aws-mfa-secure 0.1.0

data/lib/aws_mfa_secure/help/session.md

@@ -0,0 +1,4 @@
+## Examples
+
+    aws-mfa-secure session --version
+    aws-mfa-secure session s3 ls

data/lib/aws_mfa_secure/help/unsets.md

@@ -0,0 +1,17 @@
+Quick way to clean up AWS_* env variables.
+
+## Example
+
+    aws-mfa-secure unsets
+
+## Example with Output
+
+    $ aws-mfa-secure unsets # generates script
+    unset AWS_ACCESS_KEY_ID
+    unset AWS_SECRET_ACCESS_KEY
+    unset AWS_SESSION_TOKEN
+    $
+
+Eval example:
+
+    $ eval `aws-mfa-secure unsets` # to unset

data/lib/aws_mfa_secure/session.rb

@@ -0,0 +1,26 @@
+module AwsMfaSecure
+  class Session < Base
+    def initialize(options={}, *argv)
+      @options = options
+      @argv = ["aws"] + argv
+      @aws_profile = aws_profile
+    end
+
+    def run
+      unless iam_mfa?
+        exec(*@argv) # will never get pass this point if there's no mfa_serial setting
+      end
+
+      if fetch_creds?
+        resp = get_session_token(shell: true)
+        save_creds(resp.credentials.to_h)
+      end
+
+      # Set AWS_ values unless alredy set
+      ENV['AWS_ACCESS_KEY_ID']     ||= credentials["access_key_id"]
+      ENV['AWS_SECRET_ACCESS_KEY'] ||= credentials["secret_access_key"]
+      ENV['AWS_SESSION_TOKEN']     ||= credentials["session_token"]
+      exec(*@argv)
+    end
+  end
+end

data/lib/aws_mfa_secure/unsets.rb

@@ -0,0 +1,19 @@
+module AwsMfaSecure
+  class Unsets < Base
+    def initialize(options={})
+      @options = options
+    end
+
+    def run
+      puts script
+    end
+
+    def script
+      <<~EOL
+        unset AWS_ACCESS_KEY_ID
+        unset AWS_SECRET_ACCESS_KEY
+        unset AWS_SESSION_TOKEN
+      EOL
+    end
+  end
+end

data/lib/aws_mfa_secure/version.rb

@@ -0,0 +1,3 @@
+module AwsMfaSecure
+  VERSION = "0.1.0"
+end

data/spec/fixtures/aws-mfa-secure-sessions/fake_credentials

@@ -0,0 +1,6 @@
+{
+  "access_key_id": "ASIAXZ6ODJLQ2EXAMPLE",
+  "secret_access_key": "rRXp77aa5AGaBhn/2ui4dwouwrWQpDh+8EXAMPLE",
+  "session_token": "IQoJb3JpZ2luX2VjEKr//////////wEaCXVzLWVhc3QtMSJIMEYCIQD7bDfaUQ4thxeetSLYSAiN1RTvHL0CbCR2wWA/hzyBUQIhAIkyZ51C2LOc9QgJ8Icp1D73MyctiuyAl5Ksapk9MIk0KrIBCMP//////////wEQARoMNTM2NzY2MjcwMTc3IgxnlOoRS1HMP1wVWKUqhgGZ5eYSTxfxcDCLXdu6aaE+FgyhoLoZ+K5lvSEXe/GFWhudXE+jIHCRPJCzDmcBfbAey/r3Mm+S9hQ4TUz9B3gm5/tS9Z7hcbDht2wmDdrCNVQ64Ssm2S0/J2ReTenfShaoqFgbDa4BYnblD2NW1BiLQdvsuwMoJKMdkRCG0wRptcZFy0cVnDCS+ZvuBTrdAT6UKjf/SFGcpQqx+qWKPtoATzNeyJXlGpH/RGHq42S9Ilb0ATKpfsS00+I2gAnFcSsX+yq6nvBq5pNmSIZl4OXrN+vcJhHESOJgfYH02Xe/wLW8NAuA6fJVJsPPvQ2wwJcB8xfxTBI1VgCQNtGeQsHfUDhIjO26GGZsgh7Vlz8TB0pnkarkovsc8TWUOevF2BafYjGoIq18kDsGE7r2FqumCab8a5wD95Jdi7KxRdtDMeJb4fDqSuApB0WbmKuCT/YlbVJjQ98YiftsjRr6D7fZDk5u/00abEXAMPLE",
+  "expiration": "2019-11-10T05:51:14Z"
+}

data/spec/lib/cli_spec.rb

@@ -0,0 +1,18 @@
+describe AwsMfaSecure::CLI do
+  describe "aws-mfa-secure" do
+    it "exports" do
+      out = execute("exe/aws-mfa-secure exports")
+      expect(out).to include("AWS_ACCESS_KEY_ID")
+    end
+
+    it "unsets" do
+      out = execute("exe/aws-mfa-secure unsets")
+      expect(out).to include("AWS_ACCESS_KEY_ID")
+    end
+
+    it "session" do
+      out = execute("exe/aws-mfa-secure session --version 2>&1")
+      expect(out).to include("aws-cli")
+    end
+  end
+end

data/spec/monkey_patches.rb

@@ -0,0 +1,20 @@
+AwsMfaSecure::Base # autoload
+module AwsMfaSecure
+  class Base
+    def session_creds_path
+      "#{Dir.pwd}/spec/fixtures/aws-mfa-secure-sessions/fake_credentials"
+    end
+
+    def fetch_creds?
+      false
+    end
+
+    def iam_mfa?
+      true
+    end
+
+    def aws_configure_get(*)
+      "fake"
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,29 @@
+ENV["AWS_MFA_SECURE_TEST"] = "1"
+
+# CodeClimate test coverage: https://docs.codeclimate.com/docs/configuring-test-coverage
+# require 'simplecov'
+# SimpleCov.start
+
+require "pp"
+require "byebug"
+root = File.expand_path("../", File.dirname(__FILE__))
+require "#{root}/lib/aws-mfa-secure"
+
+module Helper
+  def execute(cmd)
+    puts "Running: #{cmd}" if show_command?
+    out = `#{cmd}`
+    puts out if show_command?
+    out
+  end
+
+  # Added SHOW_COMMAND because DEBUG is also used by other libraries like
+  # bundler and it shows its internal debugging logging also.
+  def show_command?
+    ENV['DEBUG'] || ENV['SHOW_COMMAND']
+  end
+end
+
+RSpec.configure do |c|
+  c.include Helper
+end

metadata

@@ -0,0 +1,239 @@
+--- !ruby/object:Gem::Specification
+name: aws-mfa-secure
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tung Nguyen
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-11-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: memoist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: zeitwerk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cli_markdown
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- tongueroo@gmail.com
+executables:
+- aws-mfa-secure
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- aws-mfa-secure.gemspec
+- docs/how-it-works.md
+- exe/aws-mfa-secure
+- lib/aws-mfa-secure.rb
+- lib/aws_mfa_secure.rb
+- lib/aws_mfa_secure/autoloader.rb
+- lib/aws_mfa_secure/base.rb
+- lib/aws_mfa_secure/cli.rb
+- lib/aws_mfa_secure/command.rb
+- lib/aws_mfa_secure/completer.rb
+- lib/aws_mfa_secure/completer/script.rb
+- lib/aws_mfa_secure/completer/script.sh
+- lib/aws_mfa_secure/credentials.rb
+- lib/aws_mfa_secure/exports.rb
+- lib/aws_mfa_secure/ext/aws.rb
+- lib/aws_mfa_secure/help.rb
+- lib/aws_mfa_secure/help/completion.md
+- lib/aws_mfa_secure/help/completion_script.md
+- lib/aws_mfa_secure/help/exports.md
+- lib/aws_mfa_secure/help/session.md
+- lib/aws_mfa_secure/help/unsets.md
+- lib/aws_mfa_secure/session.rb
+- lib/aws_mfa_secure/unsets.rb
+- lib/aws_mfa_secure/version.rb
+- spec/fixtures/aws-mfa-secure-sessions/fake_credentials
+- spec/lib/cli_spec.rb
+- spec/monkey_patches.rb
+- spec/spec_helper.rb
+homepage: https://github.com/tongueroo/aws-mfa-secure
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: Adds MFA Support to AWS CLI and Ruby SDKs for normal IAM user
+test_files:
+- spec/fixtures/aws-mfa-secure-sessions/fake_credentials
+- spec/lib/cli_spec.rb
+- spec/monkey_patches.rb
+- spec/spec_helper.rb