Change default behavior for a missing value for force_classic in the …

…config file Migrating from Okta Classic to OIE requires all users to set force_classic=True or start using --force_classic. Changing the default behavior for a missing value for force_classic will allow users to continue using gimme-aws-creds without having to touch their configuration file
Nike-Inc · Apr 19, 2024 · d80017e · d80017e · tomaspinho · Apr 30, 2024
1 parent b4a58f4
commit d80017e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/gimme_aws_creds/config.py b/gimme_aws_creds/config.py
@@ -201,6 +201,10 @@ def _handle_config(self, config, profile_config, include_inherits = True):
                 profile_config[key] = True
             elif profile_config[key] == 'False':
                 profile_config[key] = False
+
+        # Empty string in force_classic should be handled as True - this makes sure that migrating from Classic to OIE is seamless
+        if profile_config.get('force_classic') == '' or profile_config.get('force_classic') is None:
+            profile_config['force_classic'] = True
 
         if "inherits" in profile_config.keys() and include_inherits:
             self.ui.message("Using inherited config: " + profile_config["inherits"])

diff --git a/gimme_aws_creds/main.py b/gimme_aws_creds/main.py
@@ -505,12 +505,6 @@ def okta_platform(self):
         if 'okta_platform' in self._cache:
             return self._cache['okta_platform']
 
-        # Treat this domain as classic, even if it's OIE
-        if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
-            self.ui.message('Okta Classic login flow enabled')
-            self.set_okta_platform('classic')
-            return 'classic'
-
         response = requests.get(
             self.okta_org_url + '/.well-known/okta-organization',
             headers={
@@ -527,8 +521,13 @@ def okta_platform(self):
                 ret = 'classic'
             elif response_data['pipeline'] == 'idx':
                 ret = 'identity_engine'
-                if not self.conf_dict.get('client_id'):
-                    raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains.  Try running --config again.')
+                # Force_Classic is set - treat this domain as classic
+                if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
+                    self.ui.message('Okta Classic login flow enabled')
+                    ret = 'classic'
+                else:
+                    if not self.conf_dict.get('client_id'):
+                        raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains.  Try running --config again.')
             else:
                 raise RuntimeError('Unknown Okta platform type: {}'.format(response_data['pipeline']))
         else: