aws-annoying 0.3.0__tar.gz → 0.4.0__tar.gz

{aws_annoying-0.3.0 → aws_annoying-0.4.0}/.github/workflows/ci.yaml

@@ -44,16 +44,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest]
+        os: [ubuntu-latest, macos-latest, windows-latest]
         python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
 
-        # TODO(lasuillard): Simplified matrix for macOS and Windows for testing
-        include:
-          - os: macos-latest
-            python-version: "3.9"
-          - os: windows-latest
-            python-version: "3.9"
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4

{aws_annoying-0.3.0 → aws_annoying-0.4.0}/.pre-commit-config.yaml

@@ -19,8 +19,6 @@ repos:
           - --extend-exclude
           - utils/debugger.py
           - --extend-exclude
-          - main.py
-          - --extend-exclude
           - "**/_*.py"
       - id: test-matching-source
         args:
@@ -29,7 +27,7 @@ repos:
           - --extend-exclude
           - "**/conftest.py"
           - --extend-exclude
-          - _*/**/*.py
+          - "**/_*/**/*.py"
       - id: preferred-suffix
         args: [--rename]
 

{aws_annoying-0.3.0 → aws_annoying-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-annoying
-Version: 0.3.0
+Version: 0.4.0
 Summary: Utils to handle some annoying AWS tasks.
 Project-URL: Homepage, https://github.com/lasuillard/aws-annoying
 Project-URL: Repository, https://github.com/lasuillard/aws-annoying.git
@@ -9,11 +9,11 @@ Author-email: Yuchan Lee <lasuillard@gmail.com>
 License-Expression: MIT
 License-File: LICENSE
 Requires-Python: <4.0,>=3.9
-Requires-Dist: boto3>=1.37.1
-Requires-Dist: pydantic>=2.10.6
-Requires-Dist: requests>=2.32.3
-Requires-Dist: tqdm>=4.67.1
-Requires-Dist: typer>=0.15.1
+Requires-Dist: boto3<2,>=1
+Requires-Dist: pydantic<3,>=2
+Requires-Dist: requests<3,>=2
+Requires-Dist: tqdm<5,>=4
+Requires-Dist: typer<1,>=0
 Provides-Extra: dev
 Requires-Dist: boto3-stubs[ec2,ecs,secretsmanager,ssm,sts]>=1.37.1; extra == 'dev'
 Requires-Dist: mypy~=1.15.0; extra == 'dev'

aws_annoying-0.4.0/aws_annoying/cli/load_variables.py

@@ -0,0 +1,139 @@
+# flake8: noqa: B008
+from __future__ import annotations
+
+import os
+import subprocess
+from typing import NoReturn, Optional
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from aws_annoying.variables import VariableLoader
+
+from .app import app
+
+
+@app.command(
+    context_settings={
+        # Allow extra arguments for user provided command
+        "allow_extra_args": True,
+        "ignore_unknown_options": True,
+    },
+)
+def load_variables(  # noqa: PLR0913
+    *,
+    ctx: typer.Context,
+    arns: list[str] = typer.Option(
+        [],
+        metavar="ARN",
+        help=(
+            "ARNs of the secret or parameter to load."
+            " The variables are loaded in the order of the ARNs,"
+            " overwriting the variables with the same name in the order of the ARNs."
+        ),
+    ),
+    env_prefix: Optional[str] = typer.Option(
+        None,
+        help="Prefix of the environment variables to load the ARNs from.",
+        show_default=False,
+    ),
+    overwrite_env: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Overwrite the existing environment variables with the same name.",
+    ),
+    quiet: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Suppress all outputs from this command.",
+    ),
+    dry_run: bool = typer.Option(
+        False,  # noqa: FBT003
+        help="Print the progress only. Neither load variables nor run the command.",
+    ),
+    replace: bool = typer.Option(
+        True,  # noqa: FBT003
+        help=(
+            "Replace the current process (`os.execvpe`) with the command."
+            " If disabled, run the command as a `subprocess`."
+        ),
+    ),
+) -> NoReturn:
+    """Wrapper command to run command with variables from AWS resources injected as environment variables.
+
+    This script is intended to be used in the ECS environment, where currently AWS does not support
+    injecting whole JSON dictionary of secrets or parameters as environment variables directly.
+
+    It first loads the variables from the AWS sources then runs the command with the variables injected as environment variables.
+
+    In addition to `--arns` option, you can provide ARNs as the environment variables by providing `--env-prefix`.
+    For example, if you have the following environment variables:
+
+    ```shell
+    export LOAD_AWS_CONFIG__001_app_config=arn:aws:secretsmanager:...
+    export LOAD_AWS_CONFIG__002_db_config=arn:aws:ssm:...
+    ```
+
+    You can run the following command:
+
+    ```shell
+    aws-annoying load-variables --env-prefix LOAD_AWS_CONFIG__ -- ...
+    ```
+
+    The variables are loaded in the order of option provided, overwriting the variables with the same name in the order of the ARNs.
+    Existing environment variables are preserved by default, unless `--overwrite-env` is provided.
+    """  # noqa: E501
+    console = Console(quiet=quiet, emoji=False)
+
+    command = ctx.args
+    if not command:
+        console.print("⚠️ No command provided. Exiting...")
+        raise typer.Exit(0)
+
+    # Mapping of the ARNs by index (index used for ordering)
+    map_arns_by_index = {str(idx): arn for idx, arn in enumerate(arns)}
+    if env_prefix:
+        console.print(f"🔍 Loading ARNs from environment variables with prefix: {env_prefix!r}")
+        arns_env = {
+            key.removeprefix(env_prefix): value for key, value in os.environ.items() if key.startswith(env_prefix)
+        }
+        console.print(f"🔍 Found {len(arns_env)} sources from environment variables.")
+        map_arns_by_index = arns_env | map_arns_by_index
+
+    # Briefly show the ARNs
+    table = Table("Index", "ARN")
+    for idx, arn in sorted(map_arns_by_index.items()):
+        table.add_row(idx, arn)
+
+    console.print(table)
+
+    # Retrieve the variables
+    loader = VariableLoader(dry_run=dry_run)
+    console.print("🔍 Retrieving variables from AWS resources...")
+    if dry_run:
+        console.print("⚠️ Dry run mode enabled. Variables won't be loaded from AWS.")
+
+    try:
+        variables, load_stats = loader.load(map_arns_by_index)
+    except Exception as exc:  # noqa: BLE001
+        console.print(f"❌ Failed to load the variables: {exc!s}")
+        raise typer.Exit(1) from None
+
+    console.print(f"✅ Retrieved {load_stats['secrets']} secrets and {load_stats['parameters']} parameters.")
+
+    # Prepare the environment variables
+    env = os.environ.copy()
+    if overwrite_env:
+        env.update(variables)
+    else:
+        # Update variables, preserving the existing ones
+        for key, value in variables.items():
+            env.setdefault(key, str(value))
+
+    # Run the command with the variables injected as environment variables, replacing current process
+    console.print(f"🚀 Running the command: [bold orchid]{' '.join(command)}[/bold orchid]")
+    if replace:  # pragma: no cover (not coverable)
+        os.execvpe(command[0], command, env=env)  # noqa: S606
+        # The above line should never return
+
+    result = subprocess.run(command, env=env, check=False)  # noqa: S603
+    raise typer.Exit(result.returncode)

{aws_annoying-0.3.0/aws_annoying → aws_annoying-0.4.0/aws_annoying/cli}/main.py

@@ -1,10 +1,10 @@
 # flake8: noqa: F401
 from __future__ import annotations
 
-import aws_annoying.ecs_task_definition_lifecycle
-import aws_annoying.load_variables
-import aws_annoying.mfa
-import aws_annoying.session_manager
+import aws_annoying.cli.ecs_task_definition_lifecycle
+import aws_annoying.cli.load_variables
+import aws_annoying.cli.mfa
+import aws_annoying.cli.session_manager
 from aws_annoying.utils.debugger import input_as_args
 
 # App with all commands registered

{aws_annoying-0.3.0/aws_annoying → aws_annoying-0.4.0/aws_annoying/cli}/mfa/_app.py

@@ -1,6 +1,6 @@
 import typer
 
-from aws_annoying.app import app
+from aws_annoying.cli.app import app
 
 mfa_app = typer.Typer(
     no_args_is_help=True,

{aws_annoying-0.3.0/aws_annoying → aws_annoying-0.4.0/aws_annoying/cli}/mfa/configure.py

@@ -1,15 +1,15 @@
 from __future__ import annotations
 
-import configparser
 from pathlib import Path  # noqa: TC003
 from typing import Optional
 
 import boto3
 import typer
-from pydantic import BaseModel, ConfigDict
 from rich import print  # noqa: A004
 from rich.prompt import Prompt
 
+from aws_annoying.mfa import MfaConfig, update_credentials
+
 from ._app import mfa_app
 
 _CONFIG_INI_SECTION = "aws-annoying:mfa"
@@ -55,7 +55,7 @@ def configure(  # noqa: PLR0913
     aws_config = aws_config.expanduser()
 
     # Load configuration
-    mfa_config, exists = _MfaConfig.from_ini_file(aws_config, _CONFIG_INI_SECTION)
+    mfa_config, exists = MfaConfig.from_ini_file(aws_config, _CONFIG_INI_SECTION)
     if exists:
         print(f"⚙️ Loaded MFA configuration from AWS config ({aws_config}).")
 
@@ -94,7 +94,7 @@ def configure(  # noqa: PLR0913
 
     # Update MFA profile in AWS credentials
     print(f"✅ Updating MFA profile ([bold]{mfa_profile}[/bold]) to AWS credentials ({aws_credentials})")
-    _update_credentials(
+    update_credentials(
         aws_credentials,
         mfa_profile,  # type: ignore[arg-type]
         access_key=credentials["AccessKeyId"],
@@ -114,44 +114,3 @@ def configure(  # noqa: PLR0913
         mfa_config.save_ini_file(aws_config, _CONFIG_INI_SECTION)
     else:
         print("⚠️ MFA configuration not persisted.")
-
-
-class _MfaConfig(BaseModel):
-    model_config = ConfigDict(extra="ignore")
-
-    mfa_profile: Optional[str] = None
-    mfa_source_profile: Optional[str] = None
-    mfa_serial_number: Optional[str] = None
-
-    def save_ini_file(self, path: Path, section_key: str) -> None:
-        """Save configuration to an AWS config file."""
-        config_ini = configparser.ConfigParser()
-        config_ini.read(path)
-        config_ini.setdefault(section_key, {})
-        for k, v in self.model_dump(exclude_none=True).items():
-            config_ini[section_key][k] = v
-
-        with path.open("w") as f:
-            config_ini.write(f)
-
-    @classmethod
-    def from_ini_file(cls, path: Path, section_key: str) -> tuple[_MfaConfig, bool]:
-        """Load configuration from an AWS config file, with boolean indicating if the config already exists."""
-        config_ini = configparser.ConfigParser()
-        config_ini.read(path)
-        if config_ini.has_section(section_key):
-            section = dict(config_ini.items(section_key))
-            return cls.model_validate(section), True
-
-        return cls(), False
-
-
-def _update_credentials(path: Path, profile: str, *, access_key: str, secret_key: str, session_token: str) -> None:
-    credentials_ini = configparser.ConfigParser()
-    credentials_ini.read(path)
-    credentials_ini.setdefault(profile, {})
-    credentials_ini[profile]["aws_access_key_id"] = access_key
-    credentials_ini[profile]["aws_secret_access_key"] = secret_key
-    credentials_ini[profile]["aws_session_token"] = session_token
-    with path.open("w") as f:
-        credentials_ini.write(f)

{aws_annoying-0.3.0/aws_annoying → aws_annoying-0.4.0/aws_annoying/cli}/session_manager/_app.py

@@ -1,6 +1,6 @@
 import typer
 
-from aws_annoying.app import app
+from aws_annoying.cli.app import app
 
 session_manager_app = typer.Typer(
     no_args_is_help=True,

{aws_annoying-0.3.0/aws_annoying → aws_annoying-0.4.0/aws_annoying/cli}/session_manager/_common.py

@@ -6,7 +6,7 @@ from typing import Any
 import typer
 from rich.prompt import Confirm
 
-from .session_manager import SessionManager as _SessionManager
+from aws_annoying.session_manager import SessionManager as _SessionManager
 
 
 # Custom session manager with console interactivity

aws_annoying-0.4.0/aws_annoying/mfa.py

@@ -0,0 +1,54 @@
+from __future__ import annotations
+
+import configparser
+from pathlib import Path  # noqa: TC003
+from typing import Optional
+
+from pydantic import BaseModel, ConfigDict
+
+# TODO(lasuillard): Need some refactoring (configurator class)
+# TODO(lasuillard): Put some logging
+
+
+class MfaConfig(BaseModel):
+    """MFA configuration for AWS profiles."""
+
+    model_config = ConfigDict(extra="ignore")
+
+    mfa_profile: Optional[str] = None
+    mfa_source_profile: Optional[str] = None
+    mfa_serial_number: Optional[str] = None
+
+    def save_ini_file(self, path: Path, section_key: str) -> None:
+        """Save configuration to an AWS config file."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        config_ini.setdefault(section_key, {})
+        for k, v in self.model_dump(exclude_none=True).items():
+            config_ini[section_key][k] = v
+
+        with path.open("w") as f:
+            config_ini.write(f)
+
+    @classmethod
+    def from_ini_file(cls, path: Path, section_key: str) -> tuple[MfaConfig, bool]:
+        """Load configuration from an AWS config file, with boolean indicating if the config already exists."""
+        config_ini = configparser.ConfigParser()
+        config_ini.read(path)
+        if config_ini.has_section(section_key):
+            section = dict(config_ini.items(section_key))
+            return cls.model_validate(section), True
+
+        return cls(), False
+
+
+def update_credentials(path: Path, profile: str, *, access_key: str, secret_key: str, session_token: str) -> None:
+    """Update AWS credentials file with the provided profile and credentials."""
+    credentials_ini = configparser.ConfigParser()
+    credentials_ini.read(path)
+    credentials_ini.setdefault(profile, {})
+    credentials_ini[profile]["aws_access_key_id"] = access_key
+    credentials_ini[profile]["aws_secret_access_key"] = secret_key
+    credentials_ini[profile]["aws_session_token"] = session_token
+    with path.open("w") as f:
+        credentials_ini.write(f)

aws_annoying-0.4.0/aws_annoying/session_manager/__init__.py

@@ -0,0 +1,4 @@
+from .errors import PluginNotInstalledError, SessionManagerError, UnsupportedPlatformError
+from .session_manager import SessionManager
+
+__all__ = ("PluginNotInstalledError", "SessionManager", "SessionManagerError", "UnsupportedPlatformError")

aws_annoying-0.4.0/aws_annoying/variables.py

@@ -0,0 +1,133 @@
+# flake8: noqa: B008
+from __future__ import annotations
+
+import json
+from typing import Any, TypedDict
+
+import boto3
+
+# Type aliases for readability
+_ARN = str
+_Variables = dict[str, Any]
+
+# TODO(lasuillard): Need some refactoring (with #2, #3)
+# TODO(lasuillard): Put some logging
+
+
+class _LoadStatsDict(TypedDict):
+    secrets: int
+    parameters: int
+
+
+class VariableLoader:  # noqa: D101
+    def __init__(self, *, dry_run: bool) -> None:
+        """Initialize the VariableLoader.
+
+        Args:
+            dry_run: Whether to run in dry-run mode.
+            console: Rich console instance.
+        """
+        self.dry_run = dry_run
+
+    # TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
+    #                   ; consider adding it if needed
+    def load(self, map_arns: dict[str, _ARN]) -> tuple[dict[str, Any], _LoadStatsDict]:
+        """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
+
+        Each secret or parameter should be a valid dictionary, where the keys are the variable names
+        and the values are the variable values.
+
+        The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
+        in the order of the keys.
+        """
+        # Split the ARNs by resource types
+        secrets_map, parameters_map = {}, {}
+        for idx, arn in map_arns.items():
+            if arn.startswith("arn:aws:secretsmanager:"):
+                secrets_map[idx] = arn
+            elif arn.startswith("arn:aws:ssm:"):
+                parameters_map[idx] = arn
+            else:
+                msg = f"Unsupported resource: {arn!r}"
+                raise ValueError(msg)
+
+        # Retrieve variables from AWS resources
+        secrets: dict[str, _Variables]
+        parameters: dict[str, _Variables]
+        if self.dry_run:
+            secrets = {idx: {} for idx, _ in secrets_map.items()}
+            parameters = {idx: {} for idx, _ in parameters_map.items()}
+        else:
+            secrets = self._retrieve_secrets(secrets_map)
+            parameters = self._retrieve_parameters(parameters_map)
+
+        load_stats: _LoadStatsDict = {
+            "secrets": len(secrets),
+            "parameters": len(parameters),
+        }
+
+        # Merge the variables in order
+        full_variables = secrets | parameters  # Keys MUST NOT conflict
+        merged_in_order = {}
+        for _, variables in sorted(full_variables.items()):
+            merged_in_order.update(variables)
+
+        return merged_in_order, load_stats
+
+    def _retrieve_secrets(self, secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the secrets from AWS Secrets Manager."""
+        if not secrets_map:
+            return {}
+
+        secretsmanager = boto3.client("secretsmanager")
+
+        # Retrieve the secrets
+        arns = list(secrets_map.values())
+        response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
+        if errors := response["Errors"]:
+            msg = f"Failed to retrieve secrets: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the secrets
+        secrets = response["SecretValues"]
+        result = {}
+        for secret in secrets:
+            arn = secret["ARN"]
+            order_key = next(key for key, value in secrets_map.items() if value == arn)
+            data = json.loads(secret["SecretString"])
+            if not isinstance(data, dict):
+                msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result
+
+    def _retrieve_parameters(self, parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the parameters from AWS SSM Parameter Store."""
+        if not parameters_map:
+            return {}
+
+        ssm = boto3.client("ssm")
+
+        # Retrieve the parameters
+        parameter_names = list(parameters_map.values())
+        response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
+        if errors := response["InvalidParameters"]:
+            msg = f"Failed to retrieve parameters: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the parameters
+        parameters = response["Parameters"]
+        result = {}
+        for parameter in parameters:
+            arn = parameter["ARN"]
+            order_key = next(key for key, value in parameters_map.items() if value == arn)
+            data = json.loads(parameter["Value"])
+            if not isinstance(data, dict):
+                msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result

aws_annoying-0.4.0/examples/dbeaver/README.md

@@ -0,0 +1,49 @@
+# DBeaver
+
+Example usage of the `session-manager` command to automate [DBeaver](https://dbeaver.io/) connections through Session Manager.
+
+1. Install the **aws-annoying** CLI. Here, we use [pipx](https://github.com/pypa/pipx):
+
+    ```shell
+    pipx install aws-annoying
+    ```
+
+2. Run DBeaver. Since DBeaver, by default, runs scripts in a non-login shell, environment variables may need to be forwarded.
+
+    Below is a macOS-specific example for running DBeaver with user environment variables:
+
+    ```shell
+    export && open -a 'DBeaver'
+    ```
+
+    You can save this command in a `.command` file for convenience. Optionally, specify the AWS profile to use:
+
+    ```shell
+    export && AWS_DEFAULT_PROFILE=mfa open -a 'DBeaver'
+    ```
+
+3. Create a new connection:
+
+    ![New Connection](./new-connection.png)
+
+4. Update the **Before Connect** script:
+
+    ![Before Connect](./before-connect.png)
+
+    ```shell
+    aws-annoying session-manager port-forward --local-port ${port} --through "<EC2 instance name or ID>" --remote-host "<Database hostname>" --remote-port "<Database port>" --pid-file /tmp/dbeaver-${port}.pid --terminate-running-process --log-file /tmp/dbeaver-${port}.log
+    ```
+
+    Update `--through`, `--remote-host`, and `--remote-port` as needed, based on your infrastructure and database engine. Additionally, the **Pause after execute (ms)** setting may need adjustment based on your network conditions.
+
+5. Update the **After Disconnect** script:
+
+    ![After Disconnect](./after-disconnect.png)
+
+    ```shell
+    aws-annoying session-manager stop --pid-file /tmp/dbeaver-${port}.pid
+    ```
+
+6. Run **Test Connection ...** to verify the setup.
+
+    ![Test Connection](./test-connection.png)

{aws_annoying-0.3.0 → aws_annoying-0.4.0}/pyproject.toml

@@ -1,21 +1,21 @@
 [project]
 name = "aws-annoying"
 description = "Utils to handle some annoying AWS tasks."
-version = "0.3.0"
+version = "0.4.0"
 authors = [{ name = "Yuchan Lee", email = "lasuillard@gmail.com" }]
 readme = "README.md"
 license = "MIT"
 requires-python = ">=3.9, <4.0"
 dependencies = [
-  "boto3>=1.37.1",
-  "requests>=2.32.3",
-  "tqdm>=4.67.1",
-  "typer>=0.15.1",
-  "pydantic>=2.10.6",
+  "boto3>=1,<2",
+  "requests>=2,<3",
+  "tqdm>=4,<5",
+  "typer>=0,<1",
+  "pydantic>=2,<3",
 ]
 
 [project.scripts]
-"aws-annoying" = "aws_annoying.main:entrypoint"
+"aws-annoying" = "aws_annoying.cli.main:entrypoint"
 
 [project.optional-dependencies]
 dev = [

{aws_annoying-0.3.0/tests → aws_annoying-0.4.0/tests/cli}/_helpers/__init__.py

@@ -1,8 +1,9 @@
 from pathlib import Path
 
 from .command_builder import repeat_options
+from .invoke import invoke_cli
 from .string_ import normalize_console_output
 
-__all__ = ("PRINTENV_PY", "normalize_console_output", "printenv_py", "repeat_options")
+__all__ = ("PRINTENV_PY", "invoke_cli", "normalize_console_output", "printenv_py", "repeat_options")
 
 PRINTENV_PY = (Path(__file__).parent / "scripts" / "printenv.py").absolute()

aws_annoying-0.4.0/tests/cli/_helpers/invoke.py

@@ -0,0 +1,14 @@
+from __future__ import annotations
+
+import os
+import subprocess
+
+
+def invoke_cli(*args: str, env: dict[str, str] | None = None) -> subprocess.CompletedProcess[str]:
+    return subprocess.run(  # noqa: S603
+        ["uv", "run", "aws-annoying", *args],  # noqa: S607
+        check=False,
+        capture_output=True,
+        text=True,
+        env=(env or os.environ),  # * `AWS_ENDPOINT_URL` should be inherited appropriately to use Moto or LocalStack
+    )

{aws_annoying-0.3.0/tests → aws_annoying-0.4.0/tests/cli}/mfa/test_configure.py

@@ -7,9 +7,10 @@ from unittest import mock
 import pytest
 from typer.testing import CliRunner
 
-from aws_annoying.main import app
-from aws_annoying.mfa.configure import _CONFIG_INI_SECTION, _MfaConfig
-from tests._helpers import normalize_console_output
+from aws_annoying.cli.main import app
+from aws_annoying.cli.mfa.configure import _CONFIG_INI_SECTION
+from aws_annoying.mfa import MfaConfig
+from tests.cli._helpers import normalize_console_output
 
 if TYPE_CHECKING:
     from pathlib import Path
@@ -79,7 +80,7 @@ def test_load_existing_config(snapshot: Snapshot, tmp_path: Path) -> None:
     mfa_profile = "mfa"
     aws_credentials = tmp_path / "credentials"
     aws_config = tmp_path / "config"
-    _MfaConfig(
+    MfaConfig(
         mfa_profile=mfa_profile,
         mfa_source_profile="default",
         mfa_serial_number="1234567890",

{aws_annoying-0.3.0/tests → aws_annoying-0.4.0/tests/cli}/snapshots/test_load_variables/test_basic/stdout.txt

@@ -6,7 +6,7 @@
 └───────┴──────────────────────────────────────────────────────────────────────┘
 🔍 Retrieving variables from AWS resources...
 ✅ Retrieved 1 secrets and 1 parameters.
-🚀 Running the command: tests/_helpers/scripts/printenv.py DJANGO_SETTINGS_MODULE DJANGO_SECRET_KEY DJANGO_DEBUG DJANGO_ALLOWED_HOSTS
+🚀 Running the command: tests/cli/_helpers/scripts/printenv.py DJANGO_SETTINGS_MODULE DJANGO_SECRET_KEY DJANGO_DEBUG DJANGO_ALLOWED_HOSTS
 DJANGO_SETTINGS_MODULE=config.settings.development
 DJANGO_SECRET_KEY=my-secret-key
 DJANGO_DEBUG=False