RubyGems - aws_assume_role - Versions diffs - 0.0.3 → 0.1.0 - Mend

aws_assume_role 0.0.3 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.rubocop.yml +31 -11
data/Gemfile +7 -13
data/LICENSE.md +201 -19
data/README.md +176 -145
data/aws_assume_role.gemspec +35 -21
data/bin/aws-assume-role +1 -83
data/i18n/en.yml +106 -0
data/lib/aws_assume_role.rb +2 -3
data/lib/aws_assume_role/cli.rb +15 -0
data/lib/aws_assume_role/cli/actions/abstract_action.rb +53 -0
data/lib/aws_assume_role/cli/actions/configure_profile.rb +21 -0
data/lib/aws_assume_role/cli/actions/configure_role_assumption.rb +19 -0
data/lib/aws_assume_role/cli/actions/console.rb +68 -0
data/lib/aws_assume_role/cli/actions/delete_profile.rb +20 -0
data/lib/aws_assume_role/cli/actions/includes.rb +18 -0
data/lib/aws_assume_role/cli/actions/list_profiles.rb +10 -0
data/lib/aws_assume_role/cli/actions/migrate_profile.rb +18 -0
data/lib/aws_assume_role/cli/actions/reset_environment.rb +48 -0
data/lib/aws_assume_role/cli/actions/run.rb +34 -0
data/lib/aws_assume_role/cli/actions/set_environment.rb +60 -0
data/lib/aws_assume_role/cli/actions/test.rb +31 -0
data/lib/aws_assume_role/cli/commands/configure.rb +29 -0
data/lib/aws_assume_role/cli/commands/console.rb +17 -0
data/lib/aws_assume_role/cli/commands/delete.rb +11 -0
data/lib/aws_assume_role/cli/commands/environment.rb +32 -0
data/lib/aws_assume_role/cli/commands/list.rb +10 -0
data/lib/aws_assume_role/cli/commands/migrate.rb +11 -0
data/lib/aws_assume_role/cli/commands/run.rb +17 -0
data/lib/aws_assume_role/cli/commands/test.rb +18 -0
data/lib/aws_assume_role/configuration.rb +19 -0
data/lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb +2 -0
data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb +7 -0
data/lib/aws_assume_role/credentials/factories.rb +9 -0
data/lib/aws_assume_role/credentials/factories/abstract_factory.rb +31 -0
data/lib/aws_assume_role/credentials/factories/assume_role.rb +38 -0
data/lib/aws_assume_role/credentials/factories/default_chain_provider.rb +101 -0
data/lib/aws_assume_role/credentials/factories/environment.rb +24 -0
data/lib/aws_assume_role/credentials/factories/includes.rb +17 -0
data/lib/aws_assume_role/credentials/factories/instance_profile.rb +17 -0
data/lib/aws_assume_role/credentials/factories/repository.rb +35 -0
data/lib/aws_assume_role/credentials/factories/shared.rb +15 -0
data/lib/aws_assume_role/credentials/factories/shared_keyring.rb +16 -0
data/lib/aws_assume_role/credentials/factories/static.rb +16 -0
data/lib/aws_assume_role/credentials/providers/assume_role_credentials.rb +58 -0
data/lib/aws_assume_role/credentials/providers/includes.rb +9 -0
data/lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb +102 -0
data/lib/aws_assume_role/credentials/providers/shared_keyring_credentials.rb +22 -0
data/lib/aws_assume_role/includes.rb +30 -0
data/lib/aws_assume_role/logging.rb +16 -28
data/lib/aws_assume_role/profile_configuration.rb +71 -0
data/lib/aws_assume_role/runner.rb +39 -0
data/lib/aws_assume_role/store/includes.rb +16 -0
data/lib/aws_assume_role/store/keyring.rb +59 -0
data/lib/aws_assume_role/store/serialization.rb +18 -0
data/lib/aws_assume_role/store/shared_config_with_keyring.rb +175 -0
data/lib/aws_assume_role/types.rb +30 -0
data/lib/aws_assume_role/ui.rb +55 -0
data/lib/aws_assume_role/vendored/aws.rb +4 -0
data/lib/aws_assume_role/vendored/aws/README.md +2 -0
data/lib/aws_assume_role/vendored/aws/assume_role_credentials.rb +68 -0
data/lib/aws_assume_role/vendored/aws/includes.rb +9 -0
data/lib/aws_assume_role/vendored/aws/refreshing_credentials.rb +60 -0
data/lib/aws_assume_role/vendored/aws/shared_config.rb +220 -0
data/lib/aws_assume_role/version.rb +3 -0
metadata +264 -20
data/.rspec +0 -2
data/Rakefile +0 -2
data/bin/test.rb +0 -39
data/lib/aws_assume_role/credentials.rb +0 -92
data/lib/aws_assume_role/profile.rb +0 -203
data/lib/aws_assume_role/profile/assume_role.rb +0 -127
data/lib/aws_assume_role/profile/basic.rb +0 -152
data/lib/aws_assume_role/profile/list.rb +0 -57

data/lib/aws_assume_role/profile.rb DELETED Viewed

@@ -1,203 +0,0 @@
-require 'keyring'
-module AWSAssumeRole
-    # Base Profile superclass
-    class Profile
-        include Logging
-        # Class methods for dispatch to individual Profile strategy
-        @implementations = {}
-        @named_profiles  = {}
-        @config_file     = '-'
-        class << self
-            attr_accessor :implementations
-            attr_accessor :named_profiles
-            attr_accessor :config_file
-        end
-        def self.register_implementation(type, impl)
-            logger.info('Registering implementation ' \
-                        "for type '#{type}': #{impl}")
-            AWSAssumeRole::Profile.implementations[type] = impl
-        end
-        def self.load_profiles
-            Dir.glob(
-                File.expand_path('profile/*.rb', File.dirname(__FILE__)),
-            ).each do |profile_class|
-                require profile_class
-            end
-        end
-        def self.create(name, options)
-            options['type'] = 'basic' unless options.key?('type')
-            if implementations.key?(options['type'])
-                logger.info("Creating profile '#{name}' "\
-                            "with type #{options['type']}")
-                i = implementations[options['type']].new(name, options)
-                named_profiles[name] = i
-                return i
-            end
-            STDERR.puts 'No implementation for profiles of type '\
-                "'#{options['type']}'"
-            exit -1 # rubocop:disable Lint/AmbiguousOperator
-        end
-        def self.get_by_name(name)
-            unless named_profiles.key?(name)
-                STDERR.puts "No profile '#{name}' found"
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            named_profiles[name]
-        end
-        def self.load_config_file(config_path)
-            @config_file = config_path
-            logger.info("Loading configuration from #{config_path}")
-            parse_config(File.open(config_path))
-        end
-        def self.parse_config(yaml)
-            require 'yaml'
-            profiles = YAML.load(yaml)
-            profiles.each do |name, options|
-                options['config_file'] = config_file
-                options['name']        = name
-                AWSAssumeRole::Profile.create(name, options)
-            end
-        end
-        # Superclass for Profile strategies
-        def set_env(prefix = '') # rubocop:disable Style/AccessorMethodName
-            logger.info("Setting environment with prefix '#{prefix}'")
-            ENV["#{prefix}AWS_ACCESS_KEY_ID"]     = access_key_id
-            ENV["#{prefix}AWS_SECRET_ACCESS_KEY"] = secret_access_key
-            ENV["#{prefix}AWS_DEFAULT_REGION"]    = region
-            return unless respond_to?(:session_token)
-            logger.info(':session_token available, setting environment')
-            ENV["#{prefix}AWS_SESSION_TOKEN"] = session_token
-        end
-        def access_key_id
-            raise NotImplementedError
-        end
-        def secret_access_key
-            raise NotImplementedError
-        end
-        def region
-            raise NotImplementedError
-        end
-        def sts_client
-            raise NotImplementedError
-        end
-        attr_reader :name
-        def use
-            raise NotImplementedError
-        end
-        def add
-            raise NotImplementedError
-        end
-        def remove
-            raise NotImplementedError
-        end
-        def token_code
-            puts "Enter your MFA's time-based one time password: "
-            token_code = STDIN.gets
-            token_code.chomp!
-        end
-        def keyring_key
-            "#{@options['config_file']}|#{@options['name']}"
-        end
-        def session(duration = 3600)
-            # See if we already have a non-expired session cached in this
-            # object.
-            unless @session.nil?
-                logger.info('Found session cached in object')
-                return @session unless @session.expired?
-                logger.info('Session expired, deleting keyring key '\
-                            "'#{keyring_key}'")
-                @session.delete_from_keyring(keyring_key)
-            end
-            # See if there's a non-exipred session cached in the keyring
-            @session = AWSAssumeRole::Credentials.load_from_keyring(keyring_key)
-            unless @session.nil?
-                logger.info("Found session in keyring for '#{keyring_key}'")
-                return @session unless @session.expired?
-                logger.info('Session expired, deleting keyring key '\
-                            "'#{keyring_key}'")
-                @session.delete_from_keyring(keyring_key)
-            end
-            begin
-                identity  = sts_client.get_caller_identity
-            rescue Aws::Errors::MissingCredentialsError
-                STDERR.puts "No credentials found. Set one in the credentials file "\
-                     "or environment."
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            user_name = identity.arn.split('/')[1]
-            mfa_arn   = "arn:aws:iam::#{identity.account}:mfa/#{user_name}"
-            mfa_token_code = token_code
-            begin
-                session = sts_client.get_session_token(
-                    duration_seconds: duration,
-                    serial_number:    mfa_arn,
-                    token_code:       mfa_token_code,
-                )
-            rescue Aws::STS::Errors::AccessDenied
-                STDERR.puts 'MultiFactorAuthentication failed with invalid MFA ' \
-                            'one time pass code.'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            @session = Credentials.create_from_sdk(session.credentials)
-            logger.info("Storing session in keyring '#{keyring_key}'")
-            @session.store_in_keyring(keyring_key)
-            @session
-        end
-    end
-end

data/lib/aws_assume_role/profile/assume_role.rb DELETED Viewed

@@ -1,127 +0,0 @@
-# AWSAssumeRole
-module AWSAssumeRole
-    class Profile
-        # A Profile implementation for assuming roles using STS
-        class AssumeRole < Profile
-            include Logging
-            register_implementation('assume_role', self)
-            @sts_client = nil
-            @role       = nil
-            @options    = nil
-            @name       = nil
-            def default_options
-                {
-                    'parent'   => 'default',
-                    'duration' => 3600,
-                }
-            end
-            def initialize(name, options = {})
-                require 'aws-sdk'
-                @options = default_options.merge(options)
-                @name    = name
-            end
-            def sts_client
-                return @sts_client unless @sts_client.nil?
-                parent = AWSAssumeRole::Profile.get_by_name(@options['parent'])
-                @sts_client = Aws::STS::Client.new(
-                    access_key_id:     parent.session.access_key_id,
-                    secret_access_key: parent.session.secret_access_key,
-                    session_token:     parent.session.session_token,
-                )
-                @sts_client
-            rescue Aws::Errors::MissingRegionError
-                STDERR.puts 'No region was given. \
-                    Set one in the credentials file or environment'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            def role_credentials
-                # Check for non-expired session cached here
-                unless @role_credentials.nil?
-                    return @role_credentials unless @role_credentials.expired?
-                    @role_credentials.delete_from_keyring(keyring_key)
-                end
-                # See if here's a non-exipred session in the keyring
-                @role_credentials = Credentials.load_from_keyring(keyring_key)
-                unless @role_credentials.nil?
-                    return @role_credentials unless @role_credentials.expired?
-                    @role_credentials.delete_from_keyring(keyring_key)
-                end
-                role = sts_client.assume_role(
-                    role_arn:          @options['role_arn'],
-                    role_session_name: name, # use something else?
-                    duration_seconds:  @options['duration'],
-                )
-                @role_credentials =
-                    Credentials.create_from_sdk(role.credentials)
-                @role_credentials.store_in_keyring(keyring_key)
-                @role_credentials
-            end
-            def access_key_id
-                role_credentials.access_key_id
-            end
-            def secret_access_key
-                role_credentials.secret_access_key
-            end
-            def session_token
-                role_credentials.session_token
-            end
-            def region
-                @options['region']
-            end
-            def use
-                set_env if @options['set_environment']
-            end
-            def remove
-                Credentials.new({}).delete_from_keyring(keyring_key)
-            end
-            def add
-                STDERR.puts "You can't add credentials to an assume_role "\
-                    'just basic/parent accounts.'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-        end
-    end
-end

data/lib/aws_assume_role/profile/basic.rb DELETED Viewed

@@ -1,152 +0,0 @@
-# AWSAssumeRole
-module AWSAssumeRole
-    class Profile
-        # Profile implementation which takes credentials from either
-        # passed options, from the environment, or from .aws/credentials
-        # file (per the standard behaviour of Aws::STS::Client)
-        class Basic < Profile
-            include Logging
-            register_implementation('basic', self)
-            @sts_client = nil
-            @options    = nil
-            @name       = nil
-            def initialize(name, options = {})
-                require 'aws-sdk'
-                @options = options
-                @name    = name
-            end
-            def sts_client
-                logger.debug("Calling STS client")
-                return @sts_client unless @sts_client.nil?
-                if @options.key?('profile')
-                    logger.info("Loading profile #{@options['profile']} from ~/.aws/credentials")
-                    # Attempt to load with profile name suplied
-                    @sts_client = Aws::STS::Client.new(
-                        profile: @options['profile'],
-                    )
-                elsif access_key_id && secret_access_key
-                    logger.debug("Access Key: #{access_key_id}")
-                    logger.debug("Secret Key: #{secret_access_key}")
-                    logger.debug("Region: #{region}")
-                    @sts_client = Aws::STS::Client.new(
-                        access_key_id:     access_key_id,
-                        secret_access_key: secret_access_key,
-                        region:            region,
-                    )
-                else
-                    @sts_client = Aws::STS::Client.new
-                end
-                @sts_client
-            rescue Aws::Errors::MissingRegionError
-                STDERR.puts 'No region was given. \
-                    Set one in the credentials file or environment'
-                exit -1 # rubocop:disable Lint/AmbiguousOperator
-            end
-            def basic_credentials
-                logger.debug("Loading basic credentials")
-                # Check for profile creds in keyring first
-                @basic_credentials = Credentials.load_from_keyring("#{keyring_key}|basic")
-                return @basic_credentials unless @basic_credentials.nil?
-                creds = {
-                    :access_key_id     => ENV['AWS_ACCESS_KEY_ID'],
-                    :secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
-                }
-                if creds[:access_key_id].nil? or creds[:secret_access_key].nil?
-                    STDERR.puts 'No AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY ' \
-                                'found in the environment.'
-                    exit -1 # rubocop:disable Lint/AmbiguousOperator
-                end
-                unless @options['region'].nil?
-                    creds[:region] = @options['region']
-                else
-                    creds[:region] = ENV['AWS_DEFAULT_REGION']
-                end
-                @basic_credentials = AWSAssumeRole::Credentials.new(creds)
-                @basic_credentials
-            end
-            def access_key_id
-                @options['access_key_id'] || basic_credentials.access_key_id
-            end
-            def secret_access_key
-                @options['secret_access_key'] || basic_credentials.secret_access_key
-            end
-            def region
-                @options['region'] || basic_credentials.region
-            end
-            def remove
-                Credentials.new({}).delete_from_keyring(keyring_key)
-                Credentials.new({}).delete_from_keyring("#{keyring_key}|basic")
-            end
-            def add
-                if @options['profile']
-                    puts "WARNING: Storing credentials but a profile is specified and used for #{@name}"
-                end
-                if @options['access_key_id'] or @options['secret_access_key']
-                    puts "WARNING: Storing credentials but they are specified in config for #{@name}"
-                end
-                @basic_credentials = Credentials.load_from_keyring("#{keyring_key}|basic")
-                new_creds = get_credentials
-                @basic_credentials.delete_from_keyring(keyring_key) unless @basic_credentials.nil?
-                @basic_credentials = AWSAssumeRole::Credentials.new(new_creds)
-                @basic_credentials.store_in_keyring("#{keyring_key}|basic")
-            end
-            def get_credentials
-                puts "Enter your AWS_ACCESS_KEY_ID: "
-                id = STDIN.gets
-                id.chomp!
-                puts "Enter your AWS_SECRET_ACCESS_KEY: "
-                secret = STDIN.gets
-                secret.chomp!
-                puts "Enter a AWS Region:"
-                region = STDIN.gets
-                region.chomp!
-                creds = {
-                    :access_key_id     => id,
-                    :secret_access_key => secret,
-                    :region            => region,
-                }
-                creds
-            end
-        end
-    end
-end