Currently a large stack trace is printed with the RuntimeError of Unknown login status.
Example:
Traceback (most recent call last):
File "/usr/local/bin/gimme-aws-creds", line 17, in <module>
GimmeAWSCreds().run()
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 468, in run
self._run()
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 795, in _run
for data in self.iter_selected_aws_credentials():
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 771, in iter_selected_aws_credentials
for role in self.aws_selected_roles:
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 671, in aws_selected_roles
selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles)
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 662, in aws_roles
self.saml_data['SAMLResponse'],
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 653, in saml_data
self._cache['saml_data'] = saml_data = self.okta.get_saml_response(self.aws_app['links']['appLink'])
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 646, in aws_app
self._cache['aws_app'] = aws_app = self._get_selected_app(self.conf_dict.get('aws_appname'), self.aws_results)
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 599, in aws_results
self.auth_session
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/main.py", line 581, in auth_session
auth_result = self.okta.auth_session()
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/okta.py", line 158, in auth_session
login_response = self.auth()
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/okta.py", line 151, in auth
flow_state = self._next_login_step(
File "/usr/local/lib/python3.8/site-packages/gimme_aws_creds/okta.py", line 317, in _next_login_step
raise RuntimeError('Unknown login status: ' + status)
RuntimeError: Unknown login status: PASSWORD_EXPIRED
In addition to the user password expiration the other user status values shown in the Okta documentation should be handled.
Expected Behavior
When a user's Okta password is expired
gimme-aws-creds
should print out a friendly error message without a large stack trace. A message similar to theLOCKED_OUT
message https://github.com/Nike-Inc/gimme-aws-creds/blob/master/gimme_aws_creds/okta.py#L302 would be preferred.Current Behavior
Currently a large stack trace is printed with the RuntimeError of
Unknown login status
. Example:Possible Solution
Add the following lines of code after https://github.com/Nike-Inc/gimme-aws-creds/blob/master/gimme_aws_creds/okta.py#L302
Steps to Reproduce (for bugs)
Context
Okta passwords expire periodically and the large stack trace is confusing to some users.
Your Environment
2.3.4
macOS 10.15.5