diff --git a/Readme.MD b/Readme.MD index 5017565..d77eadf 100644 --- a/Readme.MD +++ b/Readme.MD @@ -81,6 +81,12 @@ OKTA_ORG=acmecorp.oktapreview.com OKTA_AWS_APP_URL=https://acmecorp.oktapreview.com/home/amazon_aws/0oa5zrwfs815KJmVF0h7/137 ``` +Create `~/.okta/logging.properties` with the following content, + +```properties +com.amazonaws.auth.profile.internal.BasicProfileConfigLoader = NONE +``` + Copy scripts from `.okta/bin` to somewhere on your PATH. ## Usage diff --git a/bin/Install-OktaAwsCli.ps1 b/bin/Install-OktaAwsCli.ps1 index 74e68a2..20b79c8 100644 --- a/bin/Install-OktaAwsCli.ps1 +++ b/bin/Install-OktaAwsCli.ps1 @@ -40,6 +40,9 @@ OKTA_ORG=acmecorp.okta.com.changeme.local OKTA_AWS_APP_URL=https://acmecorp.oktapreview.com.changeme.local/home/amazon_aws/0oa5zrwfs815KJmVF0h7/137 OKTA_USERNAME=$env:USERNAME OKTA_BROWSER_AUTH=true +" + Add-Content -Path $Home/.okta/logging.properties -Value " +com.amazonaws.auth.profile.internal.BasicProfileConfigLoader = NONE " if (!(Test-Path $profile)) { New-Item -Path $profile -ItemType File -Force | Out-Null @@ -48,68 +51,76 @@ OKTA_BROWSER_AUTH=true if (!$ProfileContent -or !$ProfileContent.Contains("#OktaAWSCLI")) { Add-Content -Path $profile -Value ' #OktaAWSCLI -function With-Okta { - Param([string]$Profile) - $OriginalOKTA_PROFILE = $env:OKTA_PROFILE - try { - $env:OKTA_PROFILE = $Profile - $InternetOptions = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" - if ($InternetOptions.ProxyEnable) { - $ProxyStrings = $InternetOptions.ProxyServer.Split(";") - $Proxies = @{} - ForEach ($ProxyString in $ProxyStrings) { - if ($ProxyString.Contains("=")) { - ($ProxyProtocol,$ProxyServerPort) = $ProxyString.Split("=") - } else { - ($ProxyProtocol,$ProxyServerPort) = ("http", $ProxyString) - } - ($ProxyHost, $ProxyPort) = $ProxyServerPort.Split(":") - $Proxies[$ProxyProtocol] = ($ProxyHost, $ProxyPort) - } - if ($Proxies.socks) { - ($ProxyHost, $ProxyPort) = $Proxies.socks - } elseif ($Proxies.https) { - ($ProxyHost, $ProxyPort) = $Proxies.https - } elseif ($Proxies.http) { - ($ProxyHost, $ProxyPort) = $Proxies.http - } - if ($InternetOptions.ProxyOverride) { - $NonProxyHosts = [System.String]::Join("|", ($InternetOptions.ProxyOverride.Replace("", "").Split(";") | Where-Object {$_})) - } else { - $NonProxyHosts = "" - } - if ($ProxyProtocol -eq "socks") { - java "-DsocksProxyHost=$ProxyHost" "-DsocksProxyPort=$ProxyPort" "-Dhttp.nonProxyHosts=$NonProxyHosts" -classpath $HOME\.okta\* com.okta.tools.WithOkta @args +function Invoke-Java { + Param([string]$MainClass) + $InternetOptions = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" + if ($InternetOptions.ProxyEnable) { + $ProxyStrings = $InternetOptions.ProxyServer.Split(";") + $Proxies = @{} + ForEach ($ProxyString in $ProxyStrings) { + if ($ProxyString.Contains("=")) { + ($ProxyProtocol,$ProxyServerPort) = $ProxyString.Split("=") } else { - java "-Dhttp.proxyHost=$ProxyHost" "-Dhttp.proxyPort=$ProxyPort" "-Dhttps.proxyHost=$ProxyHost" "-Dhttps.proxyPort=$ProxyPort" "-Dhttp.nonProxyHosts=$NonProxyHosts" -classpath $HOME\.okta\* com.okta.tools.WithOkta @args + ($ProxyProtocol,$ProxyServerPort) = ("http", $ProxyString) } + ($ProxyHost, $ProxyPort) = $ProxyServerPort.Split(":") + $Proxies[$ProxyProtocol] = ($ProxyHost, $ProxyPort) + } + if ($Proxies.socks) { + ($ProxyHost, $ProxyPort) = $Proxies.socks + $ProxyProtocol = "socks" + } elseif ($Proxies.https) { + ($ProxyHost, $ProxyPort) = $Proxies.https + $ProxyProtocol = "https" + } elseif ($Proxies.http) { + ($ProxyHost, $ProxyPort) = $Proxies.http + $ProxyProtocol = "http" + } + if ($InternetOptions.ProxyOverride) { + $NonProxyHosts = [System.String]::Join("|", ($InternetOptions.ProxyOverride.Replace("", "").Split(";") | Where-Object {$_})) } else { - java -classpath $HOME\.okta\* com.okta.tools.WithOkta @args + $NonProxyHosts = "" } + if ($ProxyProtocol -eq "socks") { + java "-Djava.util.logging.config.file=$HOME\.okta\logging.properties" "-DsocksProxyHost=$ProxyHost" "-DsocksProxyPort=$ProxyPort" "-Dhttp.nonProxyHosts=$NonProxyHosts" -classpath $HOME\.okta\okta-aws-cli.jar $MainClass @args + } else { + java "-Djava.util.logging.config.file=$HOME\.okta\logging.properties" "-Dhttp.proxyHost=$ProxyHost" "-Dhttp.proxyPort=$ProxyPort" "-Dhttps.proxyHost=$ProxyHost" "-Dhttps.proxyPort=$ProxyPort" "-Dhttp.nonProxyHosts=$NonProxyHosts" -classpath $HOME\.okta\okta-aws-cli.jar $MainClass @args + } + } else { + java "-Djava.util.logging.config.file=$HOME\.okta\logging.properties" -classpath $HOME\.okta\okta-aws-cli.jar $MainClass @args + } +} + +function Invoke-Okta { + Param([string]$Profile) + $args[0] = (Get-Command $args[0]).Name + $OriginalOKTA_PROFILE = $env:OKTA_PROFILE + try { + $env:OKTA_PROFILE = $Profile + Invoke-Java -MainClass com.okta.tools.WithOkta @args } finally { $env:OKTA_PROFILE = $OriginalOKTA_PROFILE } } -function Okta-ListRoles { - $InternetOptions = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" - if ($InternetOptions.ProxyServer) { - ($ProxyHost, $ProxyPort) = $InternetOptions.ProxyServer.Split(":") - } - if ($InternetOptions.ProxyOverride) { - $NonProxyHosts = [System.String]::Join("|", ($InternetOptions.ProxyOverride.Replace("", "").Split(";") | Where-Object {$_})) - } else { - $NonProxyHosts = "" - } - java "-Dhttp.proxyHost=$ProxyHost" "-Dhttp.proxyPort=$ProxyPort" "-Dhttps.proxyHost=$ProxyHost" "-Dhttps.proxyPort=$ProxyPort" "-Dhttp.nonProxyHosts=$NonProxyHosts" -classpath $HOME\.okta\* com.okta.tools.ListRoles +New-Alias -Name withokta -value Get-OktaRoles +New-Alias -Name with-okta -value Invoke-Okta + +function Get-OktaRoles { + Invoke-Java -MainClass com.okta.tools.ListRoles } -function okta-aws { +New-Alias -Name okta-listroles -value Get-OktaRoles + +function Invoke-OktaAws { Param([string]$Profile) - With-Okta -Profile $Profile ((Get-Command aws).Name) --profile $Profile @args + Invoke-Okta -Profile $Profile aws --profile $Profile @args } -function okta-sls { +New-Alias -Name okta-aws -value Invoke-OktaAws + +function Invoke-OktaSls { Param([string]$Profile) - With-Okta -Profile $Profile sls --stage $Profile @args + Invoke-Okta -Profile $Profile sls --stage $Profile @args } +New-Alias -Name okta-sls -value Invoke-OktaSls ' } } diff --git a/bin/awscli b/bin/awscli index f2093e1..fd1c637 100755 --- a/bin/awscli +++ b/bin/awscli @@ -14,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -java -classpath ~/.okta/*.jar com.okta.tools.awscli $@ +java -Djava.util.logging.config.file=~/.okta/logging.properties -classpath ~/.okta/*.jar com.okta.tools.awscli $@ diff --git a/bin/awscli.bat b/bin/awscli.bat index 96b9491..58b4af7 100755 --- a/bin/awscli.bat +++ b/bin/awscli.bat @@ -13,4 +13,4 @@ rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. rem See the License for the specific language governing permissions and rem limitations under the License. rem -java -classpath "%USERPROFILE%\.okta\*" com.okta.tools.awscli %* +java -Djava.util.logging.config.file="%USERPROFILE%\.okta\logging.properties" -classpath "%USERPROFILE%\.okta\*" com.okta.tools.awscli %* diff --git a/bin/install.sh b/bin/install.sh index 2679009..0ff3314 100644 --- a/bin/install.sh +++ b/bin/install.sh @@ -74,13 +74,21 @@ fi " >> "${bashProfile}" fi +# Suppress "Your profile name includes a 'profile ' prefix" warnings from AWS Java SDK (Resolves #233) +loggingProperties="${HOME}/.okta/logging.properties" +echo "com.amazonaws.auth.profile.internal.BasicProfileConfigLoader = NONE +" > "${loggingProperties}" + # Create withokta command echo '#!/bin/bash command="$1" profile=$2 shift; shift; -env OKTA_PROFILE=$profile java -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.WithOkta $command $@ +env OKTA_PROFILE=$profile java \ + -Djava.util.logging.config.file=~/.okta/logging.properties \ + -classpath ~/.okta/okta-aws-cli.jar \ + com.okta.tools.WithOkta $command $@ ' > "$PREFIX/bin/withokta" chmod +x "$PREFIX/bin/withokta" diff --git a/bin/okta-listroles b/bin/okta-listroles index 1cc6543..29938d4 100644 --- a/bin/okta-listroles +++ b/bin/okta-listroles @@ -14,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -java -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.ListRoles +java -Djava.util.logging.config.file=~/.okta/logging.properties -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.ListRoles diff --git a/bin/withokta b/bin/withokta index 3064cd9..f947f9d 100755 --- a/bin/withokta +++ b/bin/withokta @@ -14,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -java -classpath ~/.okta/*.jar com.okta.tools.WithOkta $@ +java -Djava.util.logging.config.file=~/.okta/logging.properties -classpath ~/.okta/*.jar com.okta.tools.WithOkta $@ diff --git a/bin/withokta.bat b/bin/withokta.bat index 6a2a383..71f8c8a 100755 --- a/bin/withokta.bat +++ b/bin/withokta.bat @@ -13,4 +13,4 @@ rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. rem See the License for the specific language governing permissions and rem limitations under the License. rem -java -classpath "%USERPROFILE%\.okta\*" com.okta.tools.WithOkta %* +java -Djava.util.logging.config.file="%USERPROFILE%\.okta\logging.properties" -classpath "%USERPROFILE%\.okta\*" com.okta.tools.WithOkta %*