'):
-            browser_type = safe_list_get(self.mode.split('-', maxsplit=1), 1, None)
-            webbrowser.get(browser_type).open(url)
+        if self.mode == 'browser':
+            webbrowser.get(self.mode_modifier).open(url)
         else:
             self.cli.print(url, ignore_silent=True)