Commit 626f7396 authored by Alexander's avatar Alexander

Merge branch 'develop' into 'master'

# Conflicts:
#   qrmr/__init__.py
#   requirements.txt
parents 095f69cc 07ea9f31
tests/config.json
# Created by https://www.gitignore.io/api/macos,python,virtualenv,visualstudiocode
......
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Python",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"program": "${file}",
"cwd": "${workspaceFolder}",
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
},
{
"name": "Python: Attach",
"type": "python",
"request": "attach",
"localRoot": "${workspaceFolder}",
"remoteRoot": "${workspaceFolder}",
"port": 3000,
"secret": "my_secret",
"host": "localhost"
},
{
"name": "Python: Terminal (integrated)",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"program": "${file}",
"cwd": "",
"console": "integratedTerminal",
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": []
},
{
"name": "Python: Terminal (external)",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"program": "${file}",
"cwd": "",
"console": "externalTerminal",
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": []
},
{
"name": "Python: Django",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"program": "${workspaceFolder}/manage.py",
"cwd": "${workspaceFolder}",
"args": [
"runserver",
"--noreload",
"--nothreading"
],
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput",
"DjangoDebugging"
]
},
{
"name": "Python: Flask (0.11.x or later)",
"type": "python",
"request": "launch",
"stopOnEntry": false,
"pythonPath": "${config:python.pythonPath}",
"program": "fully qualified path fo 'flask' executable. Generally located along with python interpreter",
"cwd": "${workspaceFolder}",
"env": {
"FLASK_APP": "${workspaceFolder}/quickstart/app.py"
},
"args": [
"run",
"--no-debugger",
"--no-reload"
],
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
},
{
"name": "Python: Flask (0.10.x or earlier)",
"type": "python",
"request": "launch",
"stopOnEntry": false,
"pythonPath": "${config:python.pythonPath}",
"program": "${workspaceFolder}/run.py",
"cwd": "${workspaceFolder}",
"args": [],
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
},
{
"name": "Python: PySpark",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"osx": {
"pythonPath": "${env:SPARK_HOME}/bin/spark-submit"
},
"windows": {
"pythonPath": "${env:SPARK_HOME}/bin/spark-submit.cmd"
},
"linux": {
"pythonPath": "${env:SPARK_HOME}/bin/spark-submit"
},
"program": "${file}",
"cwd": "${workspaceFolder}",
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
},
{
"name": "Python: Module",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"module": "module.name",
"cwd": "${workspaceFolder}",
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
},
{
"name": "Python: Pyramid",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"cwd": "${workspaceFolder}",
"env": {},
"envFile": "${workspaceFolder}/.env",
"args": [
"${workspaceFolder}/development.ini"
],
"debugOptions": [
"RedirectOutput",
"Pyramid"
]
},
{
"name": "Python: Watson",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"pythonPath": "${config:python.pythonPath}",
"program": "${workspaceFolder}/console.py",
"cwd": "${workspaceFolder}",
"args": [
"dev",
"runserver",
"--noreload=True"
],
"env": {},
"envFile": "${workspaceFolder}/.env",
"debugOptions": [
"RedirectOutput"
]
}
]
}
\ No newline at end of file
(c)Copyright 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
BSD 3-Clause License
Copyright (c) 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
QRMR, AWS terminal login tool
QRMR, Terminal toolkit for AWS
=============================================
Work secure using MFA according to best practices, and efficiently
with AWS terminal tools like ``aws`` cli, ``aws-shell``,
``terraform``, etc.
Work simpler and more secure with with AWS terminal tools like ``aws``-cli, ``aws-shell``, ``terraform``,
using Multi-Factor Authentication (MFA / 2FA) and AWS security best practices.
Highly opinionated Amazon Web Services (AWS) terminal login toolkit, focused on
enforcing and simplifying AWS Multi-Factor Authentication (MFA).
QRMR stands for Quartermaster :)
Written in Python 3, backwards compatible with Python 2, thanks to ``futures``!
*Terminal toolkit to make using Amazon Web Services (AWS) simpler and more secure (2FA / MFA).*
Written in Python 3, backwards compatible with Python 2, thanks to ``futures``.
Currently being heavily tested in production against AWS multi-account setup (Well-Architected Framework) on macOS High Sierra.
Feels most at home using `virtualenv`, of course.
Feels most at home using `virtualenv`s, of course.
**How it works:**
......@@ -29,6 +29,18 @@ Because you probably just want to start using it:
**Installation of QRMR:**
First install PIP if you do not already have it:
Download it:
``wget https://bootstrap.pypa.io/get-pip.py``
Install it:
``python get-pip.py``
Use it:
``pip install qrmr``
**Setup of AWS Credentials:**
......@@ -71,16 +83,32 @@ Resources:
License / Copyright / Disclaimer:
---------------------------------
(c)Copyright 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
BSD 3-Clause Revised License
Copyright (c) 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
......@@ -19,9 +19,11 @@ from qrmr import __version__
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
#import os
#import sys
#sys.path.insert(0, os.path.abspath('../'))
# import os
# import sys
# sys.path.insert(0, os.path.abspath('../../qrmr/'))
# sys.path.insert(0, os.path.abspath('../../qrmr/common/'))
# print(os.path.abspath(os.curdir))
# -- General configuration ------------------------------------------------
......
This diff is collapsed.
import colorlog
import boto3
from botocore.exceptions import ClientError
import base64
import qrcode
logger = colorlog.getLogger(__name__)
def create_user(args):
"""Create new IAM User, set or update temporary password and add to IAM Group."""
logger.debug("iam_create_user called")
client = boto3.client('iam')
# Create new IAM User account, or fail gracefully if it exists
try:
logger.debug("trying to create_user")
response = client.create_user(
Path='/',
UserName=args.user
)
logger.debug(response)
logger.info("Succesfully created new IAM User '%s'", args.user)
except client.exceptions.EntityAlreadyExistsException as e:
logger.warning("User %s already exists.", args.user)
logger.debug(e)
# Add temporary password to IAM User account, or update it with a new one
try:
logger.debug("trying to create_login_profile")
response = client.create_login_profile(
UserName=args.user,
Password=args.password,
PasswordResetRequired=True
)
logger.debug(response)
logger.info(
"Succesfully set new temporary password for IAM User '%s'", args.user)
except client.exceptions.PasswordPolicyViolationException as e:
logger.error(
"Password for user '%s' does not match policies, check in AWS Console.", args.user)
logger.debug(e)
except client.exceptions.EntityAlreadyExistsException as e:
logger.warning(
"Password (login_profile) already set for User '%s', will attempt to set new temporary password.", args.user)
logger.debug(e)
try:
logger.debug("trying to update_login_profile")
response = client.update_login_profile(
UserName=args.user,
Password=args.password,
PasswordResetRequired=True
)
logger.debug(response)
logger.info(
"Succesfully updated temporary password for IAM User '%s'", args.user)
except client.exceptions.PasswordPolicyViolationException as e:
logger.error(
"Password for user '%s' does not match policies, check in AWS Console.", args.user)
logger.debug(e)
# Add IAM User to IAM Group
try:
logger.debug("trying to add_user_to_group")
response = client.add_user_to_group(
GroupName=args.group,
UserName=args.user
)
logger.debug(response)
except Exception as e:
logger.error("Could not add user '%s' to group '%s'",
args.user, args.group)
logger.debug(e)
try:
logger.debug("trying to create_virtual_mfa_device")
response = client.create_virtual_mfa_device(
Path='/',
VirtualMFADeviceName="vmfa--" + args.user
)
logger.debug(response)
print(response["VirtualMFADevice"]["QRCodePNG"])
img = qrcode.make(base64.b64decode(
response["VirtualMFADevice"]["QRCodePNG"]))
print(img)
except client.exceptions.EntityAlreadyExistsException as e:
logger.warning(
"MFA device with same name '%s' already exists, will leave it alone.", ("vmfa--" + args.user))
logger.debug(e)
except Exception as e:
logger.error(e)
pass
logger.debug("iam_create_user finished")
pass
import colorlog
import boto3
from botocore.exceptions import ClientError
import base64
import qrcode
import os
import subprocess
from subprocess import check_output
from slackclient import SlackClient
logger = colorlog.getLogger(__name__)
def chat(args):
cmd_list = str(args.command).split(" ")
out = check_output(cmd_list, universal_newlines=True)
logger.debug("STDOUT: %s", out)
slack_token = os.environ["SLACK_API_TOKEN"]
sc = SlackClient(slack_token)
sc.api_call(
"chat.postMessage",
channel="%s" % args.to,
text="QRMR: %s \n%s\n:tada:" % (args.message, out)
)
pass
# Python 2.7+ compatibility for e.g. macos
from __future__ import (absolute_import, division,
print_function, unicode_literals)
from builtins import *
import sys
import os
import logging
import argparse
import configparser
from configparser import MissingSectionHeaderError
from socket import gaierror
import urllib.request
import json
import pip
from qrmr import __version__
import colorlog
import boto3
from botocore.exceptions import ParamValidationError, ClientError
def logHandler(module_name):
#logger = logging.getLogger(module_name)
handler = colorlog.StreamHandler()
handler.setFormatter(colorlog.ColoredFormatter(
'%(log_color)s%(levelname)s:%(name)s:%(message)s')
)
logger = colorlog.getLogger()
logger.addHandler(handler)
return logger
\ No newline at end of file
This diff is collapsed.
pylint
pydocstyle
flake8
autopep8
Sphinx
sphinx_rtd_theme
\ No newline at end of file
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# ____ _____ __ __ _____
# / __ \| __ \| \/ | __ \
# | | | | |__) | \ / | |__) |
......@@ -5,12 +7,14 @@
# | |__| | | \ \| | | | | \ \
# \___\_\_| \_\_| |_|_| \_\
#
# Highly opinionated Amazon Web Services (AWS) terminal login toolkit, focused on
# enforcing AWS Multi-Factor Authentication (MFA).
# Terminal toolkit to make using Amazon Web Services (AWS) simpler and more secure (2FA / MFA).
#
# Find us on: https://qrmr.io
# Find us on: https://gitlab.com/qrmr/qrmr
#
# (c)Copyright 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
# Copyright (c) 2017 - 2018, all rights reserved by QRMR / ALDG / Alexander L. de Goeij.
# All rights reserved.
#
# BSD 3-Clause Revised License applies. (see LICENSE file).
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
......@@ -33,21 +37,21 @@ setup(
version=__version__,
author="Alexander L. de Goeij",
author_email="[email protected]",
description=("Terminal login toolkit for Amazon Web Services (AWS) enforcing "
"and simplifying use of Multi-Factor Authentication (MFA)."),
license="NO_LICENSE_YET",
keywords="cloud aws cli login mfa otp session token",
description=("Terminal toolkit to make using Amazon Web Services (AWS) simpler and more secure (2FA / MFA)."),
license="BSD 3-Clause Revised",
keywords="aws aws-cli aws-sdk cli terminal mfa 2fa multi-factor-authentication iam-credentials login otp session token",
url="https://gitlab.com/qrmr/qrmr",
packages=find_packages(),
install_requires=['future', 'colorlog',
'boto3', 'configparser', 'requests'],
long_description=open('README.rst').read(),
classifiers=[
"Development Status :: 3 - Alpha",
"Development Status :: 4 - Beta",
"Environment :: Console",
"Environment :: MacOS X",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: BSD License",
"Natural Language :: English",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 2.7",
......
{
"profiles": [
{
"name": "intranet",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::290046797741:role/eng"
},
{
"name": "playground",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::068713275162:role/eng"
},
{
"name": "development",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::431741470944:role/eng"
},
{
"name": "test",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::429842774413:role/eng"
},
{
"name": "acceptance",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::127269966944:role/eng"
},
{
"name": "production",
"region": "eu-west-1",
"output": "json",
"role_arn": "arn:aws:iam::572634840655:role/eng"
}
]
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment