aws-annoying 0.1.0__py3-none-any.whl → 0.2.0__py3-none-any.whl

aws_annoying/app.py

@@ -6,4 +6,5 @@ app = typer.Typer(
     pretty_exceptions_short=True,
     pretty_exceptions_show_locals=False,
     rich_markup_mode="rich",
+    no_args_is_help=True,
 )

aws_annoying/ecs_task_definition_lifecycle.py

@@ -28,6 +28,9 @@ def ecs_task_definition_lifecycle(
     ),
 ) -> None:
     """Execute ECS task definition lifecycle."""
+    if dry_run:
+        print("⚠️ Dry run mode enabled. Will not perform any actual changes.")
+
     ecs = boto3.client("ecs")
 
     # Get all task definitions for the family

aws_annoying/load_variables.py

@@ -107,7 +107,12 @@ def load_variables(  # noqa: PLR0913
     console.print(table)
 
     # Retrieve the variables
-    variables = _load_variables(map_arns_by_index, console=console, dry_run=dry_run)
+    loader = VariableLoader(dry_run=dry_run, console=console)
+    try:
+        variables = loader.load(map_arns_by_index)
+    except Exception as exc:  # noqa: BLE001
+        console.print(f"❌ Failed to load the variables: {exc!s}")
+        raise typer.Exit(1) from None
 
     # Prepare the environment variables
     env = os.environ.copy()
@@ -128,117 +133,122 @@ def load_variables(  # noqa: PLR0913
     raise typer.Exit(result.returncode)
 
 
-# TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
-#                   ; consider adding it if needed
-def _load_variables(map_arns: dict[str, _ARN], *, console: Console, dry_run: bool) -> dict[str, Any]:
-    """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
-
-    Each secret or parameter should be a valid dictionary, where the keys are the variable names
-    and the values are the variable values.
-
-    The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
-    in the order of the keys.
-    """
-    console.print("🔍 Retrieving variables from AWS resources...")
-    if dry_run:
-        console.print("⚠️ Dry run mode enabled. Variables won't be loaded from AWS.")
-
-    # Split the ARNs by resource types
-    secrets_map, parameters_map = {}, {}
-    for idx, arn in map_arns.items():
-        if arn.startswith("arn:aws:secretsmanager:"):
-            secrets_map[idx] = arn
-        elif arn.startswith("arn:aws:ssm:"):
-            parameters_map[idx] = arn
+# Type aliases for readability
+_ARN = str
+_Variables = dict[str, Any]
+
+
+class VariableLoader:  # noqa: D101
+    def __init__(self, *, console: Console | None = None, dry_run: bool) -> None:
+        """Initialize the VariableLoader.
+
+        Args:
+            dry_run: Whether to run in dry-run mode.
+            console: Rich console instance.
+        """
+        self.console = console or Console(quiet=True)
+        self.dry_run = dry_run
+
+    # TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
+    #                   ; consider adding it if needed
+    def load(self, map_arns: dict[str, _ARN]) -> dict[str, Any]:
+        """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
+
+        Each secret or parameter should be a valid dictionary, where the keys are the variable names
+        and the values are the variable values.
+
+        The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
+        in the order of the keys.
+        """
+        self.console.print("🔍 Retrieving variables from AWS resources...")
+        if self.dry_run:
+            self.console.print("⚠️ Dry run mode enabled. Variables won't be loaded from AWS.")
+
+        # Split the ARNs by resource types
+        secrets_map, parameters_map = {}, {}
+        for idx, arn in map_arns.items():
+            if arn.startswith("arn:aws:secretsmanager:"):
+                secrets_map[idx] = arn
+            elif arn.startswith("arn:aws:ssm:"):
+                parameters_map[idx] = arn
+            else:
+                msg = f"Unsupported resource: {arn!r}"
+                raise ValueError(msg)
+
+        # Retrieve variables from AWS resources
+        secrets: dict[str, _Variables]
+        parameters: dict[str, _Variables]
+        if self.dry_run:
+            secrets = {idx: {} for idx, _ in secrets_map.items()}
+            parameters = {idx: {} for idx, _ in parameters_map.items()}
         else:
-            msg = f"ARN of unsupported resource: {arn!r}"
-            raise ValueError(msg)
+            secrets = self._retrieve_secrets(secrets_map)
+            parameters = self._retrieve_parameters(parameters_map)
 
-    if secrets_map.keys() & parameters_map.keys():
-        msg = "Keys in secrets and parameters MUST NOT conflict."
-        raise ValueError(msg)
+        self.console.print(f"✅ Retrieved {len(secrets)} secrets and {len(parameters)} parameters.")
 
-    # Retrieve variables from AWS resources
-    secrets: dict[str, _Variables]
-    parameters: dict[str, _Variables]
-    if dry_run:
-        secrets = {idx: {} for idx, _ in secrets_map.items()}
-        parameters = {idx: {} for idx, _ in parameters_map.items()}
-    else:
-        secrets = _retrieve_secrets(secrets_map)
-        parameters = _retrieve_parameters(parameters_map)
+        # Merge the variables in order
+        full_variables = secrets | parameters  # Keys MUST NOT conflict
+        merged_in_order = {}
+        for _, variables in sorted(full_variables.items()):
+            merged_in_order.update(variables)
 
-    console.print(f"✅ Retrieved {len(secrets)} secrets and {len(parameters)} parameters.")
+        return merged_in_order
 
-    # Merge the variables in order
-    full_variables = secrets | parameters  # Keys MUST NOT conflict
-    merged_in_order = {}
-    for _, variables in sorted(full_variables.items()):
-        merged_in_order.update(variables)
+    def _retrieve_secrets(self, secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the secrets from AWS Secrets Manager."""
+        if not secrets_map:
+            return {}
 
-    return merged_in_order
+        secretsmanager = boto3.client("secretsmanager")
 
+        # Retrieve the secrets
+        arns = list(secrets_map.values())
+        response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
+        if errors := response["Errors"]:
+            msg = f"Failed to retrieve secrets: {errors!r}"
+            raise ValueError(msg)
 
-# Type aliases for readability
-_ARN = str
-_Variables = dict[str, Any]
+        # Parse the secrets
+        secrets = response["SecretValues"]
+        result = {}
+        for secret in secrets:
+            arn = secret["ARN"]
+            order_key = next(key for key, value in secrets_map.items() if value == arn)
+            data = json.loads(secret["SecretString"])
+            if not isinstance(data, dict):
+                msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result
+
+    def _retrieve_parameters(self, parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the parameters from AWS SSM Parameter Store."""
+        if not parameters_map:
+            return {}
+
+        ssm = boto3.client("ssm")
+
+        # Retrieve the parameters
+        parameter_names = list(parameters_map.values())
+        response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
+        if errors := response["InvalidParameters"]:
+            msg = f"Failed to retrieve parameters: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the parameters
+        parameters = response["Parameters"]
+        result = {}
+        for parameter in parameters:
+            arn = parameter["ARN"]
+            order_key = next(key for key, value in parameters_map.items() if value == arn)
+            data = json.loads(parameter["Value"])
+            if not isinstance(data, dict):
+                msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
 
+            result[order_key] = data
 
-def _retrieve_secrets(secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
-    """Retrieve the secrets from AWS Secrets Manager."""
-    if not secrets_map:
-        return {}
-
-    secretsmanager = boto3.client("secretsmanager")
-
-    # Retrieve the secrets
-    arns = list(secrets_map.values())
-    response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
-    if errors := response["Errors"]:
-        msg = f"Failed to retrieve secrets: {errors!r}"
-        raise ValueError(msg)
-
-    # Parse the secrets
-    secrets = response["SecretValues"]
-    result = {}
-    for secret in secrets:
-        arn = secret["ARN"]
-        order_key = next(key for key, value in secrets_map.items() if value == arn)
-        data = json.loads(secret["SecretString"])
-        if not isinstance(data, dict):
-            msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
-            raise TypeError(msg)
-
-        result[order_key] = data
-
-    return result
-
-
-def _retrieve_parameters(parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
-    """Retrieve the parameters from AWS SSM Parameter Store."""
-    if not parameters_map:
-        return {}
-
-    ssm = boto3.client("ssm")
-
-    # Retrieve the parameters
-    parameter_names = list(parameters_map.values())
-    response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
-    if errors := response["InvalidParameters"]:
-        msg = f"Failed to retrieve parameters: {errors!r}"
-        raise ValueError(msg)
-
-    # Parse the parameters
-    parameters = response["Parameters"]
-    result = {}
-    for parameter in parameters:
-        arn = parameter["ARN"]
-        order_key = next(key for key, value in parameters_map.items() if value == arn)
-        data = json.loads(parameter["Value"])
-        if not isinstance(data, dict):
-            msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
-            raise TypeError(msg)
-
-        result[order_key] = data
-
-    return result
+        return result

aws_annoying/main.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 
 import aws_annoying.ecs_task_definition_lifecycle
 import aws_annoying.load_variables
+import aws_annoying.mfa
 from aws_annoying.utils.debugger import input_as_args
 
 # App with all commands registered

aws_annoying/mfa/__init__.py

@@ -0,0 +1,3 @@
+from . import configure
+
+__all__ = ("configure",)

aws_annoying/mfa/_app.py

@@ -0,0 +1,9 @@
+import typer
+
+from aws_annoying.app import app
+
+mfa_app = typer.Typer(
+    no_args_is_help=True,
+    help="Commands to manage MFA authentication.",
+)
+app.add_typer(mfa_app, name="mfa")

aws_annoying/mfa/configure.py

@@ -0,0 +1,157 @@
+from __future__ import annotations
+
+import configparser
+from pathlib import Path  # noqa: TC003
+from typing import Optional
+
+import boto3
+import typer
+from pydantic import BaseModel, ConfigDict
+from rich import print  # noqa: A004
+from rich.prompt import Prompt
+
+from ._app import mfa_app
+
+_CONFIG_INI_SECTION = "aws-annoying:mfa"
+
+
+@mfa_app.command()
+def configure(  # noqa: PLR0913
+    *,
+    mfa_profile: Optional[str] = typer.Option(
+        None,
+        help="The MFA profile to configure.",
+    ),
+    mfa_source_profile: Optional[str] = typer.Option(
+        None,
+        help="The AWS profile to use to retrieve MFA credentials.",
+    ),
+    mfa_serial_number: Optional[str] = typer.Option(
+        None,
+        help="The MFA device serial number. It is required if not persisted in configuration.",
+        show_default=False,
+    ),
+    mfa_token_code: Optional[str] = typer.Option(
+        None,
+        help="The MFA token code.",
+        show_default=False,
+    ),
+    aws_credentials: Path = typer.Option(  # noqa: B008
+        "~/.aws/credentials",
+        help="The path to the AWS credentials file.",
+    ),
+    aws_config: Path = typer.Option(  # noqa: B008
+        "~/.aws/config",
+        help="The path to the AWS config file. Used to persist the MFA configuration.",
+    ),
+    persist: bool = typer.Option(
+        True,  # noqa: FBT003
+        help="Persist the MFA configuration.",
+    ),
+) -> None:
+    """Configure AWS profile for MFA."""
+    # Expand user home directory
+    aws_credentials = aws_credentials.expanduser()
+    aws_config = aws_config.expanduser()
+
+    # Load configuration
+    mfa_config, exists = _MfaConfig.from_ini_file(aws_config, _CONFIG_INI_SECTION)
+    if exists:
+        print(f"⚙️ Loaded MFA configuration from AWS config ({aws_config}).")
+
+    mfa_profile = (
+        mfa_profile
+        or mfa_config.mfa_profile
+        # _
+        or Prompt.ask("👤 Enter name of MFA profile to configure", default="mfa")
+    )
+    mfa_source_profile = (
+        mfa_source_profile
+        or mfa_config.mfa_source_profile
+        or Prompt.ask("👤 Enter AWS profile to use to retrieve MFA credentials", default="default")
+    )
+    mfa_serial_number = (
+        mfa_serial_number
+        or mfa_config.mfa_serial_number
+        # _
+        or Prompt.ask("🔒 Enter MFA serial number")
+    )
+    mfa_token_code = (
+        mfa_token_code
+        # _
+        or Prompt.ask("🔑 Enter MFA token code")
+    )
+
+    # Get credentials
+    print(f"💬 Retrieving MFA credentials using profile [bold]{mfa_source_profile}[/bold]")
+    session = boto3.session.Session(profile_name=mfa_source_profile)
+    sts = session.client("sts")
+    response = sts.get_session_token(
+        SerialNumber=mfa_serial_number,
+        TokenCode=mfa_token_code,
+    )
+    credentials = response["Credentials"]
+
+    # Update MFA profile in AWS credentials
+    print(f"✅ Updating MFA profile ([bold]{mfa_profile}[/bold]) to AWS credentials ({aws_credentials})")
+    _update_credentials(
+        aws_credentials,
+        mfa_profile,  # type: ignore[arg-type]
+        access_key=credentials["AccessKeyId"],
+        secret_key=credentials["SecretAccessKey"],
+        session_token=credentials["SessionToken"],
+    )
+
+    # Persist MFA configuration
+    if persist:
+        print(
+            f"✅ Persisting MFA configuration in AWS config ({aws_config}),"
+            f" in [bold]{_CONFIG_INI_SECTION}[/bold] section.",
+        )
+        mfa_config.mfa_profile = mfa_profile
+        mfa_config.mfa_source_profile = mfa_source_profile
+        mfa_config.mfa_serial_number = mfa_serial_number
+        mfa_config.save_ini_file(aws_config, _CONFIG_INI_SECTION)
+    else:
+        print("⚠️ MFA configuration not persisted.")
+
+
+class _MfaConfig(BaseModel):
+    model_config = ConfigDict(extra="ignore")
+
+    mfa_profile: Optional[str] = None
+    mfa_source_profile: Optional[str] = None
+    mfa_serial_number: Optional[str] = None
+
+    def save_ini_file(self, path: Path, section_key: str) -> None:
+        """Save configuration to an AWS config file."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        config_ini.setdefault(section_key, {})
+        for k, v in self.model_dump(exclude_none=True).items():
+            config_ini[section_key][k] = v
+
+        with path.open("w") as f:
+            config_ini.write(f)
+
+    @classmethod
+    def from_ini_file(cls, path: Path, section_key: str) -> tuple[_MfaConfig, bool]:
+        """Load configuration from an AWS config file, with boolean indicating if the config already exists."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        if config_ini.has_section(section_key):
+            section = dict(config_ini.items(section_key))
+            return cls.model_validate(section), True
+
+        return cls(), False
+
+
+def _update_credentials(path: Path, profile: str, *, access_key: str, secret_key: str, session_token: str) -> None:
+    credentials_ini = configparser.ConfigParser()
+    credentials_ini.read(path)
+    credentials_ini.setdefault(profile, {})
+    credentials_ini[profile]["aws_access_key_id"] = access_key
+    credentials_ini[profile]["aws_secret_access_key"] = secret_key
+    credentials_ini[profile]["aws_session_token"] = session_token
+    with path.open("w") as f:
+        credentials_ini.write(f)

aws_annoying-0.2.0.dist-info/METADATA

@@ -0,0 +1,35 @@
+Metadata-Version: 2.4
+Name: aws-annoying
+Version: 0.2.0
+Summary: Utils to handle some annoying AWS tasks.
+Author-email: Yuchan Lee <lasuillard@gmail.com>
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: <4.0,>=3.9
+Requires-Dist: boto3>=1.37.1
+Requires-Dist: pydantic>=2.10.6
+Requires-Dist: typer>=0.15.1
+Provides-Extra: dev
+Requires-Dist: boto3-stubs[ecs,secretsmanager,ssm,sts]>=1.37.1; extra == 'dev'
+Requires-Dist: mypy~=1.15.0; extra == 'dev'
+Requires-Dist: ruff~=0.9.9; extra == 'dev'
+Provides-Extra: test
+Requires-Dist: coverage~=7.6.0; extra == 'test'
+Requires-Dist: moto[ecs,secretsmanager,server,ssm]~=5.1.1; extra == 'test'
+Requires-Dist: pytest-cov~=6.0.0; extra == 'test'
+Requires-Dist: pytest-env~=1.1.1; extra == 'test'
+Requires-Dist: pytest-snapshot>=0.9.0; extra == 'test'
+Requires-Dist: pytest-sugar~=1.0.0; extra == 'test'
+Requires-Dist: pytest-xdist>=3.6.1; extra == 'test'
+Requires-Dist: pytest~=8.3.2; extra == 'test'
+Requires-Dist: testcontainers[localstack]>=4.9.2; extra == 'test'
+Description-Content-Type: text/markdown
+
+# aws-annoying
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![CI](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml/badge.svg)](https://github.com/lasuillard/aws-annoying/actions/workflows/ci.yaml)
+[![codecov](https://codecov.io/gh/lasuillard/aws-annoying/graph/badge.svg?token=gbcHMVVz2k)](https://codecov.io/gh/lasuillard/aws-annoying)
+![GitHub Release](https://img.shields.io/github/v/release/lasuillard/aws-annoying)
+
+Utils to handle some annoying AWS tasks.

aws_annoying-0.2.0.dist-info/RECORD

@@ -0,0 +1,15 @@
+aws_annoying/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aws_annoying/app.py,sha256=sp50uVoAl4D6Wk3DFpzKZzSsxmSxNYejFxm62b_Kxps,201
+aws_annoying/ecs_task_definition_lifecycle.py,sha256=hiypU5RD5moo0KYHn8YRAyGDSMKh-zPnfxfFYWm6w78,1744
+aws_annoying/load_variables.py,sha256=380xT1i85HWybgOIWn72xGCDgqYJ2OSa9VOKMlyHg8M,9488
+aws_annoying/main.py,sha256=jngo15w50Jf6nr63N-yV6AEYsFKYzObJc0wI364zS0s,451
+aws_annoying/mfa/__init__.py,sha256=rbEGhw5lOQZV_XAc3nSbo56JVhsSPpeOgEtiAy9qzEA,50
+aws_annoying/mfa/_app.py,sha256=hpa1Bfx8lRsuZfujM-RyaYU5llOuwGKgf4FwEydthU0,185
+aws_annoying/mfa/configure.py,sha256=i5e0qZBFYafuv3D59eP_JXOMrWSRW_bZp0xgIpOlaPE,5364
+aws_annoying/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aws_annoying/utils/debugger.py,sha256=UFllDCGI2gPtwo1XS5vqw0qyR6bYr7XknmBwSxalKIc,754
+aws_annoying-0.2.0.dist-info/METADATA,sha256=0neXI2tmvEBoLQ30VMWfbssan-ZvboVlEpW305veurk,1607
+aws_annoying-0.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+aws_annoying-0.2.0.dist-info/entry_points.txt,sha256=s0l5LK26zEUxLRkBHH9Bu5aH1bOPvYVoTMnUcFlzjm8,62
+aws_annoying-0.2.0.dist-info/licenses/LICENSE,sha256=Q5GkvYijQ2KTQ-QWhv43ilzCno4ZrzrEuATEQZd9rYo,1067
+aws_annoying-0.2.0.dist-info/RECORD,,

aws_annoying-0.1.0.dist-info/METADATA

@@ -1,21 +0,0 @@
-Metadata-Version: 2.4
-Name: aws-annoying
-Version: 0.1.0
-Summary: Utils to handle some annoying AWS tasks.
-Author-email: Yuchan Lee <lasuillard@gmail.com>
-License-Expression: MIT
-License-File: LICENSE
-Requires-Python: <4.0,>=3.9
-Requires-Dist: boto3>=1.37.1
-Requires-Dist: typer>=0.15.1
-Provides-Extra: dev
-Requires-Dist: boto3-stubs[ecs,secretsmanager,ssm]>=1.37.1; extra == 'dev'
-Requires-Dist: mypy~=1.15.0; extra == 'dev'
-Requires-Dist: ruff~=0.9.9; extra == 'dev'
-Provides-Extra: test
-Requires-Dist: coverage~=7.6.0; extra == 'test'
-Requires-Dist: moto[ecs,secretsmanager,server,ssm]; extra == 'test'
-Requires-Dist: pytest-cov~=6.0.0; extra == 'test'
-Requires-Dist: pytest-env~=1.1.1; extra == 'test'
-Requires-Dist: pytest-sugar~=1.0.0; extra == 'test'
-Requires-Dist: pytest~=8.3.2; extra == 'test'

aws_annoying-0.1.0.dist-info/RECORD

@@ -1,12 +0,0 @@
-aws_annoying/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-aws_annoying/app.py,sha256=JyUl5f4FkYB2r6l5k0tKQUOJUa-d-hsIKOCMtdmvCOo,175
-aws_annoying/ecs_task_definition_lifecycle.py,sha256=KTAkaEbRdFXTti6l36f78aVGWs1soVp8eqV2Ft7b-hc,1644
-aws_annoying/load_variables.py,sha256=J2lO7ARQ9Dwxrbv8Rr2WUQe5A6bPM1pgEycMjWKEif8,8745
-aws_annoying/main.py,sha256=BQIWH7hEvT3MSTPwfljwRvk9sVZOewagrbtW9lEtZhQ,427
-aws_annoying/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-aws_annoying/utils/debugger.py,sha256=UFllDCGI2gPtwo1XS5vqw0qyR6bYr7XknmBwSxalKIc,754
-aws_annoying-0.1.0.dist-info/METADATA,sha256=CEEyikRPVswiVzI9H5D_bWwqgRobilGCQgf6dPxZT94,803
-aws_annoying-0.1.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-aws_annoying-0.1.0.dist-info/entry_points.txt,sha256=s0l5LK26zEUxLRkBHH9Bu5aH1bOPvYVoTMnUcFlzjm8,62
-aws_annoying-0.1.0.dist-info/licenses/LICENSE,sha256=Q5GkvYijQ2KTQ-QWhv43ilzCno4ZrzrEuATEQZd9rYo,1067
-aws_annoying-0.1.0.dist-info/RECORD,,