aws-mfa-secure 0.4.0 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eb1c19a61a9e1136a1bf492d4fe5ad00c9c95ae759700ea06557b973cf8c60f2
4
- data.tar.gz: ef90306a2465e7f3085d9211bbd0b5543d4d19b77dba6fc58c37f7280c290615
3
+ metadata.gz: 59df8839498386209c3ce89ac8eaad772306f72d5ebc7bafdcd6efa51fa911cb
4
+ data.tar.gz: a9fc4dd319295990a3a133c631f0ccfb795e668ae44420797baf854537d6274d
5
5
  SHA512:
6
- metadata.gz: '085b0235ca5c7213f9bd7fd2214726aa6fbf6936500a3f7588ddce044f78750f520075b6b51e40cc1f70e9ac7f71a8ba4bedbd7116a9c3c0bb2e56343b6d6587'
7
- data.tar.gz: e3d01b93f034cac3206485de2694a61d996667e215ed86b3200a977a5dc75ac1549d1bfc521304effd726c4c9d26d2f63a96b56b59ee9206869444b308663bd9
6
+ metadata.gz: c393f81fcce29b09088c460d6992e4f8c0724200e50dc256ab06982900d4746472707345df4c2b2a10417dfc9372bacbaf62d0ef916e98697eacae51689a40d7
7
+ data.tar.gz: 53892cf30d8cee8e1905cac8d9847a494d67af576c9e72eafd6f4c97ff95a382de0464030a069d761e92db486fb850ff137ba5fd8cfb59f20bd1dab0e48a1c99
data/CHANGELOG.md CHANGED
@@ -3,6 +3,18 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.4.4] - 2022-01-07
7
+ - [#5](https://github.com/tongueroo/aws-mfa-secure/pull/5) fix activesupport require
8
+
9
+ ## [0.4.3] - 2020-12-10
10
+ - [#4](https://github.com/tongueroo/aws-mfa-secure/pull/4) require singleton
11
+
12
+ ## [0.4.2]
13
+ - add helpful message
14
+
15
+ ## [0.4.1]
16
+ - #3 no-mfa option for exports
17
+
6
18
  ## [0.4.0]
7
19
  - #2 do not eager load ext/aws.rb
8
20
 
data/README.md CHANGED
@@ -8,6 +8,8 @@
8
8
 
9
9
  Surprisingly, the [aws cli](https://docs.aws.amazon.com/cli/latest/reference/) does not yet support MFA for normal IAM users. See: [boto/botocore/pull/1399](https://github.com/boto/botocore/pull/1399) The aws-mfa-secure tool decorates the AWS CLI or API to handle MFA authentication. The MFA prompt only activates if `mfa_serial` is configured.
10
10
 
11
+ An advantage of the aws-mfa-secure is that it caches the temporary credentials `~/.aws/aws-mfa-secure-sessions` and reuses them until they expire. The expiration is 8 hours by default. This means that when you open a new terminal tab, you won’t have to re-enter the MFA code.
12
+
11
13
  ## Installation
12
14
 
13
15
  gem install aws-mfa-secure
@@ -41,7 +43,7 @@ Note: AWS already supports `mfa_serial` for assumed roles: [AWS Configuration an
41
43
 
42
44
  alias aws="aws-mfa-secure session"
43
45
 
44
- You may want to add the alias to your `~/.bash_profile`
46
+ The alias allows us to intercept the normal aws cli command and decorate it. The `aws-mfa-secure session` only activates if `mfa_serial` is configured in your `~/.aws/credentials` file. Otherwise, it will pass the command through to the normal aws cli. You may want to add the alias to your `~/.bash_profile` do you don't have to alias it every time you open a new terminal.
45
47
 
46
48
  Autocompletion still works with the alias.
47
49
 
@@ -8,6 +8,7 @@ module AwsMfaSecure
8
8
 
9
9
  desc "exports", "Generate export statements that can be eval"
10
10
  long_desc Help.text(:exports)
11
+ option :mfa, type: :boolean, desc: "Use --no-mfa to bypass the mfa_profile check for a normal get session token call"
11
12
  def exports
12
13
  Exports.new(options).run
13
14
  end
@@ -1,3 +1,5 @@
1
+ require "singleton"
2
+
1
3
  # Useful for Ruby interfacing
2
4
  module AwsMfaSecure
3
5
  class Credentials < Base
@@ -6,8 +6,18 @@ module AwsMfaSecure
6
6
  end
7
7
 
8
8
  def run
9
+ # Allow use `aws-mfa-secure exports --no-mfa`
10
+ # This bypasses the check for mfa_serial being configured in the ~/.aws/credentials profile
11
+ # Useful if we want to grab temporary AWS_xxx credentials for testing.
12
+ if @options[:mfa] == false
13
+ resp = sts.get_session_token
14
+ puts script(resp.credentials)
15
+ return
16
+ end
17
+
9
18
  unless iam_mfa?
10
19
  $stderr.puts "WARN: mfa_serial is not configured for this AWS_PROFILE=#{@aws_profile}"
20
+ $stderr.puts "If you want to use exports without this mfa_serial check. Use the --no-mfa option."
11
21
  return
12
22
  end
13
23
 
@@ -16,14 +26,14 @@ module AwsMfaSecure
16
26
  save_creds(resp.credentials.to_h)
17
27
  end
18
28
 
19
- puts script
29
+ puts script(credentials)
20
30
  end
21
31
 
22
- def script
32
+ def script(creds)
23
33
  <<~EOL
24
- export AWS_ACCESS_KEY_ID=#{credentials["access_key_id"]}
25
- export AWS_SECRET_ACCESS_KEY=#{credentials["secret_access_key"]}
26
- export AWS_SESSION_TOKEN=#{credentials["session_token"]}
34
+ export AWS_ACCESS_KEY_ID=#{creds["access_key_id"]}
35
+ export AWS_SECRET_ACCESS_KEY=#{creds["secret_access_key"]}
36
+ export AWS_SESSION_TOKEN=#{creds["session_token"]}
27
37
  EOL
28
38
  end
29
39
  end
@@ -1,3 +1,3 @@
1
1
  module AwsMfaSecure
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.4"
3
3
  end
@@ -1,5 +1,6 @@
1
1
  $:.unshift(File.expand_path("../", __FILE__))
2
2
  require "aws_mfa_secure/version"
3
+ require "active_support"
3
4
  require "active_support/core_ext/hash"
4
5
  require "active_support/core_ext/string"
5
6
  require "fileutils"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-mfa-secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-12-09 00:00:00.000000000 Z
11
+ date: 2022-01-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -243,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
243
243
  - !ruby/object:Gem::Version
244
244
  version: '0'
245
245
  requirements: []
246
- rubygems_version: 3.0.6
246
+ rubygems_version: 3.2.32
247
247
  signing_key:
248
248
  specification_version: 4
249
249
  summary: Adds MFA Support to AWS CLI and Ruby SDKs for normal IAM user