aws-rotate-keys 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/aws-rotate-keys.gemspec +1 -1
- data/exe/aws-rotate-keys +1 -2
- data/lib/aws_rotate_keys.rb +1 -104
- data/lib/aws_rotate_keys/cli.rb +103 -0
- data/lib/{version.rb → aws_rotate_keys/version.rb} +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f20abd58d66f5fb72e979d69c8012717442ef26b
|
4
|
+
data.tar.gz: ac5f86016f32629ec759f94df9a6bb1896a74078
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 48f0cfbcbcf96f12ab29d3e8911b6c15fb99c0a09cb4ac518f745a4c4e7e7053aa100ea23b5381b3c7711991e47909ce9b338c24f040fd4d93e41aaf5eda4002
|
7
|
+
data.tar.gz: eaa719f2ac4f3964568f68daef16144b7e501b7f8261d1992252517028544b7c723a23273abe9b71a10f471ff9af7a32cf05ef8215142a92a404a6fa139bed13
|
data/README.md
CHANGED
@@ -4,12 +4,12 @@ A simple gem to rotate your aws access keys.
|
|
4
4
|
|
5
5
|
[](https://travis-ci.org/pcreux/aws-rotate-keys)
|
7
|
-
|
8
|
-
[](https://codeclimate.com/github/pcreux/aws-rotate-keys)
|
10
|
-
|
11
7
|
[](https://codeclimate.com/github/pcreux/aws-rotate-keys/coverage)
|
9
|
+
[](https://codeclimate.com/github/pcreux/aws-rotate-keys)
|
11
|
+
[](https://codeclimate.com/github/pcreux/aws-rotate-keys)
|
13
13
|
|
14
14
|
|
15
15
|
## Installation
|
data/aws-rotate-keys.gemspec
CHANGED
data/exe/aws-rotate-keys
CHANGED
data/lib/aws_rotate_keys.rb
CHANGED
@@ -1,104 +1 @@
|
|
1
|
-
require "
|
2
|
-
require "aws-sdk"
|
3
|
-
require 'fileutils'
|
4
|
-
|
5
|
-
module AwsRotateKeys
|
6
|
-
def self.call(*args)
|
7
|
-
Runner.new(*args).call
|
8
|
-
end
|
9
|
-
|
10
|
-
class Runner
|
11
|
-
attr_reader :iam, :credentials_path, :stdout, :env
|
12
|
-
|
13
|
-
def initialize(iam: Aws::IAM::Client.new,
|
14
|
-
credentials_path: "#{Dir.home}/.aws/credentials",
|
15
|
-
stdout: $stdout,
|
16
|
-
env: ENV)
|
17
|
-
@iam = iam
|
18
|
-
@credentials_path = credentials_path
|
19
|
-
@stdout = stdout
|
20
|
-
@env = env
|
21
|
-
end
|
22
|
-
|
23
|
-
def call
|
24
|
-
log "Creating access key..."
|
25
|
-
new_key = create_access_key
|
26
|
-
|
27
|
-
create_credentials_directory_if_needed
|
28
|
-
|
29
|
-
if credentials_file_exists?
|
30
|
-
log "Backing up #{credentials_path} to #{credentials_backup_path}..."
|
31
|
-
backup_aws_credentials_file
|
32
|
-
end
|
33
|
-
|
34
|
-
log "Writing new access key to #{credentials_path}"
|
35
|
-
write_aws_credentials_file(new_key)
|
36
|
-
|
37
|
-
log "Deleting your oldest access key..."
|
38
|
-
delete_oldest_access_key
|
39
|
-
|
40
|
-
log "You're all set!"
|
41
|
-
|
42
|
-
if aws_environment_variables?
|
43
|
-
log aws_environment_variables_warning_message
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
private
|
48
|
-
|
49
|
-
def create_access_key
|
50
|
-
create_access_key_response = iam.create_access_key
|
51
|
-
create_access_key_response.access_key
|
52
|
-
end
|
53
|
-
|
54
|
-
def create_credentials_directory_if_needed
|
55
|
-
FileUtils.mkdir_p(credentials_dir)
|
56
|
-
end
|
57
|
-
|
58
|
-
def credentials_file_exists?
|
59
|
-
File.exist?(credentials_path)
|
60
|
-
end
|
61
|
-
|
62
|
-
# ex. ~/aws/credentials.bkp-2017-01-06-16-38-07--0800
|
63
|
-
def credentials_backup_path
|
64
|
-
credentials_path + ".bkp-#{Time.now.to_s.gsub(/[^\d]/, '-')}"
|
65
|
-
end
|
66
|
-
|
67
|
-
def backup_aws_credentials_file
|
68
|
-
FileUtils.cp(credentials_path, credentials_backup_path)
|
69
|
-
end
|
70
|
-
|
71
|
-
def write_aws_credentials_file(access_key)
|
72
|
-
File.open(credentials_path, "w") do |f|
|
73
|
-
f.puts "[default]"
|
74
|
-
f.puts "aws_access_key_id = #{access_key.access_key_id}"
|
75
|
-
f.puts "aws_secret_access_key = #{access_key.secret_access_key}"
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
def delete_oldest_access_key
|
80
|
-
list_access_keys_response = iam.list_access_keys
|
81
|
-
access_keys = list_access_keys_response.access_key_metadata
|
82
|
-
|
83
|
-
oldest_access_key = access_keys.sort_by(&:create_date).first
|
84
|
-
iam.delete_access_key(access_key_id: oldest_access_key.access_key_id)
|
85
|
-
end
|
86
|
-
|
87
|
-
def credentials_dir
|
88
|
-
File.dirname(credentials_path)
|
89
|
-
end
|
90
|
-
|
91
|
-
def log(msg)
|
92
|
-
stdout.puts msg
|
93
|
-
end
|
94
|
-
|
95
|
-
def aws_environment_variables?
|
96
|
-
env['AWS_ACCESS_KEY_ID'] || env['AWS_SECRET_ACCESS_KEY']
|
97
|
-
end
|
98
|
-
|
99
|
-
def aws_environment_variables_warning_message
|
100
|
-
"We've noticed that the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set.\n" +
|
101
|
-
"Please remove them so that aws cli and libraries use #{credentials_path} instead."
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|
1
|
+
require "aws_rotate_keys/cli"
|
@@ -0,0 +1,103 @@
|
|
1
|
+
require "aws-sdk"
|
2
|
+
require "fileutils"
|
3
|
+
|
4
|
+
module AwsRotateKeys
|
5
|
+
class CLI
|
6
|
+
def self.call(*args)
|
7
|
+
new(*args).call
|
8
|
+
end
|
9
|
+
|
10
|
+
attr_reader :iam, :credentials_path, :stdout, :env
|
11
|
+
|
12
|
+
def initialize(iam: Aws::IAM::Client.new,
|
13
|
+
credentials_path: "#{Dir.home}/.aws/credentials",
|
14
|
+
stdout: $stdout,
|
15
|
+
env: ENV)
|
16
|
+
@iam = iam
|
17
|
+
@credentials_path = credentials_path
|
18
|
+
@stdout = stdout
|
19
|
+
@env = env
|
20
|
+
end
|
21
|
+
|
22
|
+
def call
|
23
|
+
log "Creating access key..."
|
24
|
+
new_key = create_access_key
|
25
|
+
|
26
|
+
create_credentials_directory_if_needed
|
27
|
+
|
28
|
+
if credentials_file_exists?
|
29
|
+
log "Backing up #{credentials_path} to #{credentials_backup_path}..."
|
30
|
+
backup_aws_credentials_file
|
31
|
+
end
|
32
|
+
|
33
|
+
log "Writing new access key to #{credentials_path}"
|
34
|
+
write_aws_credentials_file(new_key)
|
35
|
+
|
36
|
+
log "Deleting your oldest access key..."
|
37
|
+
delete_oldest_access_key
|
38
|
+
|
39
|
+
log "You're all set!"
|
40
|
+
|
41
|
+
if aws_environment_variables?
|
42
|
+
log aws_environment_variables_warning_message
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
def create_access_key
|
49
|
+
create_access_key_response = iam.create_access_key
|
50
|
+
create_access_key_response.access_key
|
51
|
+
end
|
52
|
+
|
53
|
+
def create_credentials_directory_if_needed
|
54
|
+
FileUtils.mkdir_p(credentials_dir)
|
55
|
+
end
|
56
|
+
|
57
|
+
def credentials_file_exists?
|
58
|
+
File.exist?(credentials_path)
|
59
|
+
end
|
60
|
+
|
61
|
+
# ex. ~/aws/credentials.bkp-2017-01-06-16-38-07--0800
|
62
|
+
def credentials_backup_path
|
63
|
+
credentials_path + ".bkp-#{Time.now.to_s.gsub(/[^\d]/, '-')}"
|
64
|
+
end
|
65
|
+
|
66
|
+
def backup_aws_credentials_file
|
67
|
+
FileUtils.cp(credentials_path, credentials_backup_path)
|
68
|
+
end
|
69
|
+
|
70
|
+
def write_aws_credentials_file(access_key)
|
71
|
+
File.open(credentials_path, "w") do |f|
|
72
|
+
f.puts "[default]"
|
73
|
+
f.puts "aws_access_key_id = #{access_key.access_key_id}"
|
74
|
+
f.puts "aws_secret_access_key = #{access_key.secret_access_key}"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def delete_oldest_access_key
|
79
|
+
list_access_keys_response = iam.list_access_keys
|
80
|
+
access_keys = list_access_keys_response.access_key_metadata
|
81
|
+
|
82
|
+
oldest_access_key = access_keys.sort_by(&:create_date).first
|
83
|
+
iam.delete_access_key(access_key_id: oldest_access_key.access_key_id)
|
84
|
+
end
|
85
|
+
|
86
|
+
def credentials_dir
|
87
|
+
File.dirname(credentials_path)
|
88
|
+
end
|
89
|
+
|
90
|
+
def log(msg)
|
91
|
+
stdout.puts msg
|
92
|
+
end
|
93
|
+
|
94
|
+
def aws_environment_variables?
|
95
|
+
env['AWS_ACCESS_KEY_ID'] || env['AWS_SECRET_ACCESS_KEY']
|
96
|
+
end
|
97
|
+
|
98
|
+
def aws_environment_variables_warning_message
|
99
|
+
"We've noticed that the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set.\n" +
|
100
|
+
"Please remove them so that aws cli and libraries use #{credentials_path} instead."
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-rotate-keys
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Philippe Creux
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-02-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -115,7 +115,8 @@ files:
|
|
115
115
|
- bin/setup
|
116
116
|
- exe/aws-rotate-keys
|
117
117
|
- lib/aws_rotate_keys.rb
|
118
|
-
- lib/
|
118
|
+
- lib/aws_rotate_keys/cli.rb
|
119
|
+
- lib/aws_rotate_keys/version.rb
|
119
120
|
homepage: https://github.com/pcreux/aws-rotate-keys
|
120
121
|
licenses:
|
121
122
|
- MIT
|
@@ -136,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
136
137
|
version: '0'
|
137
138
|
requirements: []
|
138
139
|
rubyforge_project:
|
139
|
-
rubygems_version: 2.
|
140
|
+
rubygems_version: 2.6.13
|
140
141
|
signing_key:
|
141
142
|
specification_version: 4
|
142
143
|
summary: Rotate your aws access keys
|