'pycharm logging to file in test mode
I have a problem with generating log files while using the test runner and I can't wrap my head around it. Basically, if I execute my test function with pytest, no log file is created. If I run the function as a script call (so normal run "test_logger", instead of run "pytest for test_logger.test_logging") the logging file is generated as expected.
As you can see in the example below it is not a complicated logger. I assume the problem has something to do with the pytest configuration but I just don't understand what is going wrong here.
I did see that Pycharm offers options for logging the console output to file etc., but I want to understand why file generation via the logging module is somehow suppressed. E.g. if I build a big e2e test to simulate correct behavior of my app I want to have everything happening like for the real thing which means in this case: generate the log where I want it and how I want it. I know that I can circumvent the issue by just running the test as a normal script but that does not help me understanding why this issue is happening in the first place.
import os
import datetime
import logging
def test_logging():
LOG_PATH = os.path.join(os.getcwd(), 'log')
if not os.path.exists(LOG_PATH):
os.mkdir(LOG_PATH)
now = datetime.datetime.now()
filename = os.path.join(LOG_PATH, 'log-'+now.strftime("%Y-%m-%d %H-%M")+'.log')
logging.basicConfig(filename=filename, level=logging.DEBUG,
format='%(asctime)s - %(levelname)s - %(message)s',
datefmt='%Y/%m/%d %H:%M:%S')
logger = logging.getLogger()
logger.debug("Test")
test_logging()
amazon-web-servicesSolution 1:[1]
If you do not want the PC to have permanent access, that means you want the user to provide some kind of secret to prove his identity and call assume_role, as and when he needs the access. There are few options I can think of.
MFA
As you rightly pointed out, in this case, the secret can be an MFA PIN, and you force MFA so that no actions are allowed unless user is authenticated with MFA. This way, even if you store the accesskey/secretkey, they mean nothing without the MFA.
Console
The other method of providing secret is, of course, going to console and entering your password. Then generate accesskey/secretkey from IAM, and do what you need to do. Then, revoke the keys once done.
Encryption
If on the other hand you don't mind having permanent access, you can just encrypt the accesskey/secretkey file. For example, zip your aws credentials file with password. Unlock it whenever you need, and delete it again when done.
Final Remarks
As there is no escaping the need to provide some form of secret, I think this step is unavoidable. And from the examples above, MFA sounds like the most convenient and secure method to me.
Solution 2:[2]
Use AWS SSO to manage users. Then users could login to aws cli by typing 'aws sso login' which opens a web browser and starts auth flow. This method does not require that secrets are installed locally.
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
Solution 3:[3]
Have a look at AWS STS (Simple Token Service). https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
This service creates temporary security credentials along with session token and once the session expires, these keys are useless. This is much better than hardcoding any keys anywhere.
Follow the documentation to use STS from CLI. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html#using-temp-creds-sdk-cli
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Marko Eskola |
| Solution 3 | Hussain Mansoor |