diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a3372e5b..1748b977 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -90,11 +90,11 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install setuptools wheel twine + pip install setuptools wheel twine build - name: Build and publish env: TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} run: | - python setup.py sdist bdist_wheel + python -m build twine upload dist/* diff --git a/Dockerfile b/Dockerfile index 3a521bbd..f5d4170d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,8 @@ RUN apk --update add libgcc ENV PACKAGES="gcc musl-dev python3-dev libffi-dev openssl-dev cargo" RUN apk --update add $PACKAGES \ - && python -m pip install .\ + && pip install --upgrade pip setuptools-rust build \ + && pip install . \ && apk del --purge $PACKAGES ENTRYPOINT ["/usr/local/bin/gimme-aws-creds"] diff --git a/gimme_aws_creds/config.py b/gimme_aws_creds/config.py index 6dc8bbf0..01dc6eaa 100644 --- a/gimme_aws_creds/config.py +++ b/gimme_aws_creds/config.py @@ -426,24 +426,19 @@ def _get_client_id_entry(self, default_entry): def _get_appurl_entry(self, default_entry): """ Get and validate app_url """ ui.default.message( - "Enter the application link. This is https://something.okta[preview].com/home/amazon_aws//something") + "Enter the application link. This is {}/home/amazon_aws//something".format(self._okta_org_url)) okta_app_url_valid = False app_url = default_entry while okta_app_url_valid is False: app_url = self._get_user_input("Application url", default_entry) url_parse_results = urlparse(app_url) - allowlist = [ - "okta.com", - "oktapreview.com", - "okta-emea.com", - ] - - if url_parse_results.scheme == "https" and any(urlelement in url_parse_results.hostname for urlelement in allowlist): + okta_org_parse = urlparse(self._okta_org_url) + if url_parse_results.scheme == "https" and url_parse_results.hostname == okta_org_parse.hostname: okta_app_url_valid = True else: ui.default.warning( - "Okta organization URL must be HTTPS URL for okta.com or oktapreview.com or okta-emea.com domain") + "Okta organization URL must be HTTPS URL for {}".format(self._okta_org_url)) self._app_url = app_url diff --git a/gimme_aws_creds/main.py b/gimme_aws_creds/main.py index 9d8050b7..c33627c1 100644 --- a/gimme_aws_creds/main.py +++ b/gimme_aws_creds/main.py @@ -23,8 +23,8 @@ import boto3 import requests from botocore.exceptions import ClientError -from okta.framework.ApiClient import ApiClient -from okta.framework.OktaError import OktaError +from okta.api_client import APIClient +from okta.errors.error import Error as OktaError # local imports from . import errors, ui, version @@ -221,8 +221,8 @@ def _get_aws_account_info(okta_org_url, okta_api_key, username): """ Call the Okta User API and process the results to return just the information we need for gimme_aws_creds""" # We need access to the entire JSON response from the Okta APIs, so we need to - # use the low-level ApiClient instead of UsersClient and AppInstanceClient - users_client = ApiClient(okta_org_url, okta_api_key, pathname='/api/v1/users') + # use the low-level APIClient instead of UsersClient and AppInstanceClient + users_client = APIClient(okta_org_url, okta_api_key, pathname='/api/v1/users') # Get User information try: diff --git a/requirements.txt b/requirements.txt index 613e1e78..5f894051 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ beautifulsoup4>=4.6.0,<5.0.0 keyring>=21.4.0 requests>=2.25.0,<3.0.0 fido2>=0.9.1,<0.10.0 -okta>=0.0.4,<1.0.0 +okta>=2.9.3,<3.0.0 ctap-keyring-device==1.0.6 pyjwt>=2.4.0,<3.0.0 urllib3>=1.26.0,<2.0.0