acorns-rds-auth 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: edff6c512aa7001a8a263f0c7ed9dad2a041ee1a
+  data.tar.gz: 7b4e3564e17d0a655a6fd86ba139e4a8030cef3d
+SHA512:
+  metadata.gz: 05b1abdab386799b5143d314d1c8c07f9238d291c0e128da4453ad0c8a290bb4bfbf5d65cd7661f6ab97ecc9abda6df7a107ec590826b73af65987c16aee3a99
+  data.tar.gz: d98515021a4d7fd01de11329185bf3ef7a3c65fd8912f7730c3188b28d752e39c57b6e5d51ecbe0820283d1b0f74d453fa851433b8c4a8b742efa65d6ed0577e

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,57 @@
+PATH
+  remote: .
+  specs:
+    acorns-rds-auth (1.0.0)
+      aws-sdk-core (~> 3.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-eventstream (1.0.3)
+    aws-partitions (1.294.0)
+    aws-sdk-core (3.92.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
+      aws-sigv4 (~> 1.1)
+      jmespath (~> 1.0)
+    aws-sigv4 (1.1.1)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    jmespath (1.4.0)
+    json (2.3.0)
+    rake (10.5.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    rspec_junit_formatter (0.4.1)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    simplecov (0.13.0)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  acorns-rds-auth!
+  bundler (~> 1.13)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rspec_junit_formatter (~> 0.3, >= 0.3.0)
+  simplecov (~> 0.13.0, >= 0.13.0)
+
+BUNDLED WITH
+   1.14.3

data/README.md

@@ -0,0 +1,3 @@
+# Acorns RDS Authorizer
+
+

data/acorns-rds-auth.gemspec

@@ -0,0 +1,31 @@
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'acorns-rds-auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'acorns-rds-auth'
+  spec.version       = AcornsRdsAuth::VERSION
+  spec.authors       = ['Mitch Dempsey']
+  spec.email         = ['mitch@acorns.com']
+
+  spec.summary       = 'Get RDS Auth'
+  spec.description   = "Get credentials for acorns"
+  spec.homepage      = 'https://github.com/Acornsgrow/acorns-rds-auth-gem'
+  spec.license       = 'MIT'
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'bin'
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'aws-sdk-core', '~> 3.0'
+  # spec.add_dependency 'tty-prompt'
+  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.3', '>= 0.3.0'
+  spec.add_development_dependency 'simplecov', '~> 0.13.0', '>= 0.13.0'
+end

data/bin/acorns-rds-auth

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require "rubygems"
+require "bundler/setup"
+require "acorns-rds-auth"
+
+AcornsRdsAuth::CLI.start

data/lib/acorns-rds-auth.rb

@@ -0,0 +1,12 @@
+require 'base64'
+require 'json'
+require 'aws-sdk-core'
+require 'optparse'
+# require 'aws-sdk-sts'
+
+module AcornsRdsAuth
+  
+end
+
+require 'acorns-rds-auth/version'
+require 'acorns-rds-auth/cli'

data/lib/acorns-rds-auth/cli.rb

@@ -0,0 +1,192 @@
+module AcornsRdsAuth
+  class CLI
+
+    ENDPOINT_URL = "https://1mv4djbzee.execute-api.us-east-1.amazonaws.com/production/command".freeze
+
+    def self.start
+
+      puts ARGV.inspect
+      puts ENV.inspect
+      CLI.new.start
+
+
+    end
+
+    def initialize
+      @command = :auth
+      @options = {
+        profile: nil,
+        database: nil,
+        role: nil,
+        timeout: 5,
+      }
+    end
+
+    def start
+      parse_options!
+
+      case @command
+      when :auth, :authenticate
+        do_auth_request!
+
+      else
+        raise StandardError.new("Invalid command '#{@command}'")
+      end
+
+    rescue => err
+
+      STDERR.puts "ERROR:"
+      STDERR.puts err.message
+      exit(1)
+    end
+
+    private unless $TESTING
+
+    def do_auth_request!
+
+      envname = @options[:env] || ARGV.shift
+      database = @options[:database] || ARGV.shift
+      role = @options[:role] || ARGV.shift
+
+      raise OptionParser::MissingArgument.new("env") if envname.nil?
+      raise OptionParser::MissingArgument.new("database") if database.nil?
+
+      payload = {
+        command: :auth,
+        env: envname,
+        database: database,
+        role: role,
+      }
+
+      STDERR.printf("Requesting credentials for '%s' in '%s'", payload[:database], payload[:env])
+
+      if payload[:role]
+        STDERR.printf(" (Using role '%s')", payload[:role])
+      end
+
+      STDERR.puts ""
+
+      response = do_request(payload)
+
+      # STDERR.puts JSON.pretty_generate(response)
+      STDERR.puts "DATABASE USERNAME: #{response[:role]}"
+      STDERR.puts ""
+      STDERR.puts "PASSWORD TO USE FOR THIS CONNECTION:"
+
+      print response[:token]
+
+    end
+
+    def options_parser
+      @options_parser ||= OptionParser.new do |opts|
+        opts.banner = "Usage: acorns-rds-auth [COMMAND] [options] [...]"
+      
+        opts.on("-p", "--profile PROFILE", "Specify the AWS profile to use") do |v|
+          @options[:profile] = v
+          # Aws.config[:profile_name] = v
+        end
+
+        opts.on("-e", "--env ENV", "Specify the environment to connect") do |v|
+          @options[:env] = v
+        end
+
+        opts.on("-d", "--database NAME", "Specify the database to connect") do |v|
+          @options[:database] = v
+        end
+
+        opts.on("-r", "--role NAME", "Specify the role to connect with. Optional") do |v|
+          @options[:role] = v
+        end
+
+        opts.on("-h", "--help", "Prints this help") do
+          puts opts
+          exit
+        end
+      end
+    end
+
+    def parse_options!
+      options_parser.parse!
+      @command = (ARGV.shift || "auth").downcase.to_sym
+    end
+
+    def credentials_provider
+      @credentials_provider ||= Aws::CredentialProviderChain.new.resolve.credentials
+    end
+
+    def credentials
+      if @options[:profile]
+        Aws::SharedCredentials.new(profile_name: @options[:profile]).credentials
+      else
+        credentials_provider.credentials
+      end
+    end
+
+    def endpoint_url
+      ENV.fetch("RDS_AUTH_URL", ENDPOINT_URL)
+    end
+
+    def endpoint
+      @endpoint ||= URI.parse(endpoint_url)
+    end
+
+    def do_request(payload)
+
+      raw_payload = JSON.generate(payload)
+
+      signer = Aws::Sigv4::Signer.new(
+        service: 'execute-api',
+        region: "us-east-1",
+        credentials: credentials,
+      )
+
+      headers = {
+        'content-type' => "application/json",
+      }
+
+      signature = signer.sign_request({
+        http_method: "POST",
+        url: endpoint.to_s,
+        headers: headers,
+        body: raw_payload,
+      })
+
+      http = Net::HTTP.new(endpoint.host, endpoint.port)
+      http.open_timeout = @options[:timeout]
+      http.read_timeout = @options[:timeout]
+      http.use_ssl = true
+
+      request = Net::HTTP::Post.new(endpoint.path)
+      request.add_field('user-agent', "AcornsRdsAuth-ruby/#{::AcornsRdsAuth::VERSION}")
+      headers.each do |k,v|
+        request.add_field(k,v)
+      end
+
+      signature.headers.each do |k,v|
+        request.add_field(k,v)
+      end
+
+      request.body = raw_payload
+
+      res = http.request(request)
+
+      result = JSON.parse(res.body, symbolize_names: true)
+
+      if res.code.to_i == 200
+        return result
+      else
+
+        # STDERR.puts "ERROR:"
+
+        if result[:Message]
+          raise StandardError.new(result[:Message])
+        end
+
+
+        raise StandardError.new("#{res.message}: #{res.body}")
+        # exit(1)
+      end
+    end
+
+  end
+end

data/lib/acorns-rds-auth/version.rb

@@ -0,0 +1,3 @@
+module AcornsRdsAuth
+  VERSION = "1.0.0"  
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: acorns-rds-auth
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Mitch Dempsey
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-04-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+description: Get credentials for acorns
+email:
+- mitch@acorns.com
+executables:
+- acorns-rds-auth
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- README.md
+- acorns-rds-auth.gemspec
+- bin/acorns-rds-auth
+- lib/acorns-rds-auth.rb
+- lib/acorns-rds-auth/cli.rb
+- lib/acorns-rds-auth/version.rb
+homepage: https://github.com/Acornsgrow/acorns-rds-auth-gem
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
+specification_version: 4
+summary: Get RDS Auth
+test_files: []