RubyGems - aws-session-credentials - Versions diffs - 0.1.0 - Mend

aws-session-credentials 0.1.0

Files changed (19) hide show

checksums.yaml +15 -0
data/.gitignore +9 -0
data/.rspec +2 -0
data/.travis.yml +10 -0
data/CODE_OF_CONDUCT.md +13 -0
data/Gemfile +4 -0
data/README.md +76 -0
data/Rakefile +6 -0
data/aws-session-credentials.gemspec +29 -0
data/bin/console +14 -0
data/bin/setup +7 -0
data/exe/aws-session +4 -0
data/lib/aws/session/credentials.rb +10 -0
data/lib/aws/session/credentials/cli.rb +66 -0
data/lib/aws/session/credentials/config.rb +95 -0
data/lib/aws/session/credentials/credential_file.rb +41 -0
data/lib/aws/session/credentials/session_builder.rb +48 -0
data/lib/aws/session/credentials/version.rb +7 -0
metadata +159 -0

checksums.yaml ADDED

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MTg4MzliNjVjMjM1OTc3MTM5YmJlZWU2NTBjNzVlZTNmZjJhYWJlOA==
+  data.tar.gz: !binary |-
+    MjkwNThiMmYwYWFkZjNjNTg1OTk1NDkwZDU1YjQ4Nzc5NTY5MjU5Nw==
+SHA512:
+  metadata.gz: !binary |-
+    ZDkwYmRlYzYwOWMwZWVkYmQ4MmZjZGNiZDc4YjE1ZWJhZGZkNjA4OTZmOTAx
+    Nzk0ZmE0YjM2ODRkZmE3OGEzMDg3ZDBhOGVhZTJiNmQ2YTcwMzQ3ZWZiOTIz
+    N2RjMzRlOGMwMWIyYzZhMWU4NDA0YmU1ZTg4M2IzMjY2ZDE4NzQ=
+  data.tar.gz: !binary |-
+    OTYyZDQ1ZTEyNDMxYTY5OWVjZTM3MmY5NjA0YWJhZTY5NjBkMjhhMWQ0MzFm
+    NDhhMjk2ZmVjNDczYjI0MTQ0ZjFkNGQzYzc0ZWE1MmQwNTc1OTQ4MDE0Y2Rj
+    ZjJhNjYyZjk1ZTVhYWVkODQxN2EzODg2ZWI4NmM4MTkyZDZlMjA=

data/.gitignore ADDED

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.travis.yml ADDED

@@ -0,0 +1,10 @@
+language: ruby
+rvm:
+- 2.2.3
+before_install: gem install bundler -v 1.10.6
+deploy:
+  provider: rubygems
+  api_key:
+    secure: JvG2IbQf/X0apcDdi2e8Ex6UamwelO8T6N+CwAG2pFino5B8Pvj16JdLGypHeVQSA4QaTpgwRfyb/2zipBuxtrVhQ3FoJP1wxOA2hR/xImmlEL5Q8gOswYZL8EHVvnhzIcSfjzIBhr1Um65pkDWlsNCgsD/3EPJHGUDTH2d20OkiEZSk4U+HnWXKTufDzuFy8APzaBnI8Kg8som7pxuPrYXg5hIdmnoAGUwz2KclbcijXxqWycf7KVadlAH2QqzbzPhZ2rEAddG8GTfLkaul+9QXRMiU/Vz969ie0Qy2Px0/3fZWyAjA3Bxrj9SgdU70UOUbxUKK/EDifporZ/Cd/pWNM/lpiMG/KVaPPot6lpc5PGseC3Iwj7aasaYRjaLPGPEI6LNTSnlcOuf+R62rInR4Z7DfjsWXlBdJalTg+gmpvi0a5V65t+fUq3At0Icme3RJW1V5fRqc4RzHk0p3Ce2JYHKg/GhUtmhKu0jLPwzpFNH3dCtBNFH3v2USrOi+gYKNRjxNkVGTqWQJiWi33RlTN2+boC5cVDXJkjGRCngjxkYYKyZYRZXqqzdBcXkJuuGoGQYSDlb6xY74j40igbiQTkvByIj2mfWKiLQJrVW4c+WK3EhmoOx/bv8Fyu5C8/IDgO3k4X8RfaKbMOlYoX8Sb0qZlQQ3yvVDV/34AHQ=
+  on:
+    tags: true

data/CODE_OF_CONDUCT.md ADDED

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in aws-session-credentials.gemspec
+gemspec

data/README.md ADDED

@@ -0,0 +1,76 @@
+# Aws::Session::Credentials
+[![Build Status](https://travis-ci.org/zl4bv/aws-session-credentials.svg)](https://travis-ci.org/zl4bv/aws-session-credentials)
+Command-line tool to generate AWS session credentials.
+Gets a set of session credentials from the AWS STS service and saves them to
+`~/.aws/credentials` (by default). You can optionally provide an MFA device and
+code too if your IAM user/role requires it.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'aws-session-credentials'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install aws-session-credentials
+## Usage
+Example:
+```
+$ aws-session --mfa-code 123456
+```
+To set the full list of CLI options:
+```
+$ aws-session --help new
+Usage:
+  aws-session
+Options:
+  [--access-key-id=ACCESS-KEY-ID]          # Access key used to generate session token
+  [--secret-access-key=SECRET-ACCESS-KEY]  # Secret key used to generate session token
+  [--region=REGION]                        # AWS region to connect to
+  [--config-file=CONFIG-FILE]              # YAML file to load config from
+                                           # Default: ~/.aws/credentials.yml
+  [--credential-file=CREDENTIAL-FILE]      # INI file to save session credentials to
+                                           # Default: ~/.aws/credentials
+  [--profile=PROFILE]                      # Profile that session token will be loaded into
+                                           # Default: default
+  [--duration=N]                           # Duration, in seconds, that credentials should remain valid
+                                           # Default: 1
+  [--mfa-device=MFA-DEVICE]                # ARN of MFA device
+  [--mfa-code=MFA-CODE]                    # Six digit code from MFA device
+```
+### Config File
+By default this is located at `~/.aws/credentials.yml`.
+Example:
+```yaml
+---
+aws_access_key_id: AKIAIOSFODNN7EXAMPLE
+aws_secret_access_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+region: ap-southeast-2
+duration: 86400
+mfa_device: arn:aws:iam::000000000000:mfa/user.name@example.com
+```
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/zl4bv/aws-session-credentials. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.

data/Rakefile ADDED

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/aws-session-credentials.gemspec ADDED

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aws/session/credentials/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'aws-session-credentials'
+  spec.version       = Aws::Session::Credentials::VERSION
+  spec.authors       = ['Ben Vidulich']
+  spec.email         = ['ben@vidulich.co.nz']
+  spec.summary       = %q{Command-line tool to generate AWS session credentials.}
+  spec.description   = %q{Command-line tool to generate AWS session credentials.}
+  spec.homepage      = 'https://github.com/zl4bv/aws-session-credentials'
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.add_development_dependency 'bundler', '~> 1.10'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec-its'
+  spec.add_runtime_dependency 'aws-sdk', '~> 2.1'
+  spec.add_runtime_dependency 'inifile', '~> 3.0'
+  spec.add_runtime_dependency 'thor', '~> 0.19'
+end

data/bin/console ADDED

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "aws/session/credentials"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+bundle install
+# Do any other automated setup that you need to do here

data/exe/aws-session ADDED

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'aws/session/credentials/cli'
+Aws::Session::Credentials::Cli.start

data/lib/aws/session/credentials.rb ADDED

@@ -0,0 +1,10 @@
+require 'aws-sdk'
+require 'fileutils'
+require 'inifile'
+require 'yaml'
+require 'aws/session/credentials/config'
+require 'aws/session/credentials/credential_file'
+require 'aws/session/credentials/session_builder'
+require 'aws/session/credentials/version'

data/lib/aws/session/credentials/cli.rb ADDED

@@ -0,0 +1,66 @@
+require 'thor'
+require 'aws/session/credentials'
+module Aws
+  module Session
+    module Credentials
+      # Command line interface
+      class Cli < Thor
+        method_option 'access-key-id',
+                      type: :string,
+                      desc: 'Access key used to generate session token',
+                      default: nil
+        method_option 'secret-access-key',
+                      type: :string,
+                      desc: 'Secret key used to generate session token',
+                      default: nil
+        method_option 'region',
+                      type: :string,
+                      desc: 'AWS region to connect to',
+                      default: nil
+        method_option 'config-file',
+                      type: :string,
+                      desc: 'YAML file to load config from',
+                      default: '~/.aws/credentials.yml'
+        method_option 'credential-file',
+                      type: :string,
+                      desc: 'INI file to save session credentials to',
+                      default: '~/.aws/credentials'
+        method_option 'profile',
+                      type: :string,
+                      desc: 'Profile that session token will be loaded into',
+                      default: 'default'
+        method_option 'duration',
+                      type: :numeric,
+                      desc: 'Duration, in seconds, that credentials should remain valid',
+                      default: 1
+        method_option 'mfa-device',
+                      type: :string,
+                      desc: 'ARN of MFA device',
+                      default: nil
+        method_option 'mfa-code',
+                      type: :string,
+                      desc: 'Six digit code from MFA device',
+                      default: nil
+        desc 'new', 'Generates new AWS session credentials'
+        def new
+          config = Config.new(options['config-file'])
+          config.aws_access_key_id      ||= options['access-key-id']
+          config.aws_secret_access_key  ||= options['secret-access-key']
+          config.region                 ||= options['region']
+          config.credential_file        ||= options['credential-file']
+          config.profile                ||= options['profile']
+          config.duration               ||= options['duration']
+          config.mfa_device             ||= options['mfa-device']
+          config.mfa_code               ||= options['mfa-code']
+          cf = CredentialFile.new(config.credential_file)
+          sb = SessionBuilder.new(config.to_h)
+          sb.update_credential_file(cf)
+        end
+        default_task :new
+      end
+    end
+  end
+end

data/lib/aws/session/credentials/config.rb ADDED

@@ -0,0 +1,95 @@
+module Aws
+  module Session
+    module Credentials
+      # Holds configuration
+      class Config
+        def initialize(path, config = nil)
+          @path = File.expand_path(path) if path
+          @config = config || load_file
+        end
+        def [](key)
+          @config[key]
+        end
+        def []=(key, value)
+          @config[key] = value
+        end
+        def aws_access_key_id
+          self['aws_access_key_id']
+        end
+        def aws_access_key_id=(value)
+          self['aws_access_key_id'] = value
+        end
+        def aws_secret_access_key
+          self['aws_secret_access_key']
+        end
+        def aws_secret_access_key=(value)
+          self['aws_secret_access_key'] = value
+        end
+        def credential_file
+          self['credential_file']
+        end
+        def credential_file=(value)
+          self['credential_file'] = value
+        end
+        def duration
+          self['duration']
+        end
+        def duration=(value)
+          self['duration'] = value
+        end
+        # @api private
+        def load_file
+          return {} unless File.exist?(@path)
+          YAML.load(File.read(@path))
+        end
+        def mfa_code
+          self['mfa_code']
+        end
+        def mfa_code=(value)
+          self['mfa_code'] = value
+        end
+        def mfa_device
+          self['mfa_device']
+        end
+        def mfa_device=(value)
+          self['mfa_device'] = value
+        end
+        def profile
+          self['profile']
+        end
+        def profile=(value)
+          self['profile'] = value
+        end
+        def region
+          self['region']
+        end
+        def region=(value)
+          self['region'] = value
+        end
+        def to_h
+          @config
+        end
+      end
+    end
+  end
+end

data/lib/aws/session/credentials/credential_file.rb ADDED

@@ -0,0 +1,41 @@
+module Aws
+  module Session
+    module Credentials
+      # AWS credentials file. Usually located on disk at +~/.aws/credentials+.
+      class CredentialFile
+        # @param [String] path location of credentials file on disk
+        # @param [IniFile] ini_file
+        def initialize(path = '~/.aws/credentials', ini_file = nil)
+          @path = File.expand_path(path)
+          @ini_file = ini_file || init_ini_file
+        end
+        # @api private
+        def init_ini_file
+          if File.exist?(@path)
+            IniFile.load(@path)
+          else
+            path_dir = File.dirname(@path)
+            FileUtils.mkdir_p(path_dir) unless File.exist?(path_dir)
+            IniFile.new(filename: @path, encoding: 'UTF-8')
+          end
+        end
+        # Sets credentials for provided profile.
+        #
+        # Overrides provided options if they already exist for the provided
+        # profile. Does not override options if they are not provided. Set an
+        # option to +nil+ to explicitly unset an existing option.
+        # @param [String] profile name of profile to set credentials for
+        # @param [Hash] options settings to set
+        # @option options [String] :access_key_id Access key
+        # @option options [String] :secret_access_key Secret key
+        # @option options [String] :session_token Session token
+        def set_credentials(profile, options = {})
+          @ini_file[profile] = @ini_file[profile].merge(options)
+          @ini_file.write
+        end
+      end
+    end
+  end
+end

data/lib/aws/session/credentials/session_builder.rb ADDED

@@ -0,0 +1,48 @@
+module Aws
+  module Session
+    module Credentials
+      # Builds AWS session
+      class SessionBuilder
+        # @param [Hash] config configuration
+        # @param [Aws::STS::Client] client STS client
+        def initialize(config, client = nil)
+          @config = config
+          @client = client || init_client
+        end
+        # @api private
+        def init_client
+          Aws::STS::Client.new(
+            region: @config['region'],
+            access_key_id: @config['aws_access_key_id'],
+            secret_access_key: @config['aws_secret_access_key']
+          )
+        end
+        # Gets a set of session credentials
+        #
+        # @return [Aws::STS::Types::Credentials] credentials or +nil+
+        def session_credentials
+          resp = @client.get_session_token(
+            duration_seconds: @config['duration'],
+            serial_number: @config['mfa_device'],
+            token_code: @config['mfa_code']
+          )
+          return {
+            'aws_access_key_id' => resp.credentials['access_key_id'],
+            'aws_secret_access_key' => resp.credentials['secret_access_key'],
+            'aws_session_token' => resp.credentials['session_token']
+          } if resp
+        end
+        # Gets a set of session credentials and updates them in a credential
+        # file.
+        #
+        # @param [String] path location of credential file
+        def update_credential_file(credential_file)
+          credential_file.set_credentials(@config['profile'], session_credentials)
+        end
+      end
+    end
+  end
+end

data/lib/aws/session/credentials/version.rb ADDED

@@ -0,0 +1,7 @@
+module Aws
+  module Session
+    module Credentials
+      VERSION = "0.1.0"
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: aws-session-credentials
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ben Vidulich
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2015-10-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: inifile
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.19'
+description: Command-line tool to generate AWS session credentials.
+email:
+- ben@vidulich.co.nz
+executables:
+- aws-session
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- CODE_OF_CONDUCT.md
+- Gemfile
+- README.md
+- Rakefile
+- aws-session-credentials.gemspec
+- bin/console
+- bin/setup
+- exe/aws-session
+- lib/aws/session/credentials.rb
+- lib/aws/session/credentials/cli.rb
+- lib/aws/session/credentials/config.rb
+- lib/aws/session/credentials/credential_file.rb
+- lib/aws/session/credentials/session_builder.rb
+- lib/aws/session/credentials/version.rb
+homepage: https://github.com/zl4bv/aws-session-credentials
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5
+signing_key:
+specification_version: 4
+summary: Command-line tool to generate AWS session credentials.
+test_files: []