aws-mfa 0.2.0 → 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7acea0de7d157dcacffc45761829147d3928f4ff
+  data.tar.gz: 18a947ec9f627b2e303585149c68e0a3393510b2
+SHA512:
+  metadata.gz: b6a4b52a6a3ce238876ddffdcf9ea3d428e9c75e41069a9394be4fe7b477d9971fb0d42d7841d6e9503724096d5a446d20727ff124e9ec969fa506172de7db04
+  data.tar.gz: 4adc1bc7e1171f840e855264f05eec5ccda076404fddbb8e95f55ef945d9ce222af1cb79d20701fd5b3e1a4818cd204373ccc24c2abd9d4f77dbd49b1d3f446b

data/bin/aws-mfa

@@ -1,126 +1,10 @@
 #!/usr/bin/env ruby
 
-require 'json'
+require 'aws_mfa'
 
-class AwsMfa
-  def initialize
-    @aws_config_dir = validate_aws_install
-  end
-
-  def validate_aws_install
-    unless which('aws')
-      puts 'Could not find the aws command'
-      exit 1
-    end
-
-    if ENV['AWS_CREDENTIAL_FILE']
-      aws_config_file = ENV['AWS_CREDENTIAL_FILE']
-      aws_config_dir = File.dirname(aws_config_file)
-    else
-      aws_config_dir = File.join(ENV['HOME'], '.aws')
-      aws_config_file = File.join(aws_config_dir, 'config')
-    end
-
-    unless File.readable?(aws_config_file)
-      puts 'Aws configuration not found. You must run `aws cli configure`'
-      exit 1
-    end
-
-    aws_config_dir
-  end
-
-  # http://stackoverflow.com/questions/2108727/which-in-ruby-checking-if-program-exists-in-path-from-ruby
-  def which(cmd)
-    exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
-    ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
-      exts.each { |ext|
-        exe = File.join(path, "#{cmd}#{ext}")
-        return exe if File.executable? exe
-      }
-    end
-    return nil
-  end
-
-  def load_arn
-    arn_file = File.join(@aws_config_dir, 'mfa_device')
-
-    if File.readable?(arn_file)
-      arn = File.read(arn_file)
-    else
-      puts 'Fetching MFA devices for your account...'
-      mfa_devices = JSON.parse(`aws iam list-mfa-devices`).fetch('MFADevices')
-      if mfa_devices.any?
-        arn = mfa_devices.first.fetch('SerialNumber')
-        puts "Using MFA device #{arn}. To change this in the future edit #{arn_file}."
-        File.open(arn_file, 'w') { |f| f.print arn }
-      else
-        abort 'No MFA devices were found for your account'
-      end
-    end
-    arn
-  end
-
-  def get_credentials(arn)
-    credentials_file  = File.join(@aws_config_dir, 'mfa_credentials')
-
-    if File.readable?(credentials_file) && token_not_expired?(credentials_file)
-      credentials = JSON.parse(File.read(credentials_file))
-    else
-      puts 'Enter the 6-digit code from your MFA device:'
-      code = $stdin.gets.chomp
-      unless code =~ /^\d{6}$/
-        puts 'That is an invalid MFA code'
-        exit 1
-      end
-      ENV.delete('AWS_SECRET_ACCESS_KEY')
-      ENV.delete('AWS_ACCESS_KEY_ID')
-      ENV.delete('AWS_SESSION_TOKEN')
-      ENV.delete('AWS_SECURITY_TOKEN')
-      credentials_raw = `aws sts get-session-token --serial-number #{arn} --token-code #{code}`
-      credentials = JSON.parse(credentials_raw)
-      File.open(credentials_file, 'w') { |f| f.print credentials_raw }
-    end
-
-    credentials['Credentials']
-  end
-
-  def token_not_expired?(credentials_file)
-    # default is 12 hours
-    expiration_period = 12 * 60 * 60
-    mtime = File.stat(credentials_file).mtime
-    now = Time.new
-    if now - mtime < expiration_period
-      true
-    else
-      false
-    end
-  end
-
-  def print_credentials(credentials)
-    puts "export AWS_SECRET_ACCESS_KEY='#{credentials['SecretAccessKey']}'"
-    puts "export AWS_ACCESS_KEY_ID='#{credentials['AccessKeyId']}'"
-    puts "export AWS_SESSION_TOKEN='#{credentials['SessionToken']}'"
-    puts "export AWS_SECURITY_TOKEN='#{credentials['SessionToken']}'"
-  end
-
-  def export_credentials(credentials)
-    ENV['AWS_SECRET_ACCESS_KEY'] = credentials['SecretAccessKey']
-    ENV['AWS_ACCESS_KEY_ID'] = credentials['AccessKeyId']
-    ENV['AWS_SESSION_TOKEN'] = credentials['SessionToken']
-    ENV['AWS_SECURITY_TOKEN'] = credentials['SessionToken']
-  end
-
-  def execute
-    arn = load_arn
-    credentials = get_credentials(arn)
-    if ARGV.empty?
-      print_credentials(credentials)
-    else
-      export_credentials(credentials)
-      exec(*ARGV)
-    end
-  end
+begin
+  aws_mfa = AwsMfa.new
+  aws_mfa.execute
+rescue AwsMfa::Errors::Error => e
+  abort e.message
 end
-
-aws_mfa = AwsMfa.new
-aws_mfa.execute

data/lib/aws_mfa.rb

@@ -0,0 +1,170 @@
+require 'json'
+require 'aws_mfa/errors'
+
+class AwsMfa
+  attr_reader :aws_config_dir
+
+  def initialize
+    validate_aws_installed
+    @aws_config_dir = find_aws_config
+  end
+
+  def validate_aws_installed
+    raise Errors::CommandNotFound, 'Could not find the aws command' unless which('aws')
+  end
+
+  def find_aws_config
+    if ENV['AWS_CREDENTIAL_FILE']
+      aws_config_file = ENV['AWS_CREDENTIAL_FILE']
+      aws_config_dir = File.dirname(aws_config_file)
+    else
+      aws_config_dir = File.join(ENV['HOME'], '.aws')
+      aws_config_file = File.join(aws_config_dir, 'config')
+    end
+
+    unless File.readable?(aws_config_file)
+      raise Errors::ConfigurationNotFound, 'Aws configuration not found. You must run `aws configure`'
+    end
+
+    aws_config_dir
+  end
+
+  # http://stackoverflow.com/questions/2108727/which-in-ruby-checking-if-program-exists-in-path-from-ruby
+  def which(cmd)
+    exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+    ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+      exts.each { |ext|
+        exe = File.join(path, "#{cmd}#{ext}")
+        return exe if File.executable? exe
+      }
+    end
+    return nil
+  end
+
+  def load_arn(profile='default')
+    arn_file_name = 'mfa_device'
+    if (! profile.eql? 'default')
+      arn_file_name = "#{profile}_#{arn_file_name}"
+    end
+    arn_file = File.join(aws_config_dir, arn_file_name)
+
+    if File.readable?(arn_file)
+      arn = load_arn_from_file(arn_file)
+    else
+      arn = load_arn_from_aws(profile)
+      write_arn_to_file(arn_file, arn)
+    end
+
+    arn
+  end
+
+  def load_arn_from_file(arn_file)
+    File.read(arn_file)
+  end
+
+  def load_arn_from_aws(profile='default')
+    puts 'Fetching MFA devices for your account...'
+    if mfa_devices(profile).any?
+      mfa_devices(profile).first.fetch('SerialNumber')
+    else
+      raise Errors::DeviceNotFound, 'No MFA devices were found for your account'
+    end
+  end
+
+  def mfa_devices(profile='default')
+    @mfa_devices ||= JSON.parse(`aws --profile #{profile} --output json iam list-mfa-devices`).fetch('MFADevices')
+  end
+
+  def write_arn_to_file(arn_file, arn)
+    File.open(arn_file, 'w') { |f| f.print arn }
+    puts "Using MFA device #{arn}. To change this in the future edit #{arn_file}."
+  end
+
+  def load_credentials(arn, profile='default')
+    credentials_file_name = 'mfa_credentials'
+    if (! profile.eql? 'default')
+      credentials_file_name = "#{profile}_#{credentials_file_name}"
+    end
+    credentials_file  = File.join(aws_config_dir, credentials_file_name)
+
+    if File.readable?(credentials_file) && token_not_expired?(credentials_file)
+      credentials = load_credentials_from_file(credentials_file)
+    else
+      credentials = load_credentials_from_aws(arn, profile)
+      write_credentials_to_file(credentials_file, credentials)
+    end
+
+    JSON.parse(credentials).fetch('Credentials')
+  end
+
+  def load_credentials_from_file(credentials_file)
+    File.read(credentials_file)
+  end
+
+  def load_credentials_from_aws(arn, profile='default')
+    code = request_code_from_user
+    unset_environment
+    `aws --profile #{profile} --output json sts get-session-token --serial-number #{arn} --token-code #{code}`
+  end
+
+  def write_credentials_to_file(credentials_file, credentials)
+    File.open(credentials_file, 'w') { |f| f.print credentials }
+  end
+
+  def request_code_from_user
+    puts 'Enter the 6-digit code from your MFA device:'
+    code = $stdin.gets.chomp
+    raise Errors::InvalidCode, 'That is an invalid MFA code' unless code =~ /^\d{6}$/
+    code
+  end
+
+  def unset_environment
+    ENV.delete('AWS_SECRET_ACCESS_KEY')
+    ENV.delete('AWS_ACCESS_KEY_ID')
+    ENV.delete('AWS_SESSION_TOKEN')
+    ENV.delete('AWS_SECURITY_TOKEN')
+  end
+
+  def token_not_expired?(credentials_file)
+    # default is 12 hours
+    expiration_period = 12 * 60 * 60
+    mtime = File.stat(credentials_file).mtime
+    now = Time.new
+    if now - mtime < expiration_period
+      true
+    else
+      false
+    end
+  end
+
+  def print_credentials(credentials)
+    puts "export AWS_SECRET_ACCESS_KEY='#{credentials['SecretAccessKey']}'"
+    puts "export AWS_ACCESS_KEY_ID='#{credentials['AccessKeyId']}'"
+    puts "export AWS_SESSION_TOKEN='#{credentials['SessionToken']}'"
+    puts "export AWS_SECURITY_TOKEN='#{credentials['SessionToken']}'"
+  end
+
+  def export_credentials(credentials)
+    ENV['AWS_SECRET_ACCESS_KEY'] = credentials['SecretAccessKey']
+    ENV['AWS_ACCESS_KEY_ID'] = credentials['AccessKeyId']
+    ENV['AWS_SESSION_TOKEN'] = credentials['SessionToken']
+    ENV['AWS_SECURITY_TOKEN'] = credentials['SessionToken']
+  end
+
+  def execute
+    profile = 'default'
+    profile_index = ARGV.index('--profile')
+    if (!profile_index.nil?)
+      profile = ARGV.delete_at(profile_index + 1)
+      ARGV.delete_at(profile_index)
+    end
+    arn = load_arn(profile)
+    credentials = load_credentials(arn, profile)
+    if ARGV.empty?
+      print_credentials(credentials)
+    else
+      export_credentials(credentials)
+      exec(*ARGV)
+    end
+  end
+end

data/lib/aws_mfa/errors.rb

@@ -0,0 +1,11 @@
+class AwsMfa
+  class Errors
+
+    class Error < StandardError; end
+    class ConfigurationNotFound < Error; end
+    class CommandNotFound < Error; end
+    class DeviceNotFound < Error; end
+    class InvalidCode < Error; end
+
+  end
+end

metadata

@@ -1,16 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: aws-mfa
 version: !ruby/object:Gem::Version
-  version: 0.2.0
-  prerelease: 
+  version: 0.3.0
 platform: ruby
 authors:
 - Brian Pitts
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-30 00:00:00.000000000 Z
-dependencies: []
+date: 2016-02-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: fakefs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
 description: Run AWS commands with MFA
 email: brian.pitts@lonelyplanet.com
 executables:
@@ -19,30 +60,31 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bin/aws-mfa
+- lib/aws_mfa.rb
+- lib/aws_mfa/errors.rb
 homepage: http://www.github.com/lonelyplanet/aws-mfa
 licenses:
 - Apache-2.0
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
 - aws-cli
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.4.5.1
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Run AWS commands with MFA
 test_files: []