From 2350b7e790fd21fc01ae45dc9a1b6563bd1b35cb Mon Sep 17 00:00:00 2001
From: Eric Pierce <Eric.Pierce@nike.com>
Date: Mon, 20 Nov 2023 09:51:03 -0800
Subject: [PATCH 1/4] Stop running `python setup.py` for building packages

see https://packaging.python.org/en/latest/discussions/setup-py-deprecated
---
 .github/workflows/cicd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index a3372e5b..1748b977 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -90,11 +90,11 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install setuptools wheel twine
+          pip install setuptools wheel twine build
       - name: Build and publish
         env:
           TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
           TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
         run: |
-          python setup.py sdist bdist_wheel
+          python -m build
           twine upload dist/*

From 7e5520bfb6beb7bf3854b0122c1f6f2290c1b0a0 Mon Sep 17 00:00:00 2001
From: Eric Pierce <Eric.Pierce@nike.com>
Date: Mon, 20 Nov 2023 09:51:36 -0800
Subject: [PATCH 2/4] Upgrade to the latest version of the Okta library

---
 gimme_aws_creds/main.py | 8 ++++----
 requirements.txt        | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/gimme_aws_creds/main.py b/gimme_aws_creds/main.py
index a5a1577e..65cc853b 100644
--- a/gimme_aws_creds/main.py
+++ b/gimme_aws_creds/main.py
@@ -23,8 +23,8 @@
 import boto3
 import requests
 from botocore.exceptions import ClientError
-from okta.framework.ApiClient import ApiClient
-from okta.framework.OktaError import OktaError
+from okta.api_client import APIClient
+from okta.errors.error import Error as OktaError
 
 # local imports
 from . import errors, ui, version
@@ -221,8 +221,8 @@ def _get_aws_account_info(okta_org_url, okta_api_key, username):
         """ Call the Okta User API and process the results to return
         just the information we need for gimme_aws_creds"""
         # We need access to the entire JSON response from the Okta APIs, so we need to
-        # use the low-level ApiClient instead of UsersClient and AppInstanceClient
-        users_client = ApiClient(okta_org_url, okta_api_key, pathname='/api/v1/users')
+        # use the low-level APIClient instead of UsersClient and AppInstanceClient
+        users_client = APIClient(okta_org_url, okta_api_key, pathname='/api/v1/users')
 
         # Get User information
         try:
diff --git a/requirements.txt b/requirements.txt
index 7ebe2947..8826a8be 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ beautifulsoup4>=4.6.0,<5.0.0
 keyring>=21.4.0
 requests>=2.25.0,<3.0.0
 fido2>=0.9.1,<0.10.0
-okta>=0.0.4,<1.0.0
+okta>=2.9.3,<3.0.0
 ctap-keyring-device==1.0.6
 pyjwt>=2.4.0,<3.0.0
 urllib3>=1.26.0,<2.0.0

From 46c9ad802e4b8abef0bf56aa50131819d854e6e6 Mon Sep 17 00:00:00 2001
From: Eric Pierce <Eric.Pierce@nike.com>
Date: Mon, 20 Nov 2023 11:02:02 -0800
Subject: [PATCH 3/4] Remove the okta/oktapreview/okta-emea check from
 `get_appurl_entry`

---
 gimme_aws_creds/config.py | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/gimme_aws_creds/config.py b/gimme_aws_creds/config.py
index 6dc8bbf0..01dc6eaa 100644
--- a/gimme_aws_creds/config.py
+++ b/gimme_aws_creds/config.py
@@ -426,24 +426,19 @@ def _get_client_id_entry(self, default_entry):
     def _get_appurl_entry(self, default_entry):
         """ Get and validate app_url """
         ui.default.message(
-            "Enter the application link. This is https://something.okta[preview].com/home/amazon_aws/<app_id>/something")
+            "Enter the application link. This is {}/home/amazon_aws/<app_id>/something".format(self._okta_org_url))
         okta_app_url_valid = False
         app_url = default_entry
 
         while okta_app_url_valid is False:
             app_url = self._get_user_input("Application url", default_entry)
             url_parse_results = urlparse(app_url)
-            allowlist = [
-                "okta.com",
-                "oktapreview.com",
-                "okta-emea.com",
-            ]
-
-            if url_parse_results.scheme == "https" and any(urlelement in url_parse_results.hostname for urlelement in allowlist):
+            okta_org_parse = urlparse(self._okta_org_url)
+            if url_parse_results.scheme == "https" and url_parse_results.hostname == okta_org_parse.hostname:
                 okta_app_url_valid = True
             else:
                 ui.default.warning(
-                    "Okta organization URL must be HTTPS URL for okta.com or oktapreview.com or okta-emea.com domain")
+                    "Okta organization URL must be HTTPS URL for {}".format(self._okta_org_url))
 
         self._app_url = app_url
 

From 52760fa8cd185fc34474d0f41b9960c4f6dd6425 Mon Sep 17 00:00:00 2001
From: Eric Pierce <Eric.Pierce@nike.com>
Date: Mon, 20 Nov 2023 11:05:31 -0800
Subject: [PATCH 4/4] Update Dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 493882e7..f5d4170d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,8 +9,8 @@ RUN apk --update add libgcc
 ENV PACKAGES="gcc musl-dev python3-dev libffi-dev openssl-dev cargo"
 
 RUN apk --update add $PACKAGES \
-    && pip install --upgrade pip setuptools-rust \
-    && python setup.py install \
+    && pip install --upgrade pip setuptools-rust build \
+    && pip install . \
     && apk del --purge $PACKAGES
 
 ENTRYPOINT ["/usr/local/bin/gimme-aws-creds"]