aws-codedeploy-session-helper 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/bin/get_sts_creds +44 -0
- data/lib/STSCredentialsProvider.rb +62 -0
- metadata +103 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: d22cb073dbe07046bf1e20755b20aca69409765b
|
|
4
|
+
data.tar.gz: 62f15cdf8589766b301aec978fca68d8004cfa22
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 0898802a080c7b1ae3ee7807bd58f58cfb9e6c3a00642dd791d6b395122680c7ae856ac0ef6577e1b442c18dfbf7261b6e7d332dde551805b50882012a10e21c
|
|
7
|
+
data.tar.gz: ea1ca651b27b17c99c3e1dce17c5577399510b1e8a01779fcd96fe3c61349fb00df7088c9de2aba7b3196cc7c5dbf3fff8ad98c347507573f4458b0bea6f9734
|
data/bin/get_sts_creds
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
require 'optparse'
|
|
4
|
+
require File.expand_path('../../lib/STSCredentialsProvider', __FILE__)
|
|
5
|
+
|
|
6
|
+
# Setup parser
|
|
7
|
+
options = {}
|
|
8
|
+
OptionParser.new do |parser|
|
|
9
|
+
parser.banner = "Usage: get_sts_creds --role-arn ROLE_ARN --file FILEPATH [options]"
|
|
10
|
+
parser.on("-h", "--help", "Show this help message", "\tNote: Pass credentials using environment variables or credentials file, see http://docs.aws.amazon.com/sdk-for-ruby/v2/developer-guide/setup-config.html") do ||
|
|
11
|
+
puts parser
|
|
12
|
+
exit
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
parser.on("--role-arn ROLE_ARN", "[required] The IAM ARN that the AWS IAM Role that the session credentials will assume",
|
|
16
|
+
"\tExample: '--role-arn arn:aws:iam::123456789012:role/FooRole'") do |v|
|
|
17
|
+
options[:role] = v
|
|
18
|
+
end
|
|
19
|
+
parser.on("--file FILEPATH", "[required] The fully qualified file path that the session credentials will be writen to",
|
|
20
|
+
"\tExample: '--file /foo/baz/aws_session_creds'") do |v|
|
|
21
|
+
options[:creds_file] = v
|
|
22
|
+
end
|
|
23
|
+
parser.on("--region REGION", "The AWS region for configuring outbound AWS calls",
|
|
24
|
+
"By default, this tool will check the AWS_REGION environment variable", "\tExample: '--region us-east-1'") do |v|
|
|
25
|
+
options[:region] = v
|
|
26
|
+
end
|
|
27
|
+
parser.on("--session-name-override SESSION_NAME", "The name for the IAM Session that will be included in the AWS STS Session ARN",
|
|
28
|
+
"By default, this tool will use the HOSTNAME of the current.",
|
|
29
|
+
"\tExample: '--session-name-override test-session'") do |v|
|
|
30
|
+
options[:session_name] = v
|
|
31
|
+
end
|
|
32
|
+
parser.on("--duration SECONDS", "The duration (in seconds) of the life of the session credentials that this tool generates",
|
|
33
|
+
"Defaults to 3600, or one hour. Value must be between 900 and 3600",
|
|
34
|
+
"\tExample: '--duration 1800'") do |v|
|
|
35
|
+
options[:duration] = v
|
|
36
|
+
end
|
|
37
|
+
parser.on("--print-session-arn", "Provide this flag to have the tool output (STDOUT) the ARN of the STS Session",
|
|
38
|
+
"Defaults to not printing arn") do |v|
|
|
39
|
+
options[:output_arn] = v
|
|
40
|
+
end
|
|
41
|
+
end.parse!
|
|
42
|
+
|
|
43
|
+
provider = STSCredentialsProvider.new(options)
|
|
44
|
+
provider.get
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
require 'aws-sdk-core'
|
|
2
|
+
require 'socket'
|
|
3
|
+
|
|
4
|
+
class STSCredentialsProvider
|
|
5
|
+
def initialize(args)
|
|
6
|
+
raise ArgumentError.new("Param to STSCredentialsProvider.new() must be present, of type hash") if args.nil? or !args.is_a? Hash
|
|
7
|
+
@role = args[:role]
|
|
8
|
+
@creds_file = args[:creds_file]
|
|
9
|
+
@region = args[:region]
|
|
10
|
+
@session_name = args[:session_name]
|
|
11
|
+
@duration = args[:duration]
|
|
12
|
+
@output_arn = args[:output_arn]
|
|
13
|
+
|
|
14
|
+
# Validation
|
|
15
|
+
raise ArgumentError.new("No value for AWS IAM Role that the session credentials will assume, use --role-arn ROLE_ARN") if @role.nil?
|
|
16
|
+
|
|
17
|
+
raise ArgumentError.new("No value for the fully qualified path that the session credentials will be written to, use --file FILEPATH") if @creds_file.nil?
|
|
18
|
+
raise ArgumentError.new("Unable to write to directory " + File.dirname(@creds_file) + ".") unless File.writable?(File.dirname(@creds_file))
|
|
19
|
+
raise ArgumentError.new("Unable to write to file " + @creds_file + ".") unless (File.exist?(@creds_file) ? File.writable?(@creds_file) : true)
|
|
20
|
+
|
|
21
|
+
@session_name = Socket.gethostname if @session_name.nil?
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def configure_aws_client
|
|
25
|
+
Aws.use_bundled_cert!
|
|
26
|
+
if !@region.nil?
|
|
27
|
+
Aws.config.update({
|
|
28
|
+
region: @region,
|
|
29
|
+
})
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def get_session_creds
|
|
34
|
+
sts = Aws::STS::Client.new
|
|
35
|
+
return sts.assume_role({
|
|
36
|
+
role_arn: @role,
|
|
37
|
+
role_session_name: @session_name,
|
|
38
|
+
duration_seconds: @duration
|
|
39
|
+
})
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def get
|
|
43
|
+
configure_aws_client()
|
|
44
|
+
resp = get_session_creds()
|
|
45
|
+
|
|
46
|
+
if resp.nil? or resp.credentials.nil? or resp.credentials.access_key_id.nil? or resp.credentials.secret_access_key.nil? or resp.credentials.session_token.nil?
|
|
47
|
+
raise RuntimeError.new("Unexpected response from call to AWS STS, did not have expected fields, response: #{resp.inspect}")
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
puts resp.assumed_role_user.arn if @output_arn
|
|
51
|
+
|
|
52
|
+
str = "[default]\naws_access_key_id = #{resp.credentials.access_key_id}\naws_secret_access_key = #{resp.credentials.secret_access_key}\naws_session_token = #{resp.credentials.session_token}\n"
|
|
53
|
+
begin
|
|
54
|
+
file = File.open(@creds_file, "w")
|
|
55
|
+
file.write(str)
|
|
56
|
+
rescue IOError => e
|
|
57
|
+
raise RuntimeError.new("Unable to write to file " + @creds_file + ". Error: #{e}")
|
|
58
|
+
ensure
|
|
59
|
+
file.close unless file.nil?
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: aws-codedeploy-session-helper
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.9.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Ryan Gorup
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2016-12-28 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: aws-sdk-core
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.6'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.6'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rake
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0.9'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0.9'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: simplecov
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0.12'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0.12'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rspec
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '3.5'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '3.5'
|
|
69
|
+
description: See readme of the code on GitHub, https://github.com/awslabs/aws-codedeploy-samples/tree/master/utilities/aws-codedeploy-session-helper
|
|
70
|
+
email: gorup@amazon.com
|
|
71
|
+
executables:
|
|
72
|
+
- get_sts_creds
|
|
73
|
+
extensions: []
|
|
74
|
+
extra_rdoc_files: []
|
|
75
|
+
files:
|
|
76
|
+
- bin/get_sts_creds
|
|
77
|
+
- lib/STSCredentialsProvider.rb
|
|
78
|
+
homepage: https://github.com/awslabs/aws-codedeploy-samples/tree/master/utilities/aws-codedeploy-session-helper
|
|
79
|
+
licenses:
|
|
80
|
+
- Apache-2.0
|
|
81
|
+
metadata: {}
|
|
82
|
+
post_install_message:
|
|
83
|
+
rdoc_options: []
|
|
84
|
+
require_paths:
|
|
85
|
+
- lib
|
|
86
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
87
|
+
requirements:
|
|
88
|
+
- - ">="
|
|
89
|
+
- !ruby/object:Gem::Version
|
|
90
|
+
version: '0'
|
|
91
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
92
|
+
requirements:
|
|
93
|
+
- - ">="
|
|
94
|
+
- !ruby/object:Gem::Version
|
|
95
|
+
version: '0'
|
|
96
|
+
requirements: []
|
|
97
|
+
rubyforge_project:
|
|
98
|
+
rubygems_version: 2.5.1
|
|
99
|
+
signing_key:
|
|
100
|
+
specification_version: 4
|
|
101
|
+
summary: This tool helps grab AWS STS credentials, useful when using CodeDeploy OnPremises
|
|
102
|
+
instances with IAM Sessions.
|
|
103
|
+
test_files: []
|