feat: phase auth aws iam #262
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d deprecation notice - Renamed the function `get_default_user_id` to `get_default_account_id` for clarity and to better reflect its purpose. - Updated the function's docstring to indicate it now handles both user accounts and service accounts. - Added a deprecated version of `get_default_user_id` that calls the new function for backward compatibility.
- Replaced the usage of `get_default_user_id` with `get_default_account_id` in the keyring service name generation for improved clarity and consistency with recent changes.
- Updated the whoami command to display 'N/A (Service Account)' if the default user's email is not available, improving clarity for service accounts. - Renamed 'User ID' to 'Account ID' for consistency with recent changes.
- Changed terminology from 'User ID' to 'Account ID' for clarity. - Updated email handling to display 'Service Account' when applicable. - Adjusted prompts and error messages to reflect the new account terminology.
…onality - Updated the logout functionality to use `get_default_account_id` instead of `get_default_user_id` for consistency with recent changes. - Adjusted keyring password deletion and configuration updates to reflect the new account terminology.
- Eliminated the import of `get_default_user_id` from `phase_cli.utils.misc` as it is no longer needed, streamlining the code for better clarity and consistency.
- Updated the authentication process to support both Personal Access Tokens (PATs) and Service Account Tokens, improving flexibility. - Introduced checks for the PHASE_HOST environment variable to allow headless operation. - Replaced user ID references with account ID for consistency across the authentication flow. - Enhanced error handling and user prompts to accommodate service accounts and ensure clarity in user interactions.
- Added support for Personal Access Tokens (PATs) by prompting for user email when a PAT is detected. - Improved handling of unknown token formats to ensure user email is requested for clarity and safety. - Streamlined the authentication process to accommodate both PATs and Service Account Tokens.
- Added boto3 and botocore to requirements.txt to support AWS service integration. - Specified minimum versions for both libraries to ensure compatibility.
- Introduced a new authentication module with support for web-based and token-based authentication methods. - Added an HTTP server to handle authentication requests and process user credentials securely. - Enhanced user experience by providing clear prompts for both Personal Access Tokens and AWS IAM credentials. - Integrated error handling and logging for improved feedback during the authentication process.
- Eliminated the print_phase_links function to streamline the codebase and improve clarity. - This function was previously responsible for displaying a welcome message and links to community resources.
- Introduced a new module for AWS IAM authentication, enabling integration with Phase API. - Implemented functions to sign requests and authenticate using AWS credentials. - Added support for custom STS endpoints and region resolution. - Enhanced error handling for missing AWS credentials and authentication failures.
- Updated the authentication command to include AWS IAM as a mode of authentication. - Added a new argument for Service Account ID, required when using AWS IAM mode. - Adjusted the phase_auth function call to accommodate the new service_account_id parameter.
- Changed the minimum version of botocore to 1.40.17 for improved compatibility with AWS services. - Removed the specific version constraint for boto3 to allow for more flexibility in dependency resolution.
- Replaced boto3 session initialization with botocore's get_session for improved compatibility and flexibility. - Enhanced region resolution by incorporating environment variable support for AWS_DEFAULT_REGION. - Updated credential retrieval to ensure consistent handling of AWS credentials across the authentication process.
…tication - Refactored the `resolve_region_and_endpoint` function to eliminate unnecessary parameters and improve clarity. - Integrated botocore's `Config` for better handling of AWS region detection. - Removed the custom STS endpoint parameter from the `perform_aws_iam_auth` function to streamline the authentication process.
- Updated the `phase_auth` function to include an optional `ttl` parameter for specifying token time-to-live in seconds when using AWS IAM mode. - Adjusted the call to `perform_aws_iam_auth` to pass the new `ttl` argument, enhancing flexibility in token management.
- Updated the logout functionality to use the rich console for better error handling and user feedback. - Enhanced messages for logging out, purging data, and configuration errors to improve clarity and user experience.
…ies and TTL - Modified the `auth` command to include a new argument for Service Account ID, clarifying its use for external identities. - Added an optional `ttl` parameter for specifying token time-to-live, enhancing flexibility in token management during authentication. - Updated the `phase_auth` function call to accommodate the new `ttl` argument.
- Introduced a new `no_login` parameter to the `phase_auth` function, allowing users to bypass the login process and print raw AWS IAM authentication results directly. - Updated the function's logic to handle the new parameter, enhancing flexibility for users who may want to view authentication results without logging in.
- Added a `--no-login` argument to the authentication command, allowing users to print authentication tokens directly to stdout without logging in, specifically for external identity modes like aws-iam. - Updated the `phase_auth` function call to incorporate the new `no_login` parameter, improving user experience and flexibility in authentication processes.
- Updated the `--no-login` argument to `--no-store` in the authentication command, clarifying its purpose to print authentication token responses without storing credentials. - Adjusted the `phase_auth` function to reflect this change, enhancing the user experience and understanding of the authentication process.
Deploying phase-cli-install-script with
|
| Latest commit: |
d02dddf
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://1d130386.phase-cli-install-script.pages.dev |
| Branch Preview URL: | https://feat--phase-auth-aws-iam.phase-cli-install-script.pages.dev |
- Introduced a new function `external_identity_auth_aws` for authenticating with Phase using AWS IAM credentials. - Added a utility function `b64_str` for Base64 encoding strings, used in the authentication payload. - Enhanced error handling for SSL and connection errors during the authentication process.
- Removed the `authenticate_with_phase` function and replaced it with `external_identity_auth_aws` for improved clarity and modularity. - Updated parameter names in `perform_aws_iam_auth` for consistency. - Simplified the authentication process by leveraging the new utility function for AWS IAM credentials.
- Changed the parameter name in the `perform_aws_iam_auth` function call for clarity and consistency, aligning with recent refactoring efforts.
- Introduced AWS_DEFAULT_GLOBAL_STS_ENDPOINT and AWS_DEFAULT_GLOBAL_STS_REGION constants to facilitate AWS service integration. - Updated PHASE_CLOUD_API_HOST for clarity in configuration management.
- Updated the `resolve_region_and_endpoint` function to utilize the newly introduced `AWS_DEFAULT_GLOBAL_STS_ENDPOINT` and `AWS_DEFAULT_GLOBAL_STS_REGION` constants for improved maintainability and clarity.
- Changed the endpoint in the `external_identity_auth_aws` function to reflect the correct routing for external identity authentication with AWS IAM.
Signed-off-by: rohan <rohan.chaturvedi@protonmail.com>
rohan-chaturvedi
previously approved these changes
Oct 4, 2025
- Added a check to display top-level help and exit with code 0 when no arguments are provided to the CLI. - This serves as a temporary fix to improve user experience.
- Updated the phase_auth function to exit with code 2 when required parameters are missing or invalid, enhancing user experience and preventing further execution in error scenarios.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for AWS IAM external identity support.