nathan-v
diff --git a/‎README.md
Lines changed: 42 additions & 83 deletions b/‎README.md
Lines changed: 42 additions & 83 deletions
diff --git a/‎aws_okta_keyman/aws.py
Lines changed: 1 addition & 0 deletions b/‎aws_okta_keyman/aws.py
Lines changed: 1 addition & 0 deletions
diff --git a/‎aws_okta_keyman/config.py
Lines changed: 9 additions & 1 deletion b/‎aws_okta_keyman/config.py
Lines changed: 9 additions & 1 deletion
@@ -1,27 +1,45 @@
-[![Apache](https://img.shields.io/badge/license-Apache-blue.svg)](https://github.com/nathan-v/aws_okta_keyman/blob/master/LICENSE.txt) [![Python versions](https://img.shields.io/pypi/pyversions/aws-okta-keyman.svg)](https://pypi.python.org/pypi/aws-okta-keyman/) [![PyPI version](https://badge.fury.io/py/aws-okta-keyman.svg)](https://badge.fury.io/py/aws-okta-keyman) ![PyPI - Status](https://img.shields.io/pypi/status/aws_okta_keyman) [![Downloads](http://pepy.tech/badge/aws-okta-keyman)](http://pepy.tech/count/aws-okta-keyman)
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman?ref=badge_shield)
+[![Apache](https://img.shields.io/badge/license-Apache-blue.svg)](https://github.com/nathan-v/aws_okta_keyman/blob/master/LICENSE.txt) [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman?ref=badge_shield) [![Python versions](https://img.shields.io/pypi/pyversions/aws-okta-keyman.svg)](https://pypi.python.org/pypi/aws-okta-keyman/) ![PyPI - Implementation](https://img.shields.io/pypi/implementation/aws-okta-keyman) [![Downloads](http://pepy.tech/badge/aws-okta-keyman)](http://pepy.tech/count/aws-okta-keyman)
 
-[![CC GPA](https://codeclimate.com/github/nathan-v/aws_okta_keyman/badges/gpa.svg)](https://codeclimate.com/github/nathan-v/aws_okta_keyman) [![CC Issues](https://codeclimate.com/github/nathan-v/aws_okta_keyman/badges/issue_count.svg)](https://codeclimate.com/github/nathan-v/aws_okta_keyman) [![Coverage Status](https://codecov.io/gh/nathan-v/aws_okta_keyman/branch/master/graph/badge.svg)](https://codecov.io/gh/nathan-v/aws_okta_keyman) ![GitHub issues](https://img.shields.io/github/issues-raw/nathan-v/aws_okta_keyman)
+[![Requirements Status](https://pyup.io/repos/github/nathan-v/aws_okta_keyman/shield.svg?t=1580777582434)](https://pyup.io/repos/github/nathan-v/aws_okta_keyman/) ![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/nathan-v/aws_okta_keyman)  ![Code Climate issues](https://img.shields.io/codeclimate/issues/nathan-v/aws_okta_keyman) ![Code Climate technical debt](https://img.shields.io/codeclimate/tech-debt/nathan-v/aws_okta_keyman) ![Codecov](https://img.shields.io/codecov/c/gh/nathan-v/aws_okta_keyman) ![Snyk Vulnerabilities for GitHub Repo](https://img.shields.io/snyk/vulnerabilities/github/nathan-v/aws_okta_keyman)
 
-[![Requirements Status](https://requires.io/github/nathan-v/aws_okta_keyman/requirements.svg?branch=master)](https://requires.io/github/nathan-v/aws_okta_keyman/requirements/?branch=master) [![Known Vulnerabilities](https://snyk.io/test/github/nathan-v/aws_okta_keyman/badge.svg)](https://snyk.io/test/github/nathan-v/aws_okta_keyman)
+![GitHub release (latest by date)](https://img.shields.io/github/v/release/nathan-v/aws_okta_keyman) ![GitHub Release Date](https://img.shields.io/github/release-date/nathan-v/aws_okta_keyman) [![PyPI version](https://badge.fury.io/py/aws-okta-keyman.svg)](https://badge.fury.io/py/aws-okta-keyman) ![PyPI - Status](https://img.shields.io/pypi/status/aws_okta_keyman) [![Sourcegraph](https://img.shields.io/badge/view%20on-Sourcegraph-brightgreen.svg?logo=sourcegraph)](https://sourcegraph.com/github.com/nathan-v/aws_okta_keyman)
 
-[![CircleCI](https://img.shields.io/circleci/build/gh/nathan-v/aws_okta_keyman)](https://circleci.com/gh/nathan-v/aws_okta_keyman/tree/master)
+![CircleCI](https://img.shields.io/circleci/build/gh/nathan-v/aws_okta_keyman/master?label=master&logo=circleci) ![GitHub last commit](https://img.shields.io/github/last-commit/nathan-v/aws_okta_keyman)
 
 # AWS Okta Keyman
-
 This is a simple command-line tool for logging into Okta and generating
-temporary Amazon AWS Credentials. This tool makes it easy and secure for your
-developers to generate short-lived, [logged and user-attributed][tracking]
-credentials that can be used for any of the Amazon SDK libraries or CLI tools.
+temporary Amazon AWS Credentials. This tool makes it easy and secure to
+generate short-lived, [logged and user-attributed][tracking] credentials that can be
+used for any of the Amazon SDK libraries or CLI tools.
 
 ## Features
-
-We have support for logging into Okta, optionally handling MFA Authentication,
-and then generating new SAML authenticated AWS sessions. This tool has a few core
-features that help set it apart from other similar tools that are available.
+Key features listed here. Keep scrolling for more details.
+
+* MFA support
+* Multiple AWS role support
+* Automatic reup/refresh mode
+* Dynamic AWS/Okta integration list
+* Automatic username selection
+* Okta password caching
+* Command wrapping
+* Screen/shell only output
+* GovCloud support
+* Adjustable key lifetime
+* Console login URLs
+* Config files
+* Interactive config generation
+* Installation via pip and Homebrew
+* Linux, Windows, and OSX support
+
+Benefits vs other similar tools:
+
+* Runs without external dependencies; no servers or lambdas required
+* No API keys required; just your Okta username and password
+* No analytics or metrics collection; this tool does _not_ call home in any way
+* Open source distributed as source; you can see what you're running
+* Wide Python version support; works on Python 2.7.4+ and 3.5.0+.
 
 ### Optional MFA Authentication
-
 If you organization or integration requires MFA  we will automatically detect that
 requirement during authentication and prompt the user to complete the
 Multi Factor Authentication.
@@ -40,7 +58,6 @@ but makes this tool work on remote servers or in any other case where you may no
 be able to use a browser.
 
 #### Supported MFA Solutions
-
 * Okta Verify
 * Duo Auth (push, call, or OTP via CLI)
 * Duo Auth (push, call, or OTP via web browser)
@@ -54,25 +71,10 @@ Windows Hello, U2F, email, and physical token (RSA, Symantec) are not supported
 at this time.
 
 ### Multiple AWS Roles
-
 AWS Okta Keyman supports multiple AWS roles when configured. The user is prompted to
-select the role they wish to use before the temporary keys are generated. An example
-of this is shown here:
-
-```text
-16:48:48   (WARNING) Multiple AWS roles found; please select one
-
-    Account          Role
-[0] example-prod     Admin
-[1] example-prod     Dev
-Selection: 0
-
-16:48:51   (INFO) Getting SAML Assertion from example
-16:48:51   (INFO) Assuming role: arn:aws:iam::1234567890:role/Admin
-```
+select the role they wish to use before the temporary keys are generated.
 
 ### Re-Up Mode .. Automatic Credential Re-Generation
-
 Amazon IAM defaults to Federated Login sessions that last up to *1 hour*. For
 developers, it can be painful to re-authenticate every hour during your work
 day. This is made much worse if your organization requires MFA on each login.
@@ -88,24 +90,18 @@ so to complete the MFA again.
 
 See the `--reup` commandline option for help here!
 
-
 ### AWS Accounts from Okta
-
 AWS Okta Keyman can pull the AWS Accounts that have been assigned from Okta
 itself which means the app ID value no longer needs to be provided in the
 command line or in the config file. A config file can still optionally be used
 to ensure account names or order if preferred. This means with no configuration
 saved you only need to provide your organization.
 
-
 ### Automatic Username
-
 AWS Okta Keyman will use the current user as the username for Okta
 authentication if no username has been provided.
 
-
 ### Keyring Password Cache
-
 AWS Okta Keyman can use your local keyring to store your Okta password to allow you to
 run the tool repeatedly without needing to type your password in each time. For details on how this
 is accomplished check out [keyring][keyring].
@@ -116,18 +112,15 @@ aws_okta_keyman -R    # Reset the cached password in case of mistaken entry or p
 ```
 
 ### Command Wrapping
-
 Command wrapping provides a simple way to execute any command you would like directly from
 Keyman where the AWS access key environment variables will be provided when starting the
 command. An example of this is provided here:
 
 ```text
 $ aws_okta_keyman --command "echo \$AWS_ACCESS_KEY_ID"
-14:06:48 (INFO) AWS Okta Keyman 🔐 v0.7.5
 
 ----snip----
 
-14:07:17   (INFO) Assuming role: arn:aws:iam::1234567890:role/Admin
 14:07:17   (INFO) Wrote profile "default" to /home/nathan/.aws/credentials 💾
 14:07:17   (INFO) Current time is 2020-01-10 22:07:17.027964
 14:07:17   (INFO) Session expires at 2020-01-10 23:07:16+00:00 ⏳
@@ -139,27 +132,22 @@ AXXXXXXXXXXXXXXXXXXX
 ```
 
 ### Screen-only Key Output
-
 Screen-only output for cases were the key needs to be copied
 elsewhere for use. This makes using the temporary keys in other apps simpler and easier.
 They will not be written out to the AWS credentials file when this option is specified.
 
 ```text
 $ aws_okta_keyman --screen
-14:13:27 (INFO) AWS Okta Keyman 🔐 v0.7.5
 
 ----snip----
 
-
 14:14:04   (INFO) Assuming role: arn:aws:iam::1234567890:role/Admin
 14:14:04   (INFO) AWS Credentials: 
 
-
 AWS_ACCESS_KEY_ID = AXXXXXXXXXXXXXXXXXXX
 AWS_SECRET_ACCESS_KEY = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 AWS_SESSION_TOKEN = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-
 14:14:04 (INFO) All done! 👍
 ```
 
@@ -179,7 +167,6 @@ The console login link will be output on the screen for you to use. Just provide
 parameter when running Keyman.
 
 ### Config file .. predefined settings for you or your org
-
 The config file, which defaults to `~/.config/aws_okta_keyman.yml`, allows you to
 pre-set things like your username, Okta organization name (subdomain), and AWS accounts
 and App IDs to make this script simpler to use. This also supports username assumption
@@ -195,31 +182,16 @@ Example config file:
 username: automatic-username@example.com
 org: example
 accounts:
-  - name: Test
-    appid: exampleAppIDFromOkta/123
   - name: Dev
     appid: exampleAppIDFromOkta/234
   - name: Prod
     appid: exampleAppIDFromOkta/345
 ```
 
 When used you'll get a similar interface to AWS Role selection but for your AWS
-accounts:
-
-```text
-16:48:41   (WARNING) No app ID provided; select from available AWS accounts
-
-    Account
-[0] Test
-[1] Dev
-[2] Prod
-Selection: 2
-
-16:48:47   (INFO) Using account: Prod / exampleAppIDFromOkta/123
-```
+accounts.
 
 ### Interactive Configuration
-
 For interactive configuration and creation of the config file you can start the tool with just config as a parameter and you will be propted to provide the basic information needed to get started. An example of this is shown here:
 
 ```text
@@ -260,18 +232,14 @@ App ID:
 ```
 
 ## Python Versions
-
 Python 2.7.4+ and Python 3.5.0+ are supported.
 
 Support for older Python versions will be maintained as long as is reasonable.
 Before support is removed a reminder/warning will be provided.
 
 ## Usage
-
 ### Client Setup
-
-#### Mac OS Installation with Homebrew
-
+#### Mac OS Installation
 `brew tap nathan-v/aws-okta-keyman` and then `brew install aws_okta_keyman`.
 
 Or install via URL (which will not receive updates):
@@ -280,15 +248,13 @@ Or install via URL (which will not receive updates):
 brew install https://raw.githubusercontent.com/nathan-v/homebrew-aws-okta-keyman/master/Formula/aws_okta_keyman.rb
 ```
 
-#### Typical Linux or Windows Installation
-
+#### Linux or Windows Installation
 Before you can install this tool you need to have a working Python installation with pip.
 If you're not sure if you have this a good place to start would be the [Python Beginner's Guide](pythonbeginner) .
 
 Once your Python environment is configured simply run `pip install aws-okta-keyman` to install the tool.
 
 ### Running AWS Okta Keyman
-
 For detailed usage instructions, see the `--help` commandline argument.
 
 Typical usage:
@@ -297,13 +263,6 @@ Typical usage:
 $ aws_okta_keyman
 16:48:22   (INFO) AWS Okta Keyman 🔐 v0.7.0
 Password:
-16:48:28   (WARNING) No Duo Auth factor specified; please select one:
-
-    Duo Factor
-[0] 📲 Duo Push
-[1] 📟 OTP Passcode
-[2] 📞 Phone call
-Selection: 0
 
 16:48:31   (INFO) Using factor: 📲 Duo Push
 16:48:33   (WARNING) Duo required; check your phone... 📱
@@ -336,6 +295,8 @@ Selection: 0
 16:48:52   (INFO) All done! 👍
 ```
 
+### Troubleshooting
+Troubleshooting information is available on the project Github [wiki].
 
 ## Okta Setup
 Before you can use this tool, your Okta administrator needs to set up
@@ -352,12 +313,10 @@ The original code is heavily based on the previous work done by
 Credentials][aws_role_credentials] tools.
 
 ## Developer Info
-
 See CONTRIBUTING.md for more information on contributing to this project.
 
 ## License
-
-Copyright 2019 Nathan V
+Copyright 2020 Nathan V
 
 Copyright 2018 Nextdoor.com, Inc
 
@@ -368,6 +327,8 @@ Some code in `aws_okta_keyman/okta.py`, `aws_okta_keyman/aws.py`,
 distributed under MIT license. See the source files for details. A copy of the
 license is in the LICENSE_MIT.txt file.
 
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman?ref=badge_large)
+
 [nd_okta_auth]: https://github.com/Nextdoor/nd_okta_auth
 [nextdoorinc]: https://github.com/Nextdoor
 [oktaauth]: https://github.com/ThoughtWorksInc/oktaauth
@@ -381,6 +342,4 @@ license is in the LICENSE_MIT.txt file.
 [aws_saml]: http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
 [duo_auth]: https://duo.com/
 [keyring]: https://github.com/jaraco/keyring
-
-
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnathan-v%2Faws_okta_keyman?ref=badge_large)
+[wiki]: https://github.com/nathan-v/aws_okta_keyman/wiki#faq--troubleshooting
@@ -132,6 +132,7 @@ def __init__(self,
 
         self.profile = profile
         self.region = region
+        boto3.setup_default_session(profile_name=profile)
         self.sts = boto3.client('sts', region_name=self.region)
         self.assertion = SamlAssertion(assertion)
         self.writer = Credentials(cred_file)
 
@@ -53,6 +53,7 @@ def __init__(self, argv):
         self.region = None
         self.duration = None
         self.console = None
+        self.update = None
 
         if len(argv) > 1:
             if argv[1] == 'config':
@@ -287,6 +288,13 @@ def optional_args(optional_args):
                                        'selected role..'
                                    ),
                                    default=False)
+        optional_args.add_argument('-U', '--update',
+                                   action='store_true', help=(
+                                       'Check installed Keyman version '
+                                       'against latest version in pip and '
+                                       'update if the pip version is newer.'
+                                   ),
+                                   default=False)
 
     @staticmethod
     def read_yaml(filename, raise_on_error=False):
@@ -346,7 +354,7 @@ def write_config(self):
     def clean_config_for_write(config):
         """Remove args we don't want to save to a config file."""
         ignore = ['name', 'appid', 'argv', 'writepath', 'config', 'debug',
-                  'oktapreview', 'password_reset', 'command']
+                  'oktapreview', 'password_reset', 'command', 'update']
         for var in ignore:
             del config[var]