RubyGems - aws_assume_role - Versions diffs - 0.0.3 → 0.1.0 - Mend

aws_assume_role 0.0.3 → 0.1.0

Files changed (75) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.rubocop.yml +31 -11
data/Gemfile +7 -13
data/LICENSE.md +201 -19
data/README.md +176 -145
data/aws_assume_role.gemspec +35 -21
data/bin/aws-assume-role +1 -83
data/i18n/en.yml +106 -0
data/lib/aws_assume_role.rb +2 -3
data/lib/aws_assume_role/cli.rb +15 -0
data/lib/aws_assume_role/cli/actions/abstract_action.rb +53 -0
data/lib/aws_assume_role/cli/actions/configure_profile.rb +21 -0
data/lib/aws_assume_role/cli/actions/configure_role_assumption.rb +19 -0
data/lib/aws_assume_role/cli/actions/console.rb +68 -0
data/lib/aws_assume_role/cli/actions/delete_profile.rb +20 -0
data/lib/aws_assume_role/cli/actions/includes.rb +18 -0
data/lib/aws_assume_role/cli/actions/list_profiles.rb +10 -0
data/lib/aws_assume_role/cli/actions/migrate_profile.rb +18 -0
data/lib/aws_assume_role/cli/actions/reset_environment.rb +48 -0
data/lib/aws_assume_role/cli/actions/run.rb +34 -0
data/lib/aws_assume_role/cli/actions/set_environment.rb +60 -0
data/lib/aws_assume_role/cli/actions/test.rb +31 -0
data/lib/aws_assume_role/cli/commands/configure.rb +29 -0
data/lib/aws_assume_role/cli/commands/console.rb +17 -0
data/lib/aws_assume_role/cli/commands/delete.rb +11 -0
data/lib/aws_assume_role/cli/commands/environment.rb +32 -0
data/lib/aws_assume_role/cli/commands/list.rb +10 -0
data/lib/aws_assume_role/cli/commands/migrate.rb +11 -0
data/lib/aws_assume_role/cli/commands/run.rb +17 -0
data/lib/aws_assume_role/cli/commands/test.rb +18 -0
data/lib/aws_assume_role/configuration.rb +19 -0
data/lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb +2 -0
data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb +7 -0
data/lib/aws_assume_role/credentials/factories.rb +9 -0
data/lib/aws_assume_role/credentials/factories/abstract_factory.rb +31 -0
data/lib/aws_assume_role/credentials/factories/assume_role.rb +38 -0
data/lib/aws_assume_role/credentials/factories/default_chain_provider.rb +101 -0
data/lib/aws_assume_role/credentials/factories/environment.rb +24 -0
data/lib/aws_assume_role/credentials/factories/includes.rb +17 -0
data/lib/aws_assume_role/credentials/factories/instance_profile.rb +17 -0
data/lib/aws_assume_role/credentials/factories/repository.rb +35 -0
data/lib/aws_assume_role/credentials/factories/shared.rb +15 -0
data/lib/aws_assume_role/credentials/factories/shared_keyring.rb +16 -0
data/lib/aws_assume_role/credentials/factories/static.rb +16 -0
data/lib/aws_assume_role/credentials/providers/assume_role_credentials.rb +58 -0
data/lib/aws_assume_role/credentials/providers/includes.rb +9 -0
data/lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb +102 -0
data/lib/aws_assume_role/credentials/providers/shared_keyring_credentials.rb +22 -0
data/lib/aws_assume_role/includes.rb +30 -0
data/lib/aws_assume_role/logging.rb +16 -28
data/lib/aws_assume_role/profile_configuration.rb +71 -0
data/lib/aws_assume_role/runner.rb +39 -0
data/lib/aws_assume_role/store/includes.rb +16 -0
data/lib/aws_assume_role/store/keyring.rb +59 -0
data/lib/aws_assume_role/store/serialization.rb +18 -0
data/lib/aws_assume_role/store/shared_config_with_keyring.rb +175 -0
data/lib/aws_assume_role/types.rb +30 -0
data/lib/aws_assume_role/ui.rb +55 -0
data/lib/aws_assume_role/vendored/aws.rb +4 -0
data/lib/aws_assume_role/vendored/aws/README.md +2 -0
data/lib/aws_assume_role/vendored/aws/assume_role_credentials.rb +68 -0
data/lib/aws_assume_role/vendored/aws/includes.rb +9 -0
data/lib/aws_assume_role/vendored/aws/refreshing_credentials.rb +60 -0
data/lib/aws_assume_role/vendored/aws/shared_config.rb +220 -0
data/lib/aws_assume_role/version.rb +3 -0
metadata +264 -20
data/.rspec +0 -2
data/Rakefile +0 -2
data/bin/test.rb +0 -39
data/lib/aws_assume_role/credentials.rb +0 -92
data/lib/aws_assume_role/profile.rb +0 -203
data/lib/aws_assume_role/profile/assume_role.rb +0 -127
data/lib/aws_assume_role/profile/basic.rb +0 -152
data/lib/aws_assume_role/profile/list.rb +0 -57

data/lib/aws_assume_role/profile.rb DELETED Viewed

@@ -1,203 +0,0 @@
-require 'keyring'
-module AWSAssumeRole
-    # Base Profile superclass
-    class Profile
-        include Logging
-        # Class methods for dispatch to individual Profile strategy
-        @implementations = {}
-        @named_profiles  = {}
-        @config_file     = '-'
-        class << self
-            attr_accessor :implementations
-            attr_accessor :named_profiles
-            attr_accessor :config_file
-        end
-        def self.register_implementation(type, impl)
-            logger.info('Registering implementation ' \
-                        "for type '#{type}': #{impl}")
-            AWSAssumeRole::Profile.implementations[type] = impl
-        end
-        def self.load_profiles
-            Dir.glob(
-                File.expand_path('profile/*.rb', File.dirname(__FILE__)),
-            ).each do |profile_class|
-                require profile_class
-            end
-        end
-        def self.create(name, options)
-            options['type'] = 'basic' unless options.key?('type')
-            if implementations.key?(options['type'])
-                logger.info("Creating profile '#{name}' "\
-                            "with type #{options['type']}")
-                i = implementations[options['type']].new(name, options)
-                named_profiles[name] = i
-                return i
-            end
-            STDERR.puts 'No implementation for profiles of type '\
-                "'#{options['type']}'"
-            exit -1 # rubocop:disable Lint/AmbiguousOperator
-        end
-        def self.get_by_name(name)
-            unless named_profiles.key?(name)
-                STDERR.puts "No profile '#{name}' found"
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            named_profiles[name]
-        end
-        def self.load_config_file(config_path)
-            @config_file = config_path
-            logger.info("Loading configuration from #{config_path}")
-            parse_config(File.open(config_path))
-        end
-        def self.parse_config(yaml)
-            require 'yaml'
-            profiles = YAML.load(yaml)
-            profiles.each do |name, options|
-                options['config_file'] = config_file
-                options['name']        = name
-                AWSAssumeRole::Profile.create(name, options)
-            end
-        end
-        # Superclass for Profile strategies
-        def set_env(prefix = '') # rubocop:disable Style/AccessorMethodName
-            logger.info("Setting environment with prefix '#{prefix}'")
-            ENV["#{prefix}AWS_ACCESS_KEY_ID"]     = access_key_id
-            ENV["#{prefix}AWS_SECRET_ACCESS_KEY"] = secret_access_key
-            ENV["#{prefix}AWS_DEFAULT_REGION"]    = region
-            return unless respond_to?(:session_token)
-            logger.info(':session_token available, setting environment')
-            ENV["#{prefix}AWS_SESSION_TOKEN"] = session_token
-        end
-        def access_key_id
-            raise NotImplementedError
-        end
-        def secret_access_key
-            raise NotImplementedError
-        end
-        def region
-            raise NotImplementedError
-        end
-        def sts_client
-            raise NotImplementedError
-        end
-        attr_reader :name
-        def use
-            raise NotImplementedError
-        end
-        def add
-            raise NotImplementedError
-        end
-        def remove
-            raise NotImplementedError
-        end
-        def token_code
-            puts "Enter your MFA's time-based one time password: "
-            token_code = STDIN.gets
-            token_code.chomp!
-        end
-        def keyring_key
-            "#{@options['config_file']}|#{@options['name']}"
-        end
-        def session(duration = 3600)
-            # See if we already have a non-expired session cached in this
-            # object.
-            unless @session.nil?
-                logger.info('Found session cached in object')
-                return @session unless @session.expired?
-                logger.info('Session expired, deleting keyring key '\
-                            "'#{keyring_key}'")
-                @session.delete_from_keyring(keyring_key)
-            end
-            # See if there's a non-exipred session cached in the keyring
-            @session = AWSAssumeRole::Credentials.load_from_keyring(keyring_key)
-            unless @session.nil?
-                logger.info("Found session in keyring for '#{keyring_key}'")
-                return @session unless @session.expired?
-                logger.info('Session expired, deleting keyring key '\
-                            "'#{keyring_key}'")
-                @session.delete_from_keyring(keyring_key)
-            end
-            begin
-                identity  = sts_client.get_caller_identity
-            rescue Aws::Errors::MissingCredentialsError
-                STDERR.puts "No credentials found. Set one in the credentials file "\
-                     "or environment."
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            user_name = identity.arn.split('/')[1]
-            mfa_arn   = "arn:aws:iam::#{identity.account}:mfa/#{user_name}"
-            mfa_token_code = token_code
-            begin
-                session = sts_client.get_session_token(
-                    duration_seconds: duration,
-                    serial_number:    mfa_arn,
-                    token_code:       mfa_token_code,
-                )
-            rescue Aws::STS::Errors::AccessDenied
-                STDERR.puts 'MultiFactorAuthentication failed with invalid MFA ' \
-                            'one time pass code.'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            @session = Credentials.create_from_sdk(session.credentials)
-            logger.info("Storing session in keyring '#{keyring_key}'")
-            @session.store_in_keyring(keyring_key)
-            @session
-        end
-    end
-end

data/lib/aws_assume_role/profile/assume_role.rb DELETED Viewed

@@ -1,127 +0,0 @@
-# AWSAssumeRole
-module AWSAssumeRole
-    class Profile
-        # A Profile implementation for assuming roles using STS
-        class AssumeRole < Profile
-            include Logging
-            register_implementation('assume_role', self)
-            @sts_client = nil
-            @role       = nil
-            @options    = nil
-            @name       = nil
-            def default_options
-                {
-                    'parent'   => 'default',
-                    'duration' => 3600,
-                }
-            end
-            def initialize(name, options = {})
-                require 'aws-sdk'
-                @options = default_options.merge(options)
-                @name    = name
-            end
-            def sts_client
-                return @sts_client unless @sts_client.nil?
-                parent = AWSAssumeRole::Profile.get_by_name(@options['parent'])
-                @sts_client = Aws::STS::Client.new(
-                    access_key_id:     parent.session.access_key_id,
-                    secret_access_key: parent.session.secret_access_key,
-                    session_token:     parent.session.session_token,
-                )
-                @sts_client
-            rescue Aws::Errors::MissingRegionError
-                STDERR.puts 'No region was given. \
-                    Set one in the credentials file or environment'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            def role_credentials
-                # Check for non-expired session cached here
-                unless @role_credentials.nil?
-                    return @role_credentials unless @role_credentials.expired?
-                    @role_credentials.delete_from_keyring(keyring_key)
-                end
-                # See if here's a non-exipred session in the keyring
-                @role_credentials = Credentials.load_from_keyring(keyring_key)
-                unless @role_credentials.nil?
-                    return @role_credentials unless @role_credentials.expired?
-                    @role_credentials.delete_from_keyring(keyring_key)
-                end
-                role = sts_client.assume_role(
-                    role_arn:          @options['role_arn'],
-                    role_session_name: name, # use something else?
-                    duration_seconds:  @options['duration'],
-                )
-                @role_credentials =
-                    Credentials.create_from_sdk(role.credentials)
-                @role_credentials.store_in_keyring(keyring_key)
-                @role_credentials
-            end
-            def access_key_id
-                role_credentials.access_key_id
-            end
-            def secret_access_key
-                role_credentials.secret_access_key
-            end
-            def session_token
-                role_credentials.session_token
-            end
-            def region
-                @options['region']
-            end
-            def use
-                set_env if @options['set_environment']
-            end
-            def remove
-                Credentials.new({}).delete_from_keyring(keyring_key)
-            end
-            def add
-                STDERR.puts "You can't add credentials to an assume_role "\
-                    'just basic/parent accounts.'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-        end
-    end
-end

data/lib/aws_assume_role/profile/basic.rb DELETED Viewed

@@ -1,152 +0,0 @@
-# AWSAssumeRole
-module AWSAssumeRole
-    class Profile
-        # Profile implementation which takes credentials from either
-        # passed options, from the environment, or from .aws/credentials
-        # file (per the standard behaviour of Aws::STS::Client)
-        class Basic < Profile
-            include Logging
-            register_implementation('basic', self)
-            @sts_client = nil
-            @options    = nil
-            @name       = nil
-            def initialize(name, options = {})
-                require 'aws-sdk'
-                @options = options
-                @name    = name
-            end
-            def sts_client
-                logger.debug("Calling STS client")
-                return @sts_client unless @sts_client.nil?
-                if @options.key?('profile')
-                    logger.info("Loading profile #{@options['profile']} from ~/.aws/credentials")
-                    # Attempt to load with profile name suplied
-                    @sts_client = Aws::STS::Client.new(
-                        profile: @options['profile'],
-                    )
-                elsif access_key_id && secret_access_key
-                    logger.debug("Access Key: #{access_key_id}")
-                    logger.debug("Secret Key: #{secret_access_key}")
-                    logger.debug("Region: #{region}")
-                    @sts_client = Aws::STS::Client.new(
-                        access_key_id:     access_key_id,
-                        secret_access_key: secret_access_key,
-                        region:            region,
-                    )
-                else
-                    @sts_client = Aws::STS::Client.new
-                end
-                @sts_client
-            rescue Aws::Errors::MissingRegionError
-                STDERR.puts 'No region was given. \
-                    Set one in the credentials file or environment'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            def basic_credentials
-                logger.debug("Loading basic credentials")
-                # Check for profile creds in keyring first
-                @basic_credentials = Credentials.load_from_keyring("#{keyring_key}|basic")
-                return @basic_credentials unless @basic_credentials.nil?
-                creds = {
-                    :access_key_id     => ENV['AWS_ACCESS_KEY_ID'],
-                    :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
-                }
-                if creds[:access_key_id].nil? or creds[:secret_access_key].nil?
-                    STDERR.puts 'No AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY ' \
-                                'found in the environment.'
-                    exit -1 # rubocop:disable Lint/AmbiguousOperator
-                end
-                unless @options['region'].nil?
-                    creds[:region] = @options['region']
-                else
-                    creds[:region] = ENV['AWS_DEFAULT_REGION']
-                end
-                @basic_credentials = AWSAssumeRole::Credentials.new(creds)
-                @basic_credentials
-            end
-            def access_key_id
-                @options['access_key_id'] || basic_credentials.access_key_id
-            end
-            def secret_access_key
-                @options['secret_access_key'] || basic_credentials.secret_access_key
-            end
-            def region
-                @options['region'] || basic_credentials.region
-            end
-            def remove
-                Credentials.new({}).delete_from_keyring(keyring_key)
-                Credentials.new({}).delete_from_keyring("#{keyring_key}|basic")
-            end
-            def add
-                if @options['profile']
-                    puts "WARNING: Storing credentials but a profile is specified and used for #{@name}"
-                end
-                if @options['access_key_id'] or @options['secret_access_key']
-                    puts "WARNING: Storing credentials but they are specified in config for #{@name}"
-                end
-                @basic_credentials = Credentials.load_from_keyring("#{keyring_key}|basic")
-                new_creds = get_credentials
-                @basic_credentials.delete_from_keyring(keyring_key) unless @basic_credentials.nil?
-                @basic_credentials = AWSAssumeRole::Credentials.new(new_creds)
-                @basic_credentials.store_in_keyring("#{keyring_key}|basic")
-            end
-            def get_credentials
-                puts "Enter your AWS_ACCESS_KEY_ID: "
-                id = STDIN.gets
-                id.chomp!
-                puts "Enter your AWS_SECRET_ACCESS_KEY: "
-                secret = STDIN.gets
-                secret.chomp!
-                puts "Enter a AWS Region:"
-                region = STDIN.gets
-                region.chomp!
-                creds = {
-                    :access_key_id     => id,
-                    :secret_access_key => secret,
-                    :region            => region,
-                }
-                creds
-            end
-        end
-    end
-end