aws-google 0.1.8 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/pr-verify.yml +47 -0
- data/.ruby-version +1 -0
- data/Dockerfile +8 -0
- data/README.md +22 -3
- data/aws-google.gemspec +11 -10
- data/docker-compose.yml +7 -0
- data/lib/aws/google/cached_credentials.rb +18 -9
- data/lib/aws/google/version.rb +1 -1
- metadata +32 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dedc522fef979083cb7e238f1d8aebe317f471edb4c6bc3799cef1a220bc61d4
|
4
|
+
data.tar.gz: ca5d5e6244f0ed938e70ec70e4f0fd42d2fa4bb5dfcc370d0f3229ae5d5faac9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fa6dafdd466d434affaff2ed9dce8f6846da7d0128c5592667ea35c15c688d447212552b9c521cdfcd1e81e828104be9545e6d743ac0573460582415d9ddf670
|
7
|
+
data.tar.gz: 58e54a1b84565ba47b86f891dae4780bfd7d86eaf37d8901460ed084ff4725a7d96b491ddac222886795b77d63395caba74ea6eb2b0dc521cbac3d1f9d4f4e81
|
@@ -0,0 +1,47 @@
|
|
1
|
+
name: Run Tests
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
branches:
|
6
|
+
- main
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
# Test on code-dot-org Ruby version
|
10
|
+
test_3_0_5:
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
|
13
|
+
steps:
|
14
|
+
- name: Checkout code
|
15
|
+
uses: actions/checkout@v3
|
16
|
+
|
17
|
+
- name: Set up Ruby
|
18
|
+
uses: ruby/setup-ruby@v1
|
19
|
+
with:
|
20
|
+
ruby-version: 3.0.5
|
21
|
+
bundler-cache: true
|
22
|
+
|
23
|
+
- name: Install gems
|
24
|
+
run: bundle install
|
25
|
+
|
26
|
+
- name: Run tests
|
27
|
+
run: bundle exec rake test
|
28
|
+
|
29
|
+
#Test on latest Ruby
|
30
|
+
test_3_3:
|
31
|
+
runs-on: ubuntu-latest
|
32
|
+
|
33
|
+
steps:
|
34
|
+
- name: Checkout code
|
35
|
+
uses: actions/checkout@v3
|
36
|
+
|
37
|
+
- name: Set up Ruby
|
38
|
+
uses: ruby/setup-ruby@v1
|
39
|
+
with:
|
40
|
+
ruby-version: 3.3
|
41
|
+
bundler-cache: true
|
42
|
+
|
43
|
+
- name: Install gems
|
44
|
+
run: bundle install
|
45
|
+
|
46
|
+
- name: Run tests
|
47
|
+
run: bundle exec rake test
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
3.0.5
|
data/Dockerfile
ADDED
data/README.md
CHANGED
@@ -24,9 +24,14 @@ Or install it yourself as:
|
|
24
24
|
Visit the [Google API Console](https://console.developers.google.com/) to create/obtain [OAuth 2.0 Client ID credentials](https://support.google.com/cloud/answer/6158849) (client ID and client secret) for an application in your Google account.
|
25
25
|
|
26
26
|
### Create an AWS IAM Role
|
27
|
-
Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy']
|
27
|
+
Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'][1] ([`AssumeRolePolicyDocument`][2]) allowing the [`sts:AssumeRoleWithWebIdentity`][3] action with [Web Identity Federation condition keys][4] authorizing
|
28
28
|
your Google Client ID (`accounts.google.com:aud`) and a specific set of Google Account IDs (`accounts.google.com:sub`):
|
29
29
|
|
30
|
+
[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy "IAM Trust Policy"
|
31
|
+
[2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html "Create Role API"
|
32
|
+
[3]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html "Assume Role With Identity API"
|
33
|
+
[4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif "IAM Condition Keys"
|
34
|
+
|
30
35
|
```json
|
31
36
|
{
|
32
37
|
"Version": "2012-10-17",
|
@@ -53,6 +58,7 @@ your Google Client ID (`accounts.google.com:aud`) and a specific set of Google A
|
|
53
58
|
|
54
59
|
### Method 1: `Aws::Google`
|
55
60
|
In your Ruby code, construct an `Aws::Google` object by passing the AWS `role_arn`, Google `client_id` and `client_secret`, either as constructor arguments or via the `Aws::Google.config` global defaults:
|
61
|
+
|
56
62
|
```ruby
|
57
63
|
require 'aws/google'
|
58
64
|
|
@@ -87,9 +93,22 @@ The extra `credential_process` config line tells AWS to [Source Credentials with
|
|
87
93
|
|
88
94
|
## Development
|
89
95
|
|
90
|
-
|
96
|
+
Prerequisites:
|
97
|
+
|
98
|
+
* Ruby 3.0.5
|
99
|
+
|
100
|
+
You can have Ruby installed locally, or use Docker and mount this repository into a Ruby container. By using Docker you can avoid conflicts with differing Ruby versions or other installed gems. To run and 'bash' into a Ruby container, install Docker and run the following. See [docker-compose.yml](docker-compose.yml) for details.
|
101
|
+
|
102
|
+
```
|
103
|
+
docker compose build
|
104
|
+
docker compose run ruby
|
105
|
+
```
|
106
|
+
|
107
|
+
With either option, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
108
|
+
|
109
|
+
To install this gem onto your local machine, run `bundle exec rake install`.
|
91
110
|
|
92
|
-
To
|
111
|
+
To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
93
112
|
|
94
113
|
## Contributing
|
95
114
|
|
data/aws-google.gemspec
CHANGED
@@ -1,8 +1,9 @@
|
|
1
|
-
lib = File.expand_path('
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
2
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
3
|
require 'aws/google/version'
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
|
+
spec.required_ruby_version = '>= 3.0.5'
|
6
7
|
spec.name = 'aws-google'
|
7
8
|
spec.version = Aws::Google::VERSION
|
8
9
|
spec.authors = ['Will Jordan']
|
@@ -21,14 +22,14 @@ Gem::Specification.new do |spec|
|
|
21
22
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
23
|
spec.require_paths = ['lib']
|
23
24
|
|
24
|
-
spec.add_dependency 'aws-sdk-core', '~> 3.
|
25
|
-
spec.add_dependency 'google-
|
26
|
-
spec.add_dependency 'launchy', '~>
|
25
|
+
spec.add_dependency 'aws-sdk-core', '~> 3.211.0'
|
26
|
+
spec.add_dependency 'google-apis-core', '~> 0.15.1'
|
27
|
+
spec.add_dependency 'launchy', '~> 3.0.1'
|
27
28
|
|
28
|
-
spec.add_development_dependency 'activesupport', '~>
|
29
|
-
spec.add_development_dependency 'minitest', '~> 5.
|
30
|
-
spec.add_development_dependency 'mocha', '~>
|
31
|
-
spec.add_development_dependency 'rake', '~>
|
32
|
-
spec.add_development_dependency 'timecop', '~> 0.
|
33
|
-
spec.add_development_dependency 'webmock', '
|
29
|
+
spec.add_development_dependency 'activesupport', '~> 6.1.7.8'
|
30
|
+
spec.add_development_dependency 'minitest', '~> 5.25.1'
|
31
|
+
spec.add_development_dependency 'mocha', '~> 2.4.5'
|
32
|
+
spec.add_development_dependency 'rake', '~> 13.2.1'
|
33
|
+
spec.add_development_dependency 'timecop', '~> 0.9.10'
|
34
|
+
spec.add_development_dependency 'webmock', '3.24.0'
|
34
35
|
end
|
data/docker-compose.yml
ADDED
@@ -23,22 +23,31 @@ module Aws
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def refresh_if_near_expiration
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
26
|
+
return unless near_expiration?(SYNC_EXPIRATION_LENGTH)
|
27
|
+
|
28
|
+
@mutex.synchronize do
|
29
|
+
if near_expiration?(SYNC_EXPIRATION_LENGTH)
|
30
|
+
refresh
|
31
|
+
write_credentials
|
32
32
|
end
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
36
|
# Write credentials and expiration to AWS credentials file.
|
37
37
|
def write_credentials
|
38
|
-
#
|
38
|
+
# Ensure the AWS CLI is available before attempting to write credentials.
|
39
39
|
return unless system('which aws >/dev/null 2>&1')
|
40
|
-
|
41
|
-
|
40
|
+
|
41
|
+
# Manually map the credentials to the keys used by AWS CLI
|
42
|
+
credentials_map = {
|
43
|
+
'aws_access_key_id' => @credentials.access_key_id,
|
44
|
+
'aws_secret_access_key' => @credentials.secret_access_key,
|
45
|
+
'aws_session_token' => @credentials.session_token,
|
46
|
+
'expiration' => @expiration
|
47
|
+
}
|
48
|
+
|
49
|
+
# Use the AWS CLI to set the credentials in the session profile
|
50
|
+
credentials_map.each do |key, value|
|
42
51
|
system("aws configure set #{key} #{value} --profile #{@session_profile}")
|
43
52
|
end
|
44
53
|
end
|
data/lib/aws/google/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-google
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Will Jordan
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-11-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -16,126 +16,126 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 3.211.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 3.211.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: google-
|
28
|
+
name: google-apis-core
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 0.15.1
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 0.15.1
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: launchy
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
47
|
+
version: 3.0.1
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
54
|
+
version: 3.0.1
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: activesupport
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 6.1.7.8
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 6.1.7.8
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: minitest
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 5.
|
75
|
+
version: 5.25.1
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 5.
|
82
|
+
version: 5.25.1
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: mocha
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
89
|
+
version: 2.4.5
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
96
|
+
version: 2.4.5
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: rake
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
103
|
+
version: 13.2.1
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
110
|
+
version: 13.2.1
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: timecop
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
117
|
+
version: 0.9.10
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version:
|
124
|
+
version: 0.9.10
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: webmock
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
|
-
- -
|
129
|
+
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version:
|
131
|
+
version: 3.24.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
|
-
- -
|
136
|
+
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
138
|
+
version: 3.24.0
|
139
139
|
description: Use Google OAuth as an AWS credential provider.
|
140
140
|
email:
|
141
141
|
- will@code.org
|
@@ -144,8 +144,11 @@ executables:
|
|
144
144
|
extensions: []
|
145
145
|
extra_rdoc_files: []
|
146
146
|
files:
|
147
|
+
- ".github/workflows/pr-verify.yml"
|
147
148
|
- ".gitignore"
|
149
|
+
- ".ruby-version"
|
148
150
|
- ".travis.yml"
|
151
|
+
- Dockerfile
|
149
152
|
- Gemfile
|
150
153
|
- LICENSE.txt
|
151
154
|
- README.md
|
@@ -153,6 +156,7 @@ files:
|
|
153
156
|
- aws-google.gemspec
|
154
157
|
- bin/console
|
155
158
|
- bin/setup
|
159
|
+
- docker-compose.yml
|
156
160
|
- exe/aws-google
|
157
161
|
- lib/aws/google.rb
|
158
162
|
- lib/aws/google/cached_credentials.rb
|
@@ -163,7 +167,7 @@ licenses:
|
|
163
167
|
- Apache-2.0
|
164
168
|
metadata:
|
165
169
|
allowed_push_host: https://rubygems.org
|
166
|
-
post_install_message:
|
170
|
+
post_install_message:
|
167
171
|
rdoc_options: []
|
168
172
|
require_paths:
|
169
173
|
- lib
|
@@ -171,15 +175,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
171
175
|
requirements:
|
172
176
|
- - ">="
|
173
177
|
- !ruby/object:Gem::Version
|
174
|
-
version:
|
178
|
+
version: 3.0.5
|
175
179
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
176
180
|
requirements:
|
177
181
|
- - ">="
|
178
182
|
- !ruby/object:Gem::Version
|
179
183
|
version: '0'
|
180
184
|
requirements: []
|
181
|
-
rubygems_version: 3.
|
182
|
-
signing_key:
|
185
|
+
rubygems_version: 3.2.33
|
186
|
+
signing_key:
|
183
187
|
specification_version: 4
|
184
188
|
summary: Use Google OAuth as an AWS credential provider
|
185
189
|
test_files: []
|