OblivionCloudControl · geogdog · Oct 30, 2017
diff --git a/bin/aad_aws_login b/bin/aad_aws_login
@@ -1,24 +1,35 @@
 #!/usr/bin/env python
-
+from __future__ import print_function
 import sys
 import os
 import stat
 import boto3
 import requests
 import getpass
-import ConfigParser
 import base64
 import logging
 import xml.etree.ElementTree as ET
 import re
 import json
 import time
 import argparse
+try:
+    import configparser as ConfigParser
+except ImportError:
+    import ConfigParser
 from opvault.onepass import OnePass
 from opvault.designation_types import DesignationTypes
 from bs4 import BeautifulSoup
 from os.path import expanduser
-from urlparse import urlparse, urlunparse
+from builtins import input
+try:
+    from urllib.parse import urlparse, urlencode
+    from urllib.request import urlopen, Request
+    from urllib.error import HTTPError
+except ImportError:
+    from urlparse import urlparse
+    from urllib import urlencode
+    from urllib2 import urlopen, Request, HTTPError
 
 ##########################################################################
 # Variables
@@ -77,8 +88,7 @@ def main():
         if args.username is not None:
             username = args.username
         else:
-            print 'Username:',
-            username = raw_input()
+            username = input('Username: ')
         password = getpass.getpass(prompt='Password: ')
 
     saml_app_id = args.saml_app_id
@@ -101,19 +111,18 @@ def main():
 
     # If I have more than one role, ask the user which one they want,
     # otherwise just proceed
-    print ""
+    print("")
     if len(awsroles) > 1:
         i = 0
-        print "Please choose the role you would like to assume:"
+        print("Please choose the role you would like to assume:")
         for awsrole in awsroles:
-            print '[', i, ']: ', awsrole.split(',')[0]
+            print('[', i, ']: ', awsrole.split(',')[0])
             i += 1
-        print "Selection: ",
-        selectedroleindex = raw_input()
+        selectedroleindex = input('Selection: ')
 
         # Basic sanity check of input
         if int(selectedroleindex) > (len(awsroles) - 1):
-            print 'You selected an invalid role index, please try again'
+            print('You selected an invalid role index, please try again')
             sys.exit(0)
 
         role_arn = awsroles[int(selectedroleindex)].split(',')[0]
@@ -130,14 +139,12 @@ def main():
                          session_token=credentials['SessionToken'])
 
     # Give the user some basic info as to what has just happened
-    print '\n----------------------------------------------------------------'
-    print 'Your new access key pair has been stored in the AWS configuration file under the {0} profile.'.format(
-        profile_name)
-    print 'Note that it will expire at {0}.'.format(credentials['Expiration'])
-    print 'After this time, you may safely rerun this script to refresh your access key pair.'
-    print 'To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile {0} ec2 describe-instances).'.format(
-        profile_name)
-    print '----------------------------------------------------------------\n\n'
+    print('\n----------------------------------------------------------------')
+    print('Your new access key pair has been stored in the AWS configuration file under the {0} profile.'.format(profile_name))
+    print('Note that it will expire at {0}.'.format(credentials['Expiration']))
+    print('After this time, you may safely rerun this script to refresh your access key pair.')
+    print('To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile {0} ec2 describe-instances).'.format(profile_name))
+    print('----------------------------------------------------------------\n\n')
 
 
 def save_aws_credentials(profile_name, access_key_id, secret_access_key, session_token):
@@ -328,9 +335,9 @@ def start_token_mfa(session, mfa_auth_method, begin_auth_url, end_auth_url, proc
     auth_start = mfa_response.json()
     # print(str(auth_start))
     if mfa_auth_method == "OneWaySMS":
-        print "SMS Token:",
+        print("SMS Token:", end='')
     else:
-        print "Token from App:",
+        print("Token from App:", end='')
 
     token = raw_input()
     body = json.dumps({"AdditionalAuthData": token,
@@ -344,13 +351,10 @@ def start_token_mfa(session, mfa_auth_method, begin_auth_url, end_auth_url, proc
                                     headers={u"Accept": u"application/json", u"Content-Type": u"application/json"})
     # print(mfaresp2.text)
     auth_end = mfa_end_response.json()
-    
+
     if auth_end["Success"] in ("true", "True", True):
         return finish_mfa(session=session, process_auth_url=process_auth_url, request=auth_end["Ctx"],
                           flow_token=auth_end["FlowToken"], canary=canary, mfa_auth_method=mfa_auth_method)
-        # data = {"request": auth_end["Ctx"], "flowToken": auth_end["FlowToken"], "canary": payload["canary"], "mfaAuthMethod": mfaAuthMethodId.group(1), "rememberMFA": "false"}
-        # print("Posting to " + mfaProcessMatch.group(1) + "\n\n" + str(data))
-        # response = session.post(mfaProcessMatch.group(1), data=data)
     else:
         print("MFA Failed")
         exit(1)
@@ -380,7 +384,7 @@ def extract_saml_assertion(saml_response):
     # Better error handling is required for production use.
     if (assertion == ''):
         # TODO: Insert valid error checking/handling
-        print 'Response did not contain a valid SAML assertion'
+        print('Response did not contain a valid SAML assertion')
         sys.exit(0)
 
     return assertion