aws_assume_role 0.0.3 → 0.1.0

data/lib/aws_assume_role/cli/actions/delete_profile.rb

@@ -0,0 +1,20 @@
+require_relative "includes"
+require_relative "../../store/shared_config_with_keyring"
+
+class AwsAssumeRole::Cli::Actions::DeleteProfile < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+        required(:profile).value(:filled?)
+    end
+
+    def act_on(config)
+        prompt_for_option(:name_to_delete, "Name", proc { eql? config.profile }, fmt: config.profile)
+        AwsAssumeRole.shared_config.delete_profile config.profile
+        out format t("commands.delete.completed"), config.profile
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/includes.rb

@@ -0,0 +1,18 @@
+require "i18n"
+require "aws-sdk"
+require "dry-types"
+require_relative "../../types"
+require "dry-validation"
+require "active_support/core_ext/hash/compact"
+require "active_support/core_ext/hash/keys"
+require "launchy"
+require "open-uri"
+require "json"
+require_relative "../../../aws_assume_role"
+
+module AwsAssumeRole
+    module Cli
+        module Actions
+        end
+    end
+end

data/lib/aws_assume_role/cli/actions/list_profiles.rb

@@ -0,0 +1,10 @@
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::ListProfiles < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+    end
+
+    def act_on(_options)
+        AwsAssumeRole.shared_config.profiles.each { |p| puts p }
+    end
+end

data/lib/aws_assume_role/cli/actions/migrate_profile.rb

@@ -0,0 +1,18 @@
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::MigrateProfile < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+        required(:profile).value(:filled?)
+    end
+
+    def act_on(config)
+        AwsAssumeRole.shared_config.migrate_profile config.profile
+        out format(t("commands.configure.saved"), config[:profile], AwsAssumeRole.shared_config.config_path)
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/reset_environment.rb

@@ -0,0 +1,48 @@
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::ResetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    SHELL_STRINGS = {
+        sh: {
+            env_command: "unset %<key>s; ",
+        },
+        csh: {
+            env_command: "unset %<key>s; ",
+        },
+        fish: {
+            env_command: "set -ex %<key>s; ",
+            footer: "commands.reset_environment.shells.fish",
+        },
+        powershell: {
+            env_command: "remove-item ENV:%<key>s; ",
+            footer: "commands.reset_environment.shells.powershell",
+        },
+    }.freeze
+
+    CommandSchema = proc do
+        required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
+    end
+
+    def act_on(config)
+        shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
+        str = ""
+        %w(AWS_ACCESS_KEY_ID
+           AWS_SECRET_ACCESS_KEY
+           AWS_SESSION_TOKEN
+           AWS_PROFILE
+           AWS_ASSUME_ROLE_LOG_LEVEL
+           GLI_DEBUG
+           AWS_ASSUME_ROLE_KEYRING_BACKEND).each do |key|
+            str << format(shell_strings[:env_command], key: key) if ENV.fetch(key, false)
+        end
+        str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
+        puts str
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/run.rb

@@ -0,0 +1,34 @@
+require_relative "includes"
+require_relative "../../runner"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    CommandSchema = proc do
+        required(:profile).maybe
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        required(:role_arn).maybe
+        required(:role_session_name).maybe
+        required(:duration_seconds).maybe
+        rule(role_specification: [:profile, :role_arn, :role_session_name, :duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        credentials = try_for_credentials config.to_h
+        unless config.args.empty?
+            Runner.new(config.args,
+                       environment: { "AWS_DEFAULT_REGION" => resolved_region },
+                       credentials: credentials)
+        end
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/set_environment.rb

@@ -0,0 +1,60 @@
+require_relative "includes"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::SetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    SHELL_STRINGS = {
+        sh: {
+            env_command: "%<key>s=%<value>s; export %<key>s; ",
+        },
+        csh: {
+            env_command: "setenv %<key>s %<value>s; ",
+        },
+        fish: {
+            env_command: "set -x %<key>s %<value>s; ",
+            footer: "commands.set_environment.shells.fish",
+        },
+        powershell: {
+            env_command: "set-item ENV:%<key>s %<value>s; ",
+            footer: "commands.set_environment.shells.powershell",
+        },
+    }.freeze
+
+    CommandSchema = proc do
+        optional(:profile).filled?
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        optional(:external_id) { filled? > format?(EXTERNAL_ID_REGEX) }
+        required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
+        required(:role_arn).maybe { filled? > format?(ROLE_REGEX) }
+        required(:role_session_name).maybe { filled? > format?(ROLE_SESSION_NAME_REGEX) }
+        required(:duration_seconds).maybe
+        rule(role_specification: [:profile, :role_arn, :role_session_name, :duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        credentials = try_for_credentials config.to_h
+        shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
+        str = ""
+        [
+            [:access_key_id, "AWS_ACCESS_KEY_ID"],
+            [:secret_access_key, "AWS_SECRET_ACCESS_KEY"],
+            [:session_token, "AWS_SESSION_TOKEN"],
+        ].each do |key|
+            value = credentials.credentials.send key[0]
+            next if value.blank?
+            str << format(shell_strings[:env_command], key: key[1], value: value)
+        end
+        str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
+        puts str
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/test.rb

@@ -0,0 +1,31 @@
+require_relative "includes"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    CommandSchema = proc do
+        required(:profile).maybe
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        required(:role_arn).maybe
+        required(:role_session_name).maybe
+        required(:duration_seconds).maybe
+        rule(role_specification: [:profile, :role_arn, :role_session_name, :duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        credentials = try_for_credentials config.to_h
+        client = Aws::STS::Client.new(credentials: credentials, region: resolved_region)
+        identity = client.get_caller_identity
+        out format(t("commands.test.output"), identity.account, identity.arn, identity.user_id)
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/commands/configure.rb

@@ -0,0 +1,29 @@
+require_relative "../actions/configure_profile"
+require_relative "../actions/configure_role_assumption"
+
+module AwsAssumeRole::Cli
+    desc t "commands.configure.desc"
+    long_desc t "commands.configure.long_desc"
+    command :configure do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::ConfigureProfile.new(global_options, options, args)
+        end
+
+        c.desc t "commands.configure.desc"
+        c.long_desc t "commands.configure.long_desc"
+        c.command :role do |r|
+            r.flag ["source-profile"], desc: t("options.source_profile")
+            r.flag ["role-session-name"], desc: t("options.role_session_name")
+            r.flag ["role-arn"], desc: t("options.role_arn")
+            r.flag ["mfa-serial"], desc: t("options.mfa_serial")
+            r.flag ["region"], desc: t("options.region")
+            r.flag ["external-id"], desc: t("options.external_id")
+            r.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+
+            r.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::ConfigureRoleAssumption.new(global_options, options, args)
+            end
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/console.rb

@@ -0,0 +1,17 @@
+require_relative "../actions/console"
+
+module AwsAssumeRole::Cli
+    desc t "commands.console.desc"
+    command :console do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Console.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/delete.rb

@@ -0,0 +1,11 @@
+require_relative "../actions/delete_profile"
+
+module AwsAssumeRole::Cli
+    desc t "commands.delete.desc"
+    command :delete do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::DeleteProfile.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/environment.rb

@@ -0,0 +1,32 @@
+require_relative "../actions/set_environment"
+require_relative "../actions/reset_environment"
+
+module AwsAssumeRole::Cli
+    desc t "commands.set_environment.desc"
+    long_desc t "commands.set_environment.long_desc"
+    command :environment do |c|
+        desc t "commands.set_environment.desc"
+        long_desc t "commands.set_environment.long_desc"
+        c.command :set do |s|
+            s.flag [:p, "profile"], desc: t("options.profile_name")
+            s.flag [:s, "shell-type"], desc: t("options.shell_type"), default_value: "sh"
+            s.flag ["role-session-name"], desc: t("options.role_session_name")
+            s.flag ["role-arn"], desc: t("options.role_arn")
+            s.flag ["mfa-serial"], desc: t("options.mfa_serial")
+            s.flag ["region"], desc: t("options.region")
+            s.flag ["external-id"], desc: t("options.external_id")
+            s.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+            s.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::SetEnvironment.new(global_options, options, args)
+            end
+        end
+
+        desc t "commands.reset_environment.desc"
+        long_desc t "commands.reset_environment.long_desc"
+        c.command :reset do |s|
+            s.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::ResetEnvironment.new(global_options, options, args)
+            end
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/list.rb

@@ -0,0 +1,10 @@
+require_relative "../actions/list_profiles"
+
+module AwsAssumeRole::Cli
+    desc t "commands.list.desc"
+    command :list do |c|
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::ListProfiles.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/migrate.rb

@@ -0,0 +1,11 @@
+require_relative "../actions/migrate_profile"
+
+module AwsAssumeRole::Cli
+    desc t "commands.migrate.desc"
+    command :migrate do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::MigrateProfile.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/run.rb

@@ -0,0 +1,17 @@
+require_relative "../actions/run"
+
+module AwsAssumeRole::Cli
+    desc t "commands.run.desc"
+    command :run do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Run.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/test.rb

@@ -0,0 +1,18 @@
+require_relative "../actions/test"
+
+module AwsAssumeRole::Cli
+    desc t "commands.test.desc"
+    command :test do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.switch ["no-profile"], desc: t("options.duration_seconds"), default_value: false
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Test.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/configuration.rb

@@ -0,0 +1,19 @@
+require_relative "includes"
+
+module AwsAssumeRole
+    class Configuration
+        extend Dry::Configurable
+        Types = Dry::Types.module
+
+        setting(:backend_plugin, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_PLUGIN", nil)) do |value|
+            Types::Coercible::String[value]
+        end
+
+        setting(:backend, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_BACKEND", "automatic")) do |value|
+            value == "automatic" ? nil : Types::Coercible::String[value]
+        end
+
+        setting(:log_level, ENV.fetch("AWS_ASSUME_ROLE_LOG_LEVEL", "WARN"))
+    end
+    Config = Configuration.config
+end

data/lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb

@@ -0,0 +1,2 @@
+require_relative "../../credentials/factories/default_chain_provider"
+Aws.const_set :CredentialProviderChain, AwsAssumeRole::Credentials::Factories::DefaultChainProvider

data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb

@@ -0,0 +1,7 @@
+require "aws-sdk"
+module AwsAssumeRole
+    module CoreExt
+        module Aws
+        end
+    end
+end