def one_mfa(args, credentials):
session, session3, err = make_session(args.identity_profile)
if err:
return err
if "AWSMFA_TESTING_MODE" in os.environ:
use_testing_credentials(args, credentials)
return OK
mfa_args = {}
if args.token_code != 'skip':
serial_number, token_code, err = acquire_code(args, session, session3)
if err is not OK:
return err
mfa_args['SerialNumber'] = serial_number
mfa_args['TokenCode'] = token_code
sts = session3.client('sts')
try:
if args.role_to_assume:
mfa_args.update(
DurationSeconds=min(args.duration, 3600),
RoleArn=args.role_to_assume,
RoleSessionName=args.role_session_name)
response = sts.assume_role(**mfa_args)
else:
mfa_args.update(DurationSeconds=args.duration)
response = sts.get_session_token(**mfa_args)
except botocore.exceptions.ClientError as err:
if err.response["Error"]["Code"] == "AccessDenied":
print(str(err), file=sys.stderr)
return USER_RECOVERABLE_ERROR
else:
raise
print_expiration_time(response['Credentials']['Expiration'])
update_credentials_file(args.aws_credentials,
args.target_profile,
args.identity_profile,
credentials,
response['Credentials'])
return OK
评论列表
文章目录
