RubyGems - aws-rotate - Versions diffs - 0.2.0 → 0.3.0 - Mend

aws-rotate 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 207cf2ce3e4f6e03f138a2757ba3d64cad3dc825793db640cb90505a0890b077
-  data.tar.gz: f5990b39c5d8ffc3c1a53a93b91e8fd0dfe194dfdaadd7080fc32b8ba3c61770
+  metadata.gz: 6a8227dbc10aa515ededb79a5640969eac1315f8d2ff5e606d403bf03b82d402
+  data.tar.gz: d9422bf3540a31c35aae40aa856fd2686649bfeca4e05658616033f2c22b640b
 SHA512:
-  metadata.gz: c0b8b7ccbc346a5453af992b8134cf35038cda8bf996d936b73255c2af46dd9ddf29b1ddaf0b940d2cc98ae3919311a2d88b1c5c79545565855548381118a583
-  data.tar.gz: 7a9df313347d41310662b9c7896f962d42dd7992c4fa443710b363e211f33c2fe6942c2daf444ce0648da561d8c075162767d6d99b39e794f3caaca9e5b756f6
+  metadata.gz: 1d07348115dd82167e285edda3f314ec51315497bd12d61064aa74db87977e49a07da92bbad2d97be0e7aeb4f4f8a3da1178911c28538c9c8c5a74de3e398b1a
+  data.tar.gz: 7b2860846d492a8998b842002c15e8ae2cc8c25a5bce9ae4625733d774f7544e7e37616d041fb0f771873f909c7afb53b7e8545aabf6ea828e6ea1d7011a9e8a

data/.gitignore CHANGED

@@ -14,3 +14,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+Gemfile.lock

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.3.0]
+- only rotate profiles with keys. skip profiles using assumed role.
 ## [0.2.0]
 - continue rotating when hit max keys limit on a profile
 - improve GetIamUserError message for key command

data/README.md CHANGED

@@ -29,11 +29,6 @@ Example output:
     Updating access key for AWS_PROFILE=default
     Updated profile default in /home/ec2-user/.aws/credentials with new key: AKIAXZ6ODJLQWYW3575A
     Please note, it sometimes take a few seconds or even minutes before the new IAM access key is usable.
-    Updating access key for AWS_PROFILE=profile2
-    Created new access key: AKIAXCGZM5KIS35XPH5R
-    Updated profile profile2 in /home/ec2-user/.aws/credentials with new key: AKIAXCGZM5KIS35XPH5R
-    Old access key deleted: AKIAXCGZM5KI63JFCKFD
-    Please note, it sometimes take a few seconds or even minutes before the new IAM access key is usable.
     $
 ### select filter option
@@ -98,16 +93,16 @@ You can add something like this:
     30 20 * * * bash -l -c 'aws-rotate keys --select dev-aws-profile test-aws-profile --no-backup >> /var/log/cron-aws-rotate.log 2>&1' # rotate AWS keys daily
-Create a `/var/log/cron/aws-rotate.log` that is writable with your user:
+Create a `/var/log/cron-aws-rotate.log` that is writable with your user:
     sudo touch /var/log/cron-aws-rotate.log
     sudo chown `whoami`:`whoami` /var/log/cron-aws-rotate.log
 ## Installation
-Add this line to your application's Gemfile:
+You can install the tool with:
-    gem "aws-rotate"
+    gem install aws-rotate
 ## Requirements

data/lib/aws_rotate/key.rb CHANGED

@@ -8,6 +8,7 @@ module AwsRotate
       # and report errors early on. The noop check happens after this initial check.
       # Also with this we can filter for only the keys thats that have associated users and will be updated.
       # Only the profiles with IAM users will be shown as "Updating..."
+      puts "AWS_PROFILE=#{ENV['AWS_PROFILE']}"
       @user = get_iam_user # will only rotate keys that belong to an actual IAM user
       return unless @user
@@ -61,6 +62,10 @@ module AwsRotate
       puts "The AWS_PROFILE=#{@profile} profile seems to have invalid secret keys. Please double check it.".color(:red)
       puts "#{e.class} #{e.message}"
       raise GetIamUserError
+    rescue Aws::Errors::NoSourceProfileError => e
+      puts "WARN: The AWS_PROFILE=#{@profile} profile does not have have access keys.".color(:yellow)
+      puts "#{e.class} #{e.message}"
+      raise GetIamUserError
     end
     # Check if there are 2 keys, cannot rotate if there are 2 keys already.

data/lib/aws_rotate/list.rb CHANGED

@@ -1,20 +1,45 @@
 module AwsRotate
   class List < Base
+    def initialize(options={})
+      super
+      @lines = IO.readlines(@credentials_path)
+    end
     def run
       puts "AWS Profiles:"
       puts profiles
+      profiles
     end
+    # Only returns profiles that have aws_access_key_id associated
     def profiles
-      lines = IO.readlines(@credentials_path)
-      profiles = []
-      lines.each do |line|
+      has_key, within_profile, profiles = false, false, []
+      all_profiles.each do |profile|
+        @lines.each do |line|
+          line = line.strip
+          within_profile = false if line =~ /^\[/ # on the next profile section, reset flag
+          within_profile ||= line == "[#{profile}]" # enable checking
+          if within_profile
+            has_key = line =~ /^aws_access_key_id/
+            if has_key
+              profiles << profile
+              break
+            end
+          end
+        end
+      end
+      profiles
+    end
+    def all_profiles
+      all_profiles = []
+      @lines.each do |line|
         next if line =~ /^\s*#/ # ignore comments
         md = line.match(/\[(.*)\]/)
-        profiles << md[1] if md
+        all_profiles << md[1] if md
       end
-      profiles
+      all_profiles
     end
   end
 end

data/lib/aws_rotate/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AwsRotate
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/spec/lib/list_spec.rb ADDED

@@ -0,0 +1,12 @@
+describe AwsRotate::List do
+  let(:list) do
+    AwsRotate::List.new
+  end
+  context "list" do
+    it "only profiles with credentials" do
+      profiles = list.run
+      expect(profiles).to eq %w[parent-account iam-account]
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-rotate
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-08-14 00:00:00.000000000 Z
+date: 2019-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -176,7 +176,6 @@ files:
 - ".rspec"
 - CHANGELOG.md
 - Gemfile
-- Gemfile.lock
 - Guardfile
 - LICENSE.txt
 - README.md
@@ -210,6 +209,7 @@ files:
 - spec/lib/cli_spec.rb
 - spec/lib/key_spec.rb
 - spec/lib/keys_spec.rb
+- spec/lib/list_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/tongueroo/aws-rotate
 licenses:
@@ -230,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: Easy way to rotate all your AWS keys in your ~/.aws/credentials
@@ -240,4 +240,5 @@ test_files:
 - spec/lib/cli_spec.rb
 - spec/lib/key_spec.rb
 - spec/lib/keys_spec.rb
+- spec/lib/list_spec.rb
 - spec/spec_helper.rb

data/Gemfile.lock DELETED

@@ -1,95 +0,0 @@
-PATH
-  remote: .
-  specs:
-    aws-rotate (0.1.0)
-      activesupport
-      aws-sdk-core
-      aws-sdk-iam
-      rainbow
-      thor
-      zeitwerk
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activesupport (5.2.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
-    aws-eventstream (1.0.3)
-    aws-partitions (1.201.0)
-    aws-sdk-core (3.62.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-      aws-partitions (~> 1.0)
-      aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-iam (1.29.0)
-      aws-sdk-core (~> 3, >= 3.61.1)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-    byebug (11.0.1)
-    cli_markdown (0.1.0)
-    codeclimate-test-reporter (1.0.9)
-      simplecov (<= 0.13)
-    concurrent-ruby (1.1.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.3)
-    docile (1.1.5)
-    hashdiff (1.0.0)
-    i18n (1.6.0)
-      concurrent-ruby (~> 1.0)
-    jmespath (1.4.0)
-    json (2.2.0)
-    minitest (5.11.3)
-    public_suffix (3.1.1)
-    rainbow (3.0.0)
-    rake (12.3.3)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
-    safe_yaml (1.0.5)
-    simplecov (0.13.0)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    webmock (3.6.2)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-    zeitwerk (2.1.9)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  aws-rotate!
-  bundler
-  byebug
-  cli_markdown
-  codeclimate-test-reporter
-  rake
-  rspec
-  webmock
-BUNDLED WITH
-   2.0.2