@@ -125,8 +125,10 @@ def display_pacu_help():
125125 supply --all to import all the credentials in the file.
126126 delete_keys Delete a set of AWS keys in the current session from the Pacu database
127127 assume_role <role arn> Call AssumeRole on the specified role from the current
128- credentials, add the resulting temporary keys to the Pacu
128+ [<serial arn>] [<token code>] credentials, add the resulting temporary keys to the Pacu
129129 key database and start using these new credentials.
130+ Optionally you can provide serial number arn and token code
131+ in case MFA is required to assume the role
130132 export_keys Export the active credentials to a profile in the AWS CLI
131133 credentials file (~/.aws/credentials)
132134 sessions/list_sessions List all sessions in the Pacu database
@@ -612,7 +614,7 @@ def parse_command(self, command):
612614 elif command [0 ] == 'import_keys' :
613615 self .parse_awscli_keys_import (command )
614616 elif command [0 ] == 'assume_role' :
615- self .assume_role (command [ 1 ] )
617+ self .assume_role (command )
616618 elif command [0 ] == 'list' or command [0 ] == 'ls' :
617619 self .parse_list_command (command )
618620 elif command [0 ] == 'load_commands_file' :
@@ -1078,8 +1080,9 @@ def display_command_help(self, command_name: str) -> None:
10781080 'current sessions database. Enter the name of a profile you would like to import or supply --all to import all the credentials in the '
10791081 'file. No argument will import the default system AWS credentials.\n ' )
10801082 elif command_name == 'assume_role' :
1081- print ('\n assume_role <role arn>\n Call AssumeRole on the specified role from the current credentials, add the resulting temporary '
1082- 'keys to the Pacu key database and start using these new credentials.' )
1083+ print ('\n assume_role <role arn> [<serial arn>] [<token code>]\n Call AssumeRole on the specified role from the current credentials, '
1084+ 'add the resulting temporary keys to the Pacu key database and start using these new credentials.'
1085+ 'Optionally you can provide serial number arn and token code in case MFA is required to assume the role' )
10831086 elif command_name == 'aws' :
10841087 print ('\n aws <command>\n Use the AWS CLI directly. This command runs in your local shell to use the AWS CLI. Warning: The AWS CLI\' s '
10851088 'authentication is not related to Pacu. Be careful to ensure that you are using the keys you want when using the AWS CLI. It is suggested '
@@ -1974,11 +1977,30 @@ def run(self) -> None:
19741977 else :
19751978 self .run_gui (args .quiet )
19761979
1977- def assume_role (self , role_arn : str ):
1980+ def assume_role (self , command : list [str ]):
1981+ if len (command ) == 1 :
1982+ print ("No role ARN provided" )
1983+ return
1984+
1985+ role_arn = command [1 ]
1986+ mfa = {}
1987+
1988+ if len (command ) == 3 :
1989+ print ('Invalid number of arguments.' )
1990+ self .display_command_help (command [0 ])
1991+ return
1992+
1993+ if len (command ) == 4 :
1994+ mfa = {
1995+ "SerialNumber" : command [2 ],
1996+ "TokenCode" : command [3 ]
1997+ }
1998+
19781999 sts = self .get_boto3_client ('sts' )
19792000 resp = sts .assume_role (
19802001 RoleArn = role_arn ,
19812002 RoleSessionName = 'assume-role' ,
2003+ ** mfa
19822004 )
19832005 cur_key_name = self .get_active_session ().name
19842006 new_key_name = f"{ cur_key_name } { resp ['AssumedRoleUser' ]['Arn' ]}
0 commit comments