automatic import of python-aws-adfsopeneuler20.03

3 files changed, 701 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..dffe6e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/aws_adfs-2.6.3.tar.gz
diff --git a/python-aws-adfs.spec b/python-aws-adfs.spec
new file mode 100644
index 0000000..2f9520c
--- /dev/null
+++ b/python-aws-adfs.spec
@@ -0,0 +1,699 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-aws-adfs
+Version:	2.6.3
+Release:	1
+Summary:	AWS CLI authenticator via ADFS - small command-line tool to authenticate via ADFS and assume chosen role
+License:	Python Software Foundation License
+URL:		https://pypi.org/project/aws-adfs/
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/34/ec/151f0288b17537c6677f44096dd25579def8658e60e5324d1123abcc70cc/aws_adfs-2.6.3.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-boto3
+Requires:	python3-botocore
+Requires:	python3-click
+Requires:	python3-configparser
+Requires:	python3-fido2
+Requires:	python3-lxml
+Requires:	python3-requests
+Requires:	python3-requests-kerberos
+Requires:	python3-requests-negotiate-sspi
+
+%description
+    - name: "Auth sts aws"
+      command: "aws-adfs login --adfs-host sts.example.com --env --stdout --role-arn arn:aws:iam::000123456789:role/ADMIN"
+      register: sts_result
+      environment:
+        - username: "{{ ansible_user }}@example.com"
+        - password: "{{ ansible_ssh_pass }}"
+    - name: "Set sts facts"
+      set_fact:
+        sts: "{{ sts_result.stdout | from_json }}"
+    - name: "List s3 Buckets"
+      aws_s3_bucket_facts:
+        aws_access_key: "{{ sts.AccessKeyId }}"
+        aws_secret_key: "{{ sts.SecretAccessKey }}"
+        security_token: "{{ sts.SessionToken }}"
+        region: "us-east-1"
+      register: buckets
+    - name: "Print Buckets"
+      debug:
+        var: buckets
+    ```
+* login to your adfs host by passing username and password credentials via a file
+    ```
+    aws-adfs login --adfs-host=your-adfs-hostname --authfile=/path/and/file/name
+    ```
+    Auth file should be in format of
+    ```
+    [profile_name]
+    username = your_username
+    password = your_password
+    ```
+* .aws/config profile for automatically refreshing credentials
+    ```
+    [profile example-role-ue1]
+    credential_process=aws-adfs login --region=us-east-1 --role-arn=arn:aws:iam::1234567891234:role/example-role --adfs-host=adfs.example.com --stdout
+    ```
+    Warning: see [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) about security considerations to take when sourcing credentials with an external process.
+* help, help, help?
+    <!-- AWS_HELP_START -->
+    ```
+    $ aws-adfs --help
+    Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
+    Options:
+      --version      Show current tool version
+      -v, --verbose  Enables debug information on stdout. By default log level is
+                     set on ERROR
+      --help         Show this message and exit.
+    Commands:
+      list   lists available profiles
+      login  Authenticates an user with active directory credentials
+      reset  removes stored profile
+    ```
+    <!-- AWS_HELP_END -->
+    <!-- AWS_LIST_HELP_START -->
+    ```
+    $ aws-adfs list --help
+    Usage: aws-adfs list [OPTIONS]
+      lists available profiles
+    Options:
+      --help  Show this message and exit.
+    ```
+    <!-- AWS_LIST_HELP_END -->
+    <!-- AWS_LOGIN_HELP_START -->
+    ```
+    $ aws-adfs login --help
+    Usage: aws-adfs login [OPTIONS]
+      Authenticates an user with active directory credentials
+    Options:
+      --profile TEXT                  AWS cli profile that will be authenticated.
+                                      After successful authentication just use:
+                                      aws --profile <authenticated profile>
+                                      <service> ...
+      --region TEXT                   The default AWS region that this script will
+                                      connect to for all API calls
+      --ssl-verification / --no-ssl-verification
+                                      SSL certificate verification: Whether or not
+                                      strict certificate verification is done,
+                                      False should only be used for dev/test
+      --adfs-ca-bundle TEXT           Override CA bundle for SSL certificate
+                                      verification for ADFS server only.
+      --adfs-host TEXT                For the first time for a profile it has to
+                                      be provided, next time for the same profile
+                                      it will be loaded from the stored
+                                      configuration
+      --output-format [json|text|table]
+                                      Output format used by aws cli
+      --provider-id TEXT              Provider ID, e.g urn:amazon:webservices
+                                      (optional)
+      --s3-signature-version [s3v4]   s3 signature version: Identifies the version
+                                      of AWS Signature to support for
+                                      authenticated requests. Valid values: s3v4
+      --username-password-command TEXT
+                                      Read username and password from the output
+                                      of a shell command (expected JSON format:
+                                      `{"username": "myusername", "password":
+                                      "mypassword"}`)
+      --env                           Read username, password from environment
+                                      variables (username and password).
+      --stdin                         Read username, password from standard input
+                                      separated by a newline.
+      --authfile TEXT                 Read username, password from a local file
+                                      (optional)
+      --stdout                        Print aws_session_token in json on stdout.
+      --printenv                      Output commands to set AWS_ACCESS_KEY_ID,
+                                      AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN,
+                                      AWS_DEFAULT_REGION environmental variables
+                                      instead of saving them to the aws
+                                      configuration file.
+      --print-console-signin-url      Output a URL that lets users who sign in to
+                                      your organization's network securely access
+                                      the AWS Management Console.
+      --console-role-arn TEXT         Role to assume for use in conjunction with
+                                      --print-console-signin-url
+      --console-external-id TEXT      External ID to pass in assume role for use
+                                      in conjunction with --print-console-signin-
+                                      url
+      --role-arn TEXT                 Predefined role arn to selects, e.g. aws-
+                                      adfs login --role-arn arn:aws:iam::123456789
+                                      012:role/YourSpecialRole
+      --session-duration INTEGER      Define the amount of seconds you want to
+                                      establish your STS session, e.g. aws-adfs
+                                      login --session-duration 3600
+      --no-session-cache              Do not use AWS session cache in
+                                      ~/.aws/adfs_cache/ directory.
+      --assertfile TEXT               Use SAML assertion response from a local
+                                      file
+      --sspi / --no-sspi              Whether or not to use Kerberos SSO
+                                      authentication via SSPI (Windows only,
+                                      defaults to True).
+      --duo-factor TEXT               Use a specific Duo factor, overriding the
+                                      default one configured server side. Known
+                                      Duo factors that can be used with aws-adfs
+                                      are "Duo Push", "Passcode", "Phone Call" and
+                                      "WebAuthn Security Key".
+      --duo-device TEXT               Use a specific Duo device, overriding the
+                                      default one configured server side. Depends
+                                      heavily on the Duo factor used. Known Duo
+                                      devices that can be used with aws-adfs are
+                                      "phone1" for "Duo Push" and "Phone Call"
+                                      factors. For "Passcode" and "WebAuthn
+                                      Security Key" factors, it is always "None".
+      --enforce-role-arn              Only allow the role passed in by --role-arn.
+      --help                          Show this message and exit.
+    ```
+    <!-- AWS_LOGIN_HELP_END -->
+    <!-- AWS_RESET_HELP_START -->
+    ```
+    $ aws-adfs reset --help
+    Usage: aws-adfs reset [OPTIONS]
+      removes stored profile
+    Options:
+      --profile TEXT  AWS cli profile that will be removed
+      --help          Show this message and exit.
+    ```
+    <!-- AWS_RESET_HELP_END -->
+## Known issues
+* duo-security
+    `Error: Cannot begin authentication process. The error response: {"message": "Unknown authentication method.", "stat": "FAIL"}`
+    Please setup preferred auth method in duo-security settings (settings' -> 'My Settings & Devices').
+* USB FIDO2 does not work in Windows Subsystem for Linux (WSL)
+    `OSError: [Errno 2] No such file or directory: '/sys/class/hidraw'`
+    USB devices are not accessible in WSL, please install and run `aws-adfs` on the Windows 10 host and then access the credentials in WSL from the filesystem. Example:
+    ```
+    export AWS_CONFIG_FILE=/mnt/c/Users/username/.aws/config
+    export AWS_SHARED_CREDENTIALS_FILE=/mnt/c/Users/username/.aws/credentials
+    ```
+*  FIDO2 devices are not detected on Windows 10 build 1903 or newer
+    Running `aws-adfs` as Administrator is required since Windows 10 build 1903 to access FIDO2 devices, cf. https://github.com/Yubico/python-fido2/issues/55)
+* in cases of trouble with lxml please install
+  ```
+  sudo apt-get install python3-dev libxml2-dev libxslt1-dev zlib1g-dev
+  ```
+* in cases of trouble with pykerberos please install
+  ```
+  sudo apt-get install python3-dev libkrb5-dev
+  ```
+* in cases of trouble with OSX Sierra (obsolete OpenSSL), upgrade OpenSSL. Example:
+  ```
+  brew upgrade openssl
+  ```
+  AND add explicit directive to .bash_profile:
+  ```
+  export PATH=$(brew --prefix openssl)/bin:$PATH
+  ```
+* only python >= 3.7 to <4.0 are supported:
+  - python 2.6 is not supported
+  - python 2.7 is not supported
+  - python 3.2 is not supported
+  - python 3.3 is not supported
+  - python 3.4 is not supported
+  - python 3.5 is not supported
+  - python 3.6 is not supported
+## Development
+* update dependencies:
+```
+poetry update
+```
+* run unit tests:
+```
+poetry run pytest
+```
+* release:
+```
+export CHANGELOG_GITHUB_TOKEN=$(gopass show -o pins/Github/github-changelog-generator)
+./script/release.sh patch # or minor, major, prepatch, preminor, premajor, prerelease, or a valid semver string
+```
+## Changelog
+See the [CHANGELOG.md](CHANGELOG.md) file, which is generated using [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
+
+%package -n python3-aws-adfs
+Summary:	AWS CLI authenticator via ADFS - small command-line tool to authenticate via ADFS and assume chosen role
+Provides:	python-aws-adfs
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-aws-adfs
+    - name: "Auth sts aws"
+      command: "aws-adfs login --adfs-host sts.example.com --env --stdout --role-arn arn:aws:iam::000123456789:role/ADMIN"
+      register: sts_result
+      environment:
+        - username: "{{ ansible_user }}@example.com"
+        - password: "{{ ansible_ssh_pass }}"
+    - name: "Set sts facts"
+      set_fact:
+        sts: "{{ sts_result.stdout | from_json }}"
+    - name: "List s3 Buckets"
+      aws_s3_bucket_facts:
+        aws_access_key: "{{ sts.AccessKeyId }}"
+        aws_secret_key: "{{ sts.SecretAccessKey }}"
+        security_token: "{{ sts.SessionToken }}"
+        region: "us-east-1"
+      register: buckets
+    - name: "Print Buckets"
+      debug:
+        var: buckets
+    ```
+* login to your adfs host by passing username and password credentials via a file
+    ```
+    aws-adfs login --adfs-host=your-adfs-hostname --authfile=/path/and/file/name
+    ```
+    Auth file should be in format of
+    ```
+    [profile_name]
+    username = your_username
+    password = your_password
+    ```
+* .aws/config profile for automatically refreshing credentials
+    ```
+    [profile example-role-ue1]
+    credential_process=aws-adfs login --region=us-east-1 --role-arn=arn:aws:iam::1234567891234:role/example-role --adfs-host=adfs.example.com --stdout
+    ```
+    Warning: see [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) about security considerations to take when sourcing credentials with an external process.
+* help, help, help?
+    <!-- AWS_HELP_START -->
+    ```
+    $ aws-adfs --help
+    Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
+    Options:
+      --version      Show current tool version
+      -v, --verbose  Enables debug information on stdout. By default log level is
+                     set on ERROR
+      --help         Show this message and exit.
+    Commands:
+      list   lists available profiles
+      login  Authenticates an user with active directory credentials
+      reset  removes stored profile
+    ```
+    <!-- AWS_HELP_END -->
+    <!-- AWS_LIST_HELP_START -->
+    ```
+    $ aws-adfs list --help
+    Usage: aws-adfs list [OPTIONS]
+      lists available profiles
+    Options:
+      --help  Show this message and exit.
+    ```
+    <!-- AWS_LIST_HELP_END -->
+    <!-- AWS_LOGIN_HELP_START -->
+    ```
+    $ aws-adfs login --help
+    Usage: aws-adfs login [OPTIONS]
+      Authenticates an user with active directory credentials
+    Options:
+      --profile TEXT                  AWS cli profile that will be authenticated.
+                                      After successful authentication just use:
+                                      aws --profile <authenticated profile>
+                                      <service> ...
+      --region TEXT                   The default AWS region that this script will
+                                      connect to for all API calls
+      --ssl-verification / --no-ssl-verification
+                                      SSL certificate verification: Whether or not
+                                      strict certificate verification is done,
+                                      False should only be used for dev/test
+      --adfs-ca-bundle TEXT           Override CA bundle for SSL certificate
+                                      verification for ADFS server only.
+      --adfs-host TEXT                For the first time for a profile it has to
+                                      be provided, next time for the same profile
+                                      it will be loaded from the stored
+                                      configuration
+      --output-format [json|text|table]
+                                      Output format used by aws cli
+      --provider-id TEXT              Provider ID, e.g urn:amazon:webservices
+                                      (optional)
+      --s3-signature-version [s3v4]   s3 signature version: Identifies the version
+                                      of AWS Signature to support for
+                                      authenticated requests. Valid values: s3v4
+      --username-password-command TEXT
+                                      Read username and password from the output
+                                      of a shell command (expected JSON format:
+                                      `{"username": "myusername", "password":
+                                      "mypassword"}`)
+      --env                           Read username, password from environment
+                                      variables (username and password).
+      --stdin                         Read username, password from standard input
+                                      separated by a newline.
+      --authfile TEXT                 Read username, password from a local file
+                                      (optional)
+      --stdout                        Print aws_session_token in json on stdout.
+      --printenv                      Output commands to set AWS_ACCESS_KEY_ID,
+                                      AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN,
+                                      AWS_DEFAULT_REGION environmental variables
+                                      instead of saving them to the aws
+                                      configuration file.
+      --print-console-signin-url      Output a URL that lets users who sign in to
+                                      your organization's network securely access
+                                      the AWS Management Console.
+      --console-role-arn TEXT         Role to assume for use in conjunction with
+                                      --print-console-signin-url
+      --console-external-id TEXT      External ID to pass in assume role for use
+                                      in conjunction with --print-console-signin-
+                                      url
+      --role-arn TEXT                 Predefined role arn to selects, e.g. aws-
+                                      adfs login --role-arn arn:aws:iam::123456789
+                                      012:role/YourSpecialRole
+      --session-duration INTEGER      Define the amount of seconds you want to
+                                      establish your STS session, e.g. aws-adfs
+                                      login --session-duration 3600
+      --no-session-cache              Do not use AWS session cache in
+                                      ~/.aws/adfs_cache/ directory.
+      --assertfile TEXT               Use SAML assertion response from a local
+                                      file
+      --sspi / --no-sspi              Whether or not to use Kerberos SSO
+                                      authentication via SSPI (Windows only,
+                                      defaults to True).
+      --duo-factor TEXT               Use a specific Duo factor, overriding the
+                                      default one configured server side. Known
+                                      Duo factors that can be used with aws-adfs
+                                      are "Duo Push", "Passcode", "Phone Call" and
+                                      "WebAuthn Security Key".
+      --duo-device TEXT               Use a specific Duo device, overriding the
+                                      default one configured server side. Depends
+                                      heavily on the Duo factor used. Known Duo
+                                      devices that can be used with aws-adfs are
+                                      "phone1" for "Duo Push" and "Phone Call"
+                                      factors. For "Passcode" and "WebAuthn
+                                      Security Key" factors, it is always "None".
+      --enforce-role-arn              Only allow the role passed in by --role-arn.
+      --help                          Show this message and exit.
+    ```
+    <!-- AWS_LOGIN_HELP_END -->
+    <!-- AWS_RESET_HELP_START -->
+    ```
+    $ aws-adfs reset --help
+    Usage: aws-adfs reset [OPTIONS]
+      removes stored profile
+    Options:
+      --profile TEXT  AWS cli profile that will be removed
+      --help          Show this message and exit.
+    ```
+    <!-- AWS_RESET_HELP_END -->
+## Known issues
+* duo-security
+    `Error: Cannot begin authentication process. The error response: {"message": "Unknown authentication method.", "stat": "FAIL"}`
+    Please setup preferred auth method in duo-security settings (settings' -> 'My Settings & Devices').
+* USB FIDO2 does not work in Windows Subsystem for Linux (WSL)
+    `OSError: [Errno 2] No such file or directory: '/sys/class/hidraw'`
+    USB devices are not accessible in WSL, please install and run `aws-adfs` on the Windows 10 host and then access the credentials in WSL from the filesystem. Example:
+    ```
+    export AWS_CONFIG_FILE=/mnt/c/Users/username/.aws/config
+    export AWS_SHARED_CREDENTIALS_FILE=/mnt/c/Users/username/.aws/credentials
+    ```
+*  FIDO2 devices are not detected on Windows 10 build 1903 or newer
+    Running `aws-adfs` as Administrator is required since Windows 10 build 1903 to access FIDO2 devices, cf. https://github.com/Yubico/python-fido2/issues/55)
+* in cases of trouble with lxml please install
+  ```
+  sudo apt-get install python3-dev libxml2-dev libxslt1-dev zlib1g-dev
+  ```
+* in cases of trouble with pykerberos please install
+  ```
+  sudo apt-get install python3-dev libkrb5-dev
+  ```
+* in cases of trouble with OSX Sierra (obsolete OpenSSL), upgrade OpenSSL. Example:
+  ```
+  brew upgrade openssl
+  ```
+  AND add explicit directive to .bash_profile:
+  ```
+  export PATH=$(brew --prefix openssl)/bin:$PATH
+  ```
+* only python >= 3.7 to <4.0 are supported:
+  - python 2.6 is not supported
+  - python 2.7 is not supported
+  - python 3.2 is not supported
+  - python 3.3 is not supported
+  - python 3.4 is not supported
+  - python 3.5 is not supported
+  - python 3.6 is not supported
+## Development
+* update dependencies:
+```
+poetry update
+```
+* run unit tests:
+```
+poetry run pytest
+```
+* release:
+```
+export CHANGELOG_GITHUB_TOKEN=$(gopass show -o pins/Github/github-changelog-generator)
+./script/release.sh patch # or minor, major, prepatch, preminor, premajor, prerelease, or a valid semver string
+```
+## Changelog
+See the [CHANGELOG.md](CHANGELOG.md) file, which is generated using [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
+
+%package help
+Summary:	Development documents and examples for aws-adfs
+Provides:	python3-aws-adfs-doc
+%description help
+    - name: "Auth sts aws"
+      command: "aws-adfs login --adfs-host sts.example.com --env --stdout --role-arn arn:aws:iam::000123456789:role/ADMIN"
+      register: sts_result
+      environment:
+        - username: "{{ ansible_user }}@example.com"
+        - password: "{{ ansible_ssh_pass }}"
+    - name: "Set sts facts"
+      set_fact:
+        sts: "{{ sts_result.stdout | from_json }}"
+    - name: "List s3 Buckets"
+      aws_s3_bucket_facts:
+        aws_access_key: "{{ sts.AccessKeyId }}"
+        aws_secret_key: "{{ sts.SecretAccessKey }}"
+        security_token: "{{ sts.SessionToken }}"
+        region: "us-east-1"
+      register: buckets
+    - name: "Print Buckets"
+      debug:
+        var: buckets
+    ```
+* login to your adfs host by passing username and password credentials via a file
+    ```
+    aws-adfs login --adfs-host=your-adfs-hostname --authfile=/path/and/file/name
+    ```
+    Auth file should be in format of
+    ```
+    [profile_name]
+    username = your_username
+    password = your_password
+    ```
+* .aws/config profile for automatically refreshing credentials
+    ```
+    [profile example-role-ue1]
+    credential_process=aws-adfs login --region=us-east-1 --role-arn=arn:aws:iam::1234567891234:role/example-role --adfs-host=adfs.example.com --stdout
+    ```
+    Warning: see [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) about security considerations to take when sourcing credentials with an external process.
+* help, help, help?
+    <!-- AWS_HELP_START -->
+    ```
+    $ aws-adfs --help
+    Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
+    Options:
+      --version      Show current tool version
+      -v, --verbose  Enables debug information on stdout. By default log level is
+                     set on ERROR
+      --help         Show this message and exit.
+    Commands:
+      list   lists available profiles
+      login  Authenticates an user with active directory credentials
+      reset  removes stored profile
+    ```
+    <!-- AWS_HELP_END -->
+    <!-- AWS_LIST_HELP_START -->
+    ```
+    $ aws-adfs list --help
+    Usage: aws-adfs list [OPTIONS]
+      lists available profiles
+    Options:
+      --help  Show this message and exit.
+    ```
+    <!-- AWS_LIST_HELP_END -->
+    <!-- AWS_LOGIN_HELP_START -->
+    ```
+    $ aws-adfs login --help
+    Usage: aws-adfs login [OPTIONS]
+      Authenticates an user with active directory credentials
+    Options:
+      --profile TEXT                  AWS cli profile that will be authenticated.
+                                      After successful authentication just use:
+                                      aws --profile <authenticated profile>
+                                      <service> ...
+      --region TEXT                   The default AWS region that this script will
+                                      connect to for all API calls
+      --ssl-verification / --no-ssl-verification
+                                      SSL certificate verification: Whether or not
+                                      strict certificate verification is done,
+                                      False should only be used for dev/test
+      --adfs-ca-bundle TEXT           Override CA bundle for SSL certificate
+                                      verification for ADFS server only.
+      --adfs-host TEXT                For the first time for a profile it has to
+                                      be provided, next time for the same profile
+                                      it will be loaded from the stored
+                                      configuration
+      --output-format [json|text|table]
+                                      Output format used by aws cli
+      --provider-id TEXT              Provider ID, e.g urn:amazon:webservices
+                                      (optional)
+      --s3-signature-version [s3v4]   s3 signature version: Identifies the version
+                                      of AWS Signature to support for
+                                      authenticated requests. Valid values: s3v4
+      --username-password-command TEXT
+                                      Read username and password from the output
+                                      of a shell command (expected JSON format:
+                                      `{"username": "myusername", "password":
+                                      "mypassword"}`)
+      --env                           Read username, password from environment
+                                      variables (username and password).
+      --stdin                         Read username, password from standard input
+                                      separated by a newline.
+      --authfile TEXT                 Read username, password from a local file
+                                      (optional)
+      --stdout                        Print aws_session_token in json on stdout.
+      --printenv                      Output commands to set AWS_ACCESS_KEY_ID,
+                                      AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN,
+                                      AWS_DEFAULT_REGION environmental variables
+                                      instead of saving them to the aws
+                                      configuration file.
+      --print-console-signin-url      Output a URL that lets users who sign in to
+                                      your organization's network securely access
+                                      the AWS Management Console.
+      --console-role-arn TEXT         Role to assume for use in conjunction with
+                                      --print-console-signin-url
+      --console-external-id TEXT      External ID to pass in assume role for use
+                                      in conjunction with --print-console-signin-
+                                      url
+      --role-arn TEXT                 Predefined role arn to selects, e.g. aws-
+                                      adfs login --role-arn arn:aws:iam::123456789
+                                      012:role/YourSpecialRole
+      --session-duration INTEGER      Define the amount of seconds you want to
+                                      establish your STS session, e.g. aws-adfs
+                                      login --session-duration 3600
+      --no-session-cache              Do not use AWS session cache in
+                                      ~/.aws/adfs_cache/ directory.
+      --assertfile TEXT               Use SAML assertion response from a local
+                                      file
+      --sspi / --no-sspi              Whether or not to use Kerberos SSO
+                                      authentication via SSPI (Windows only,
+                                      defaults to True).
+      --duo-factor TEXT               Use a specific Duo factor, overriding the
+                                      default one configured server side. Known
+                                      Duo factors that can be used with aws-adfs
+                                      are "Duo Push", "Passcode", "Phone Call" and
+                                      "WebAuthn Security Key".
+      --duo-device TEXT               Use a specific Duo device, overriding the
+                                      default one configured server side. Depends
+                                      heavily on the Duo factor used. Known Duo
+                                      devices that can be used with aws-adfs are
+                                      "phone1" for "Duo Push" and "Phone Call"
+                                      factors. For "Passcode" and "WebAuthn
+                                      Security Key" factors, it is always "None".
+      --enforce-role-arn              Only allow the role passed in by --role-arn.
+      --help                          Show this message and exit.
+    ```
+    <!-- AWS_LOGIN_HELP_END -->
+    <!-- AWS_RESET_HELP_START -->
+    ```
+    $ aws-adfs reset --help
+    Usage: aws-adfs reset [OPTIONS]
+      removes stored profile
+    Options:
+      --profile TEXT  AWS cli profile that will be removed
+      --help          Show this message and exit.
+    ```
+    <!-- AWS_RESET_HELP_END -->
+## Known issues
+* duo-security
+    `Error: Cannot begin authentication process. The error response: {"message": "Unknown authentication method.", "stat": "FAIL"}`
+    Please setup preferred auth method in duo-security settings (settings' -> 'My Settings & Devices').
+* USB FIDO2 does not work in Windows Subsystem for Linux (WSL)
+    `OSError: [Errno 2] No such file or directory: '/sys/class/hidraw'`
+    USB devices are not accessible in WSL, please install and run `aws-adfs` on the Windows 10 host and then access the credentials in WSL from the filesystem. Example:
+    ```
+    export AWS_CONFIG_FILE=/mnt/c/Users/username/.aws/config
+    export AWS_SHARED_CREDENTIALS_FILE=/mnt/c/Users/username/.aws/credentials
+    ```
+*  FIDO2 devices are not detected on Windows 10 build 1903 or newer
+    Running `aws-adfs` as Administrator is required since Windows 10 build 1903 to access FIDO2 devices, cf. https://github.com/Yubico/python-fido2/issues/55)
+* in cases of trouble with lxml please install
+  ```
+  sudo apt-get install python3-dev libxml2-dev libxslt1-dev zlib1g-dev
+  ```
+* in cases of trouble with pykerberos please install
+  ```
+  sudo apt-get install python3-dev libkrb5-dev
+  ```
+* in cases of trouble with OSX Sierra (obsolete OpenSSL), upgrade OpenSSL. Example:
+  ```
+  brew upgrade openssl
+  ```
+  AND add explicit directive to .bash_profile:
+  ```
+  export PATH=$(brew --prefix openssl)/bin:$PATH
+  ```
+* only python >= 3.7 to <4.0 are supported:
+  - python 2.6 is not supported
+  - python 2.7 is not supported
+  - python 3.2 is not supported
+  - python 3.3 is not supported
+  - python 3.4 is not supported
+  - python 3.5 is not supported
+  - python 3.6 is not supported
+## Development
+* update dependencies:
+```
+poetry update
+```
+* run unit tests:
+```
+poetry run pytest
+```
+* release:
+```
+export CHANGELOG_GITHUB_TOKEN=$(gopass show -o pins/Github/github-changelog-generator)
+./script/release.sh patch # or minor, major, prepatch, preminor, premajor, prerelease, or a valid semver string
+```
+## Changelog
+See the [CHANGELOG.md](CHANGELOG.md) file, which is generated using [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
+
+%prep
+%autosetup -n aws-adfs-2.6.3
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-aws-adfs -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Fri May 05 2023 Python_Bot <Python_Bot@openeuler.org> - 2.6.3-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..c5ae7a4
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+78cc90777041136e19a76badb7f48855  aws_adfs-2.6.3.tar.gz