aws-mfa-secure 0.3.7 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +6 -2
- data/lib/aws_mfa_secure/autoloader.rb +4 -2
- data/lib/aws_mfa_secure/base.rb +3 -1
- data/lib/aws_mfa_secure/cli.rb +1 -0
- data/lib/aws_mfa_secure/credentials.rb +2 -0
- data/lib/aws_mfa_secure/exports.rb +15 -5
- data/lib/aws_mfa_secure/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 402fd832cf07be964b75d2a30a96600b65956e11979d02595d8e74725970a232
|
|
4
|
+
data.tar.gz: edc70a0647f6f73de89d02e83e788fc922f4c189a29c47b94a7efad33410fe25
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51f145fe9a979d65cd54086e84e98c66050cb148fd45e39bbf766ade2d7d4175472580946761517a32d5749e2ab0dee37866e542450b428847b1c4c91d91d013
|
|
7
|
+
data.tar.gz: 8b471f3641a3d92f7b0f507fe6049c6f3c70b1e6bfb5ec451d114c74c257896191a1bd6ef944701bf02ba14db3e520895dba801a6e0c673962f099648a6d3665
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,21 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.4.3] - 2020-12-10
|
|
7
|
+
- [#4](https://github.com/tongueroo/aws-mfa-secure/pull/4) require singleton
|
|
8
|
+
|
|
9
|
+
## [0.4.2]
|
|
10
|
+
- add helpful message
|
|
11
|
+
|
|
12
|
+
## [0.4.1]
|
|
13
|
+
- #3 no-mfa option for exports
|
|
14
|
+
|
|
15
|
+
## [0.4.0]
|
|
16
|
+
- #2 do not eager load ext/aws.rb
|
|
17
|
+
|
|
18
|
+
## [0.3.8]
|
|
19
|
+
- fix edge case when aws profile not found
|
|
20
|
+
|
|
6
21
|
## [0.3.7]
|
|
7
22
|
- check aws cli is fully setup
|
|
8
23
|
|
data/README.md
CHANGED
|
@@ -4,8 +4,12 @@
|
|
|
4
4
|
|
|
5
5
|
[](http://badge.fury.io/rb/aws-mfa-secure)
|
|
6
6
|
|
|
7
|
+
[](https://www.boltops.com)
|
|
8
|
+
|
|
7
9
|
Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) does not yet support MFA for normal IAM users. See: [boto/botocore/pull/1399](https://github.com/boto/botocore/pull/1399) The aws-mfa-secure tool decorates the AWS CLI or API to handle MFA authentication. The MFA prompt only activates if `mfa_serial` is configured.
|
|
8
10
|
|
|
11
|
+
An advantage of the aws-mfa-secure is that it caches the temporary credentials `~/.aws/aws-mfa-secure-sessions` and reuses them until they expire. The expiration is 8 hours by default. This means that when you open a new terminal tab, you won’t have to re-enter the MFA code.
|
|
12
|
+
|
|
9
13
|
## Installation
|
|
10
14
|
|
|
11
15
|
gem install aws-mfa-secure
|
|
@@ -13,7 +17,7 @@ Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) d
|
|
|
13
17
|
Prerequisite: The [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/) is required. You can install the AWS CLI via pip.
|
|
14
18
|
|
|
15
19
|
pip install awscli --upgrade --user
|
|
16
|
-
|
|
20
|
+
|
|
17
21
|
## Usage
|
|
18
22
|
|
|
19
23
|
**Summary**:
|
|
@@ -39,7 +43,7 @@ Note: AWS already supports `mfa_serial` for assumed roles: [AWS Configuration an
|
|
|
39
43
|
|
|
40
44
|
alias aws="aws-mfa-secure session"
|
|
41
45
|
|
|
42
|
-
You may want to add the alias to your `~/.bash_profile`
|
|
46
|
+
The alias allows us to intercept the normal aws cli command and decorate it. The `aws-mfa-secure session` only activates if `mfa_serial` is configured in your `~/.aws/credentials` file. Otherwise, it will pass the command through to the normal aws cli. You may want to add the alias to your `~/.bash_profile` do you don't have to alias it every time you open a new terminal.
|
|
43
47
|
|
|
44
48
|
Autocompletion still works with the alias.
|
|
45
49
|
|
|
@@ -13,8 +13,10 @@ module AwsMfaSecure
|
|
|
13
13
|
def setup
|
|
14
14
|
loader = Zeitwerk::Loader.new
|
|
15
15
|
loader.inflector = Inflector.new
|
|
16
|
-
|
|
17
|
-
loader.
|
|
16
|
+
lib = File.dirname(__dir__) # lib
|
|
17
|
+
loader.push_dir(lib)
|
|
18
|
+
loader.ignore("#{lib}/aws-mfa-secure.rb")
|
|
19
|
+
loader.do_not_eager_load("#{lib}/aws_mfa_secure/ext/aws.rb")
|
|
18
20
|
loader.setup
|
|
19
21
|
end
|
|
20
22
|
end
|
data/lib/aws_mfa_secure/base.rb
CHANGED
|
@@ -132,7 +132,9 @@ module AwsMfaSecure
|
|
|
132
132
|
memoize :sts
|
|
133
133
|
|
|
134
134
|
def aws_config(prop)
|
|
135
|
-
|
|
135
|
+
profile_data = AWSConfig[aws_profile]
|
|
136
|
+
return unless profile_data
|
|
137
|
+
v = profile_data[prop.to_s]
|
|
136
138
|
v unless v.blank?
|
|
137
139
|
end
|
|
138
140
|
memoize :aws_config
|
data/lib/aws_mfa_secure/cli.rb
CHANGED
|
@@ -8,6 +8,7 @@ module AwsMfaSecure
|
|
|
8
8
|
|
|
9
9
|
desc "exports", "Generate export statements that can be eval"
|
|
10
10
|
long_desc Help.text(:exports)
|
|
11
|
+
option :mfa, type: :boolean, desc: "Use --no-mfa to bypass the mfa_profile check for a normal get session token call"
|
|
11
12
|
def exports
|
|
12
13
|
Exports.new(options).run
|
|
13
14
|
end
|
|
@@ -6,8 +6,18 @@ module AwsMfaSecure
|
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def run
|
|
9
|
+
# Allow use `aws-mfa-secure exports --no-mfa`
|
|
10
|
+
# This bypasses the check for mfa_serial being configured in the ~/.aws/credentials profile
|
|
11
|
+
# Useful if we want to grab temporary AWS_xxx credentials for testing.
|
|
12
|
+
if @options[:mfa] == false
|
|
13
|
+
resp = sts.get_session_token
|
|
14
|
+
puts script(resp.credentials)
|
|
15
|
+
return
|
|
16
|
+
end
|
|
17
|
+
|
|
9
18
|
unless iam_mfa?
|
|
10
19
|
$stderr.puts "WARN: mfa_serial is not configured for this AWS_PROFILE=#{@aws_profile}"
|
|
20
|
+
$stderr.puts "If you want to use exports without this mfa_serial check. Use the --no-mfa option."
|
|
11
21
|
return
|
|
12
22
|
end
|
|
13
23
|
|
|
@@ -16,14 +26,14 @@ module AwsMfaSecure
|
|
|
16
26
|
save_creds(resp.credentials.to_h)
|
|
17
27
|
end
|
|
18
28
|
|
|
19
|
-
puts script
|
|
29
|
+
puts script(credentials)
|
|
20
30
|
end
|
|
21
31
|
|
|
22
|
-
def script
|
|
32
|
+
def script(creds)
|
|
23
33
|
<<~EOL
|
|
24
|
-
export AWS_ACCESS_KEY_ID=#{
|
|
25
|
-
export AWS_SECRET_ACCESS_KEY=#{
|
|
26
|
-
export AWS_SESSION_TOKEN=#{
|
|
34
|
+
export AWS_ACCESS_KEY_ID=#{creds["access_key_id"]}
|
|
35
|
+
export AWS_SECRET_ACCESS_KEY=#{creds["secret_access_key"]}
|
|
36
|
+
export AWS_SESSION_TOKEN=#{creds["session_token"]}
|
|
27
37
|
EOL
|
|
28
38
|
end
|
|
29
39
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-mfa-secure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3
|
|
4
|
+
version: 0.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -243,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
243
243
|
- !ruby/object:Gem::Version
|
|
244
244
|
version: '0'
|
|
245
245
|
requirements: []
|
|
246
|
-
rubygems_version: 3.
|
|
246
|
+
rubygems_version: 3.1.4
|
|
247
247
|
signing_key:
|
|
248
248
|
specification_version: 4
|
|
249
249
|
summary: Adds MFA Support to AWS CLI and Ruby SDKs for normal IAM user
|