Fix boolean flags envvars

README.rst

@@ -132,16 +132,16 @@ Usage
     usage: aws-google-auth [-h] [-u USERNAME | -b | --redirect-server] [-I IDP_ID] [-S SP_ID] [-R REGION]
                        [-d DURATION | --auto-duration] [-p PROFILE] [-A ACCOUNT] [-D] [-q] [--bg-response BG_RESPONSE]
                        [--saml-assertion SAML_ASSERTION] [--no-cache] [--print-creds] [--resolve-aliases]
-                       [--save-failure-html] [--save-saml-flow] [--port PORT] [-a | -r ROLE_ARN] [-k]
-                       [-l {debug,info,warn}] [-V]
+                       [--save-failure-html] [--save-saml-flow] [--port PORT] [-a | -r ROLE_ARN] [-k] [-l {debug,info,warn}]
+                       [-V]
 
     Acquire temporary AWS credentials via Google SSO
 
     optional arguments:
       -h, --help            show this help message and exit
       -u USERNAME, --username USERNAME
                             Google Apps username ($GOOGLE_USERNAME)
-      -b, --browser         Google login in the browser (Requires SAML redirect server)
+      -b, --browser         Google login in the browser (Requires SAML redirect server) ($GOOGLE_BROWSER=1)
       --redirect-server     Run the redirect server on port ($PORT)
       -I IDP_ID, --idp-id IDP_ID
                             Google SSO IDP identifier ($GOOGLE_IDP_ID)
@@ -151,7 +151,7 @@ Usage
                             AWS region endpoint ($AWS_DEFAULT_REGION)
       -d DURATION, --duration DURATION
                             Credential duration in seconds (defaults to value of $DURATION, then falls back to 43200)
-      --auto-duration       Tries to use the longest allowed duration ($AUTO_DURATION)
+      --auto-duration       Tries to use the longest allowed duration ($AUTO_DURATION=1)
       -p PROFILE, --profile PROFILE
                             AWS profile (defaults to value of $AWS_PROFILE, then falls back to 'sts')
       -A ACCOUNT, --account ACCOUNT
@@ -164,11 +164,11 @@ Usage
                             Base64 encoded SAML assertion to use.
       --no-cache            Do not cache the SAML Assertion.
       --print-creds         Print Credentials.
-      --resolve-aliases     Resolve AWS account aliases.
+      --resolve-aliases     Resolve AWS account aliases. ($RESOLVE_AWS_ALIASES=1)
       --save-failure-html   Write HTML failure responses to file for troubleshooting.
       --save-saml-flow      Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting.
       --port PORT           Port for the redirect server ($PORT)
-      -a, --ask-role        Set true to always pick the role
+      -a, --ask-role        Set true to always pick the role ($AWS_ASK_ROLE=1)
       -r ROLE_ARN, --role-arn ROLE_ARN
                             The ARN of the role to assume
       -k, --keyring         Use keyring for storing the password.

aws_google_auth/__init__.py

@@ -33,7 +33,7 @@ def parse_args(args):
     parser.add_argument('-R', '--region', help='AWS region endpoint ($AWS_DEFAULT_REGION)')
     duration_group = parser.add_mutually_exclusive_group()
     duration_group.add_argument('-d', '--duration', type=int, help='Credential duration in seconds (defaults to value of $DURATION, then falls back to 43200)')
-    duration_group.add_argument('--auto-duration', action='store_true', help='Tries to use the longest allowed duration ($AUTO_DURATION)')
+    duration_group.add_argument('--auto-duration', action='store_true', help='Tries to use the longest allowed duration ($AUTO_DURATION=1)')
     parser.add_argument('-p', '--profile', help='AWS profile (defaults to value of $AWS_PROFILE, then falls back to \'sts\')')
     parser.add_argument('-A', '--account', help='Filter for specific AWS account.')
     parser.add_argument('-D', '--disable-u2f', action='store_true', help='Disable U2F functionality.')
@@ -42,13 +42,13 @@ def parse_args(args):
     parser.add_argument('--saml-assertion', dest="saml_assertion", help='Base64 encoded SAML assertion to use.')
     parser.add_argument('--no-cache', dest="saml_cache", action='store_false', help='Do not cache the SAML Assertion.')
     parser.add_argument('--print-creds', action='store_true', help='Print Credentials.')
-    parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases.')
+    parser.add_argument('--resolve-aliases', action='store_true', help='Resolve AWS account aliases. ($RESOLVE_AWS_ALIASES=1)')
     parser.add_argument('--save-failure-html', action='store_true', help='Write HTML failure responses to file for troubleshooting.')
     parser.add_argument('--save-saml-flow', action='store_true', help='Write all GET and PUT requests and HTML responses to/from Google to files for troubleshooting.')
     parser.add_argument('--port', type=int, help='Port for the redirect server ($PORT)')
 
     role_group = parser.add_mutually_exclusive_group()
-    role_group.add_argument('-a', '--ask-role', action='store_true', help='Set true to always pick the role')
+    role_group.add_argument('-a', '--ask-role', action='store_true', help='Set true to always pick the role ($AWS_ASK_ROLE=1)')
     role_group.add_argument('-r', '--role-arn', help='The ARN of the role to assume')
     parser.add_argument('-k', '--keyring', action='store_true', help='Use keyring for storing the password.')
     parser.add_argument('-l', '--log', dest='log_level', choices=['debug',
@@ -110,10 +110,7 @@ def resolve_config(args):
     config.read(config.profile)
 
     # Ask Role (Option priority = ARGS, ENV_VAR, DEFAULT)
-    config.ask_role = bool(coalesce(
-        args.ask_role,
-        os.getenv('AWS_ASK_ROLE'),
-        config.ask_role))
+    config.ask_role = args.ask_role or os.getenv('AWS_ASK_ROLE') != None
 
     # Duration (Option priority = ARGS, ENV_VAR, DEFAULT)
     config.duration = int(coalesce(
@@ -122,11 +119,7 @@ def resolve_config(args):
         config.duration))
 
     # Automatic duration (Option priority = ARGS, ENV_VAR, DEFAULT)
-    config.auto_duration = coalesce(
-        args.auto_duration,
-        os.getenv('AUTO_DURATION'),
-        config.auto_duration
-    )
+    config.auto_duration = args.auto_duration or os.getenv('AUTO_DURATION') != None
 
     # IDP ID (Option priority = ARGS, ENV_VAR, DEFAULT)
     config.idp_id = coalesce(
@@ -153,16 +146,10 @@ def resolve_config(args):
         config.sp_id)
 
     # U2F Disabled (Option priority = ARGS, ENV_VAR, DEFAULT)
-    config.u2f_disabled = coalesce(
-        args.disable_u2f,
-        os.getenv('U2F_DISABLED'),
-        config.u2f_disabled)
+    config.u2f_disabled = args.disable_u2f or os.getenv('U2F_DISABLED') != None
 
     # Resolve AWS aliases enabled (Option priority = ARGS, ENV_VAR, DEFAULT)
-    config.resolve_aliases = coalesce(
-        args.resolve_aliases,
-        os.getenv('RESOLVE_AWS_ALIASES'),
-        config.resolve_aliases)
+    config.resolve_aliases = args.resolve_aliases or os.getenv('RESOLVE_AWS_ALIASES') != None
 
     config.browser = args.browser or os.getenv('GOOGLE_BROWSER') != None