RubyGems - aws-rotate - Versions diffs - 0.2.0 → 0.3.0 - Mend

aws-rotate 0.2.0 → 0.3.0

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 207cf2ce3e4f6e03f138a2757ba3d64cad3dc825793db640cb90505a0890b077
-  data.tar.gz: f5990b39c5d8ffc3c1a53a93b91e8fd0dfe194dfdaadd7080fc32b8ba3c61770
+  metadata.gz: 6a8227dbc10aa515ededb79a5640969eac1315f8d2ff5e606d403bf03b82d402
+  data.tar.gz: d9422bf3540a31c35aae40aa856fd2686649bfeca4e05658616033f2c22b640b
 SHA512:
-  metadata.gz: c0b8b7ccbc346a5453af992b8134cf35038cda8bf996d936b73255c2af46dd9ddf29b1ddaf0b940d2cc98ae3919311a2d88b1c5c79545565855548381118a583
-  data.tar.gz: 7a9df313347d41310662b9c7896f962d42dd7992c4fa443710b363e211f33c2fe6942c2daf444ce0648da561d8c075162767d6d99b39e794f3caaca9e5b756f6
+  metadata.gz: 1d07348115dd82167e285edda3f314ec51315497bd12d61064aa74db87977e49a07da92bbad2d97be0e7aeb4f4f8a3da1178911c28538c9c8c5a74de3e398b1a
+  data.tar.gz: 7b2860846d492a8998b842002c15e8ae2cc8c25a5bce9ae4625733d774f7544e7e37616d041fb0f771873f909c7afb53b7e8545aabf6ea828e6ea1d7011a9e8a

data/.gitignore CHANGED

@@ -14,3 +14,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+Gemfile.lock

data/CHANGELOG.md CHANGED

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+## [0.3.0]
+- only rotate profiles with keys. skip profiles using assumed role.
 ## [0.2.0]
 - continue rotating when hit max keys limit on a profile
 - improve GetIamUserError message for key command

data/README.md CHANGED

@@ -29,11 +29,6 @@ Example output:
     Updating access key for AWS_PROFILE=default
     Updated profile default in /home/ec2-user/.aws/credentials with new key: AKIAXZ6ODJLQWYW3575A
     Please note, it sometimes take a few seconds or even minutes before the new IAM access key is usable.
-    Updating access key for AWS_PROFILE=profile2
-    Created new access key: AKIAXCGZM5KIS35XPH5R
-    Updated profile profile2 in /home/ec2-user/.aws/credentials with new key: AKIAXCGZM5KIS35XPH5R
-    Old access key deleted: AKIAXCGZM5KI63JFCKFD
-    Please note, it sometimes take a few seconds or even minutes before the new IAM access key is usable.
     $
 ### select filter option
@@ -98,16 +93,16 @@ You can add something like this:
     30 20 * * * bash -l -c 'aws-rotate keys --select dev-aws-profile test-aws-profile --no-backup >> /var/log/cron-aws-rotate.log 2>&1' # rotate AWS keys daily
-Create a `/var/log/cron/aws-rotate.log` that is writable with your user:
+Create a `/var/log/cron-aws-rotate.log` that is writable with your user:
     sudo touch /var/log/cron-aws-rotate.log
     sudo chown `whoami`:`whoami` /var/log/cron-aws-rotate.log
 ## Installation
-Add this line to your application's Gemfile:
+You can install the tool with:
-    gem "aws-rotate"
+    gem install aws-rotate
 ## Requirements

data/lib/aws_rotate/key.rb CHANGED

@@ -8,6 +8,7 @@ module AwsRotate
       # and report errors early on. The noop check happens after this initial check.
       # Also with this we can filter for only the keys thats that have associated users and will be updated.
       # Only the profiles with IAM users will be shown as "Updating..."
+      puts "AWS_PROFILE=#{ENV['AWS_PROFILE']}"
       @user = get_iam_user # will only rotate keys that belong to an actual IAM user
       return unless @user
@@ -61,6 +62,10 @@ module AwsRotate
       puts "The AWS_PROFILE=#{@profile} profile seems to have invalid secret keys. Please double check it.".color(:red)
       puts "#{e.class} #{e.message}"
       raise GetIamUserError
+    rescue Aws::Errors::NoSourceProfileError => e
+      puts "WARN: The AWS_PROFILE=#{@profile} profile does not have have access keys.".color(:yellow)
+      puts "#{e.class} #{e.message}"
+      raise GetIamUserError
     end
     # Check if there are 2 keys, cannot rotate if there are 2 keys already.

data/lib/aws_rotate/list.rb CHANGED

@@ -1,20 +1,45 @@
 module AwsRotate
   class List < Base
+    def initialize(options={})
+      super
+      @lines = IO.readlines(@credentials_path)
+    end
     def run
       puts "AWS Profiles:"
       puts profiles
+      profiles
     end
+    # Only returns profiles that have aws_access_key_id associated
     def profiles
-      lines = IO.readlines(@credentials_path)
-      profiles = []
-      lines.each do |line|
+      has_key, within_profile, profiles = false, false, []
+      all_profiles.each do |profile|
+        @lines.each do |line|
+          line = line.strip
+          within_profile = false if line =~ /^\[/ # on the next profile section, reset flag
+          within_profile ||= line == "[#{profile}]" # enable checking
+          if within_profile
+            has_key = line =~ /^aws_access_key_id/
+            if has_key
+              profiles << profile
+              break
+            end
+          end
+        end
+      end
+      profiles
+    end
+    def all_profiles
+      all_profiles = []
+      @lines.each do |line|
         next if line =~ /^\s*#/ # ignore comments
         md = line.match(/\[(.*)\]/)
-        profiles << md[1] if md
+        all_profiles << md[1] if md
       end
-      profiles
+      all_profiles
     end
   end
 end

data/lib/aws_rotate/version.rb CHANGED

@@ -1,3 +1,3 @@
 module AwsRotate
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/spec/lib/list_spec.rb ADDED

@@ -0,0 +1,12 @@
+describe AwsRotate::List do
+  let(:list) do
+    AwsRotate::List.new
+  end
+  context "list" do
+    it "only profiles with credentials" do
+      profiles = list.run
+      expect(profiles).to eq %w[parent-account iam-account]
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-rotate
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-08-14 00:00:00.000000000 Z
+date: 2019-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -176,7 +176,6 @@ files:
 - ".rspec"
 - CHANGELOG.md
 - Gemfile
-- Gemfile.lock
 - Guardfile
 - LICENSE.txt
 - README.md
@@ -210,6 +209,7 @@ files:
 - spec/lib/cli_spec.rb
 - spec/lib/key_spec.rb
 - spec/lib/keys_spec.rb
+- spec/lib/list_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/tongueroo/aws-rotate
 licenses:
@@ -230,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: Easy way to rotate all your AWS keys in your ~/.aws/credentials
@@ -240,4 +240,5 @@ test_files:
 - spec/lib/cli_spec.rb
 - spec/lib/key_spec.rb
 - spec/lib/keys_spec.rb
+- spec/lib/list_spec.rb
 - spec/spec_helper.rb

data/Gemfile.lock DELETED

@@ -1,95 +0,0 @@
-PATH
-  remote: .
-  specs:
-    aws-rotate (0.1.0)
-      activesupport
-      aws-sdk-core
-      aws-sdk-iam
-      rainbow
-      thor
-      zeitwerk
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activesupport (5.2.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
-    aws-eventstream (1.0.3)
-    aws-partitions (1.201.0)
-    aws-sdk-core (3.62.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-      aws-partitions (~> 1.0)
-      aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-iam (1.29.0)
-      aws-sdk-core (~> 3, >= 3.61.1)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.1.0)
-      aws-eventstream (~> 1.0, >= 1.0.2)
-    byebug (11.0.1)
-    cli_markdown (0.1.0)
-    codeclimate-test-reporter (1.0.9)
-      simplecov (<= 0.13)
-    concurrent-ruby (1.1.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.3)
-    docile (1.1.5)
-    hashdiff (1.0.0)
-    i18n (1.6.0)
-      concurrent-ruby (~> 1.0)
-    jmespath (1.4.0)
-    json (2.2.0)
-    minitest (5.11.3)
-    public_suffix (3.1.1)
-    rainbow (3.0.0)
-    rake (12.3.3)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
-    safe_yaml (1.0.5)
-    simplecov (0.13.0)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    webmock (3.6.2)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-    zeitwerk (2.1.9)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  aws-rotate!
-  bundler
-  byebug
-  cli_markdown
-  codeclimate-test-reporter
-  rake
-  rspec
-  webmock
-BUNDLED WITH
-   2.0.2