Merge pull request #82 from britive/develop

twratl · web-flow · commit b2f2f3879378 · 2023-05-16T09:08:58.000-04:00
v1.4.0rc3
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,24 @@
 * All changes to the package starting with v0.3.1 will be logged here.
 * As of v1.4.0 release candidates will be published in an effort to get new features out faster while still allowing time for full QA testing before moving the release candidate to a full release.
 
+## v1.4.0rc3 [2023-05-16]
+#### What's New
+* None
+
+#### Enhancements
+* When checking in an AWS profile remove any AWS `credential_process` cached credentials.
+* `cache clear cached-aws-credentials PROFILE`
+
+#### Bug Fixes
+* None
+
+#### Dependencies
+* None
+
+#### Other
+* None
+
+
 ## v1.4.0rc2 [2023-05-09]
 #### What's New
 * None
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = pybritive
-version = 1.4.0rc2
+version = 1.4.0rc3
 author = Britive Inc.
 author_email = support@britive.com
 description = A pure Python CLI for Britive
diff --git a/src/pybritive/britive_cli.py b/src/pybritive/britive_cli.py
@@ -377,6 +377,7 @@ def __get_cloud_credential_printer(self, app_type, console, mode, profile, silen
 
     def checkin(self, profile):
         self.login()
+        self._set_available_profiles()
         parts = self._split_profile_into_parts(profile)
 
         ids = self._convert_names_to_ids(
@@ -386,9 +387,19 @@ def checkin(self, profile):
         )
 
         transaction_id = None
-        for profile in self.b.my_access.list_checked_out_profiles():
-            if profile['environmentId'] == ids['environment_id'] and profile['papId'] == ids['profile_id']:
-                transaction_id = profile['transactionId']
+        application_type = None
+        for checked_out_profile in self.b.my_access.list_checked_out_profiles():
+            same_env = checked_out_profile['environmentId'] == ids['environment_id']
+            same_profile = checked_out_profile['papId'] == ids['profile_id']
+            if all([same_env, same_profile]):
+                transaction_id = checked_out_profile['transactionId']
+
+                for available_profile in self.available_profiles:
+                    same_env_2 = checked_out_profile['environmentId'] == available_profile['env_id']
+                    same_profile_2 = checked_out_profile['papId'] == available_profile['profile_id']
+                    if all([same_env_2, same_profile_2]):
+                        application_type = available_profile['app_type'].lower()
+                        break
                 break
         if not transaction_id:
             raise ValueError(f'no checked out profile found for the given profile')
@@ -397,6 +408,9 @@ def checkin(self, profile):
             transaction_id=transaction_id
         )
 
+        if application_type in ('aws', 'aws standalone'):
+            self.clear_cached_aws_credentials(profile)
+
     def _checkout(self, profile_name, env_name, app_name, programmatic, blocktime, maxpolltime, justification):
         try:
             self.login()
@@ -1030,3 +1044,14 @@ def request_disposition(self, request_id, decision):
             self.b.my_access.approve_request(request_id=request_id)
         if decision == 'reject':
             self.b.my_access.reject_request(request_id=request_id)
+
+    def clear_cached_aws_credentials(self, profile):
+        # start with the profile name that was passed in from the command
+        Cache().clear_awscredentialprocess(profile_name=profile)
+
+        # then we can try to split it into parts and clear that version of the
+        # profile name as well - it will not hurt anything to try to clear
+        # both versions
+        parts = self._split_profile_into_parts(profile)
+        Cache().clear_awscredentialprocess(profile_name=f"{parts['app']}/{parts['env']}/{parts['profile']}")
+
diff --git a/src/pybritive/commands/clear.py b/src/pybritive/commands/clear.py
@@ -1,6 +1,6 @@
 import click
 from ..helpers.build_britive import build_britive
-
+from ..helpers.profile_argument_dectorator import click_smart_profile_argument
 
 @click.group()
 def clear():
@@ -22,3 +22,10 @@ def gcloud_auth_key_files(ctx):
     ctx.obj.britive.clear_gcloud_auth_key_files()
 
 
+@clear.command(name='cached-aws-credentials')
+@build_britive
+@click_smart_profile_argument
+def cached_aws_credentials(ctx, profile):
+    """Clears cached AWS credentials used as part of the AWS CLI credential process."""
+    ctx.obj.britive.clear_cached_aws_credentials(profile=profile)
+
diff --git a/src/pybritive/helpers/cache.py b/src/pybritive/helpers/cache.py
@@ -1,6 +1,8 @@
 from pathlib import Path
 import json
 import os
+
+
 from .encryption import StringEncryption, InvalidPassphraseException
 
 
@@ -54,7 +56,7 @@ def clear(self):
 
     def get_awscredentialprocess(self, profile_name: str):
         try:
-            ciphertext = self.cache['awscredentialprocess'].get(profile_name)
+            ciphertext = self.cache['awscredentialprocess'].get(profile_name.lower())
             if not ciphertext:
                 return None
             return json.loads(self.string_encryptor.decrypt(ciphertext))
@@ -63,5 +65,9 @@ def get_awscredentialprocess(self, profile_name: str):
 
     def save_awscredentialprocess(self, profile_name: str, credentials: dict):
         ciphertext = self.string_encryptor.encrypt(json.dumps(credentials, default=str))
-        self.cache['awscredentialprocess'][profile_name] = ciphertext
+        self.cache['awscredentialprocess'][profile_name.lower()] = ciphertext
+        self.write()
+
+    def clear_awscredentialprocess(self, profile_name: str):
+        self.cache['awscredentialprocess'].pop(profile_name.lower(), None)
         self.write()
