aws_assume_role 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c34fe41cd7fb5cf0bdcbcc06ed9c29b68a2df815
-  data.tar.gz: 1ce33d2f0ba1ccc59035b5909b3dfdd23daa0ec8
+  metadata.gz: 740d4539f3f7bf68b7acedc131890496b67eaef4
+  data.tar.gz: a5f739bbb05c1cd1edfc59e156ee2a348c88c9ff
 SHA512:
-  metadata.gz: 9189297164904fa24ce99e87d8fa37b8c8025b9bb4ccdc902d0cca489a69a5cafdd101fccac38986c45442fa05ebb4efbb0d5d0bc3a3740996d18be7c689d99f
-  data.tar.gz: b1e6cd683fc648571d292cfc5c911e6448d8c9c0ab0082d0f2800fc97e5d785aac6a0210e37bad3962d1d9f6107e53d730ba8bf4f4ace501b3297897a13da8d6
+  metadata.gz: 0898326d54de021a939f2375466c7376a3e42cca8b7c597d4b03a9b11b4a407b078b4560ec3790418c462a84bbde0836a2f9ea30acf5e1b3cebfab25e2567a55
+  data.tar.gz: f161cc86abf84c2e893cc9426bea9861b02b30bd31fccbf2ed8f7ac526252d51f236e530b5a178fffde1db94ef910a7cf87fc22c9645f8685f0eaa49eeb58c24

data/.gitignore

@@ -5,3 +5,5 @@ pkg/
 Gemfile.lock
 spec/reports/
 tags
+*.gem
+coverage

data/.rubocop.yml

@@ -1,5 +1,4 @@
 ---
-#require: rubocop-rspec
 AllCops:
     DisplayCopNames: true
     Exclude:
@@ -26,9 +25,6 @@ Metrics/PerceivedComplexity:
 Style/IndentationWidth:
     Width: 4
 
-RSpec/ExampleLength:
-    Enabled: false
-
 Style/TrailingCommaInArguments:
     EnforcedStyleForMultiline: comma
 

data/.ruby-version

@@ -0,0 +1 @@
+2.1.10

data/.simplecov

@@ -0,0 +1,22 @@
+require 'coveralls'
+Coveralls.wear_merged!
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter
+])
+
+SimpleCov.start do
+
+  project_name 'AWS Assume Role'
+
+  add_filter '/spec/'
+  add_filter 'lib/aws_assume_role/vendored'
+
+  %w(aws_assume_role).each do |group_name|
+    add_group(group_name, "/#{group_name}/lib")
+  end
+
+  merge_timeout 60 * 15 # 15 minutes
+
+end

data/.travis.yml

@@ -1,11 +1,20 @@
 language: ruby
 rvm:
+- 2.1
 - 2.2
+- 2.3.0
+sudo: false
+script: bundle exec rake
 deploy:
   provider: rubygems
   api_key:
-    secure: ndWQ3WVAkQRcKO1MhKz4OY7shjLpGNtOw6vUR62Eza9nc1i32pyLXs3N8gfXpSQff9SvJP/3UL1GaDDFbA539bMAlLqLaXtsLlu6rUr+QTpa3a9Y1iQfuLixJ/lzJU/7KmWJkUG9iKs/7p+83X9uUQK10BA1eHuClNOmTkLrw4s5WgDaKKG7Sy9ihZ4gIQtONQHZbCQy21UOeuObGXAuPi3mLunoe/ygmCIrNt8T3BmuBmDoB9q6Z1YChEDnyWi5ALnHckZO0IQ5U5BP5WLTaqSKDXtcUifs9uPJ2YHubqghpbIf+5MOfrG92zFoSR4NIuFjhkQ4yT9rRZ8g1bOhBFLe5Xa/GJbX5XNWq/IStEOiWnXPaR6kpTpmjskR1NbonfPB1or++wh7zRT9AQE+loZKWrUTGLRa1vGTlIMVQzzF5jskbIogA8Rmzg0K4vGJ8W0xftWTez/1WWl+yJEwd8JIU9fHp+P1dsLf3bZ8vFgkH0jMm6neaibK7O64RbPdAERQ5s+9zXGjYug5H6xPnWYP7c/tAJn4g020aUGhdftTwpMpf8d3dLa3J4PYQ8XBeEPqjUU2DGscyL9cIbUwCfY5USwulom5tG0yeA/4nS/T36zx/QwOcw60SS2i7QGhN4CeHS6lIFbhb9lFvsRY31JDaR3TgysnX1hGASw22vs=
+    secure: H6MYP5cWFC0BtqrxW6ahc1RFxywtyKRFjGlSpyoBM+AH2y8U194toWQdGyO/QMRQVr7vAZf+MdxYTutDvnBEkwQbof6QBJ1+4GFWSqFgYAVEV5Ddva0ea5dVE8xC3rMRvd+i5KTzwuVNX/+Cux49v2wGRWZLKOmBSWbujsL8SbpdKaPi+qsClkdz3YTrHpGEEWTPNBNTwDMlg+qAX3UkqoAxD5ebrUaFPdJR83yMSGUPfTm/urlKvkx85MONuj7lPL1CyoYJCvy31bE6CWGq2L/+2Fnk8RvNMCaDffY+8YjKhWduBLrGuUYWf+ZcERxW6AxDy6BFIkekpFwpeaDmrdfSTK0aELSZogGqs9VHs9O1pTApdS/NRYDzxC9hmlvub80xC2uI1Vnhn04Z95Gh9KYh0H20UnlBJJ7ewvFPHzQ3zK8Z2O3kJOeZo0rX2d3yGOydyHlf1dX/auGnn8QVcr7w1jERQDLi5ZEAR+EGnYROvfGKjfP9rgaLoouTbEGXx7KV9QQjLUsmQ0q2yu+HoVlQaDtv7VEQTtFnvdmiVGYbWj+DhaquvTmHyiizO7hFOfvVYYFyOM2iFoRCY+dT3kapqc0DM94BUjxV3tMZX6MYNYfwnNwhNNpTXLVvVXP9cShL+ogwY/E0C2Fg2CYdY5/Ioe6hUbAiPx79dwzVfic=
   gem: aws_assume_role
   on:
     tags: true
     repo: scalefactory/aws-assume-role
+notifications:
+  slack:
+    secure: RmJmJSSDI8qdIpM2KKYoXX2mpcL85YZ9r9gF4rauZH9TuqnYOPP3kQ5iYJsE0VUTuZpuvQ8Axoux5IQr+IDK7kMrmrI0iaZp1dAR9tGK+aLF73sprOmQEou6HIoDs97UQhOWlsAUR8max/7WYdJYJ1o78dqavfFtOy0VcHCkUMRf+WxcKzz+8MunsocIYi0HXuz5vC3RAZCOaK2h8epXzmnWq0ke8YeTmddpDWC85wzeDNjA9T1j5WD+y6gC9F0vyaqVqDCsCXlbRKZl7a1TU9QGDVyBzowoGsWmTpFR80v4CKofAn6nnMRqblwATOS1jMT+HC+Yku29qFzXPugYa2KAUSQaYQiOe+TE5IDa2Exe/57ZQCOq4ve8gKSE9aQXh4Riq3u8qccM+UeoQdcwgXQIciTeWjqi4LQro6Dbyrv8XrUbxdG0VPsWmf49jbWgq6PPAJqdcbXr9eGb+81uJ2REa1vhDYZu4T3JHv4erd5QlyYWzeBJ/LMQav/C5mnMF43jg8DzZ2g0BZBao/reO9xcZre/ka8eOus9Ll1i+8PCxmFZMx2KDPC9i5R7bXL/CwPBjzFInmvHM0cgKjxrRSY6xMWSPyBbgdsKJl2qag74K5xG+2VPlMcVx0ikTKVjsja5iPlOYKhflGAfCKvpzPcd2QoEWg8jZYqZtO9Nj+M=
+    on_success: change
+    on_failure: change

data/Gemfile

@@ -4,6 +4,7 @@ source "https://rubygems.org"
 gemspec
 
 group :test do
+    gem "coveralls", require: false
     gem "rake"
 end
 

data/README.md

@@ -1,5 +1,10 @@
 aws-assume-role
 ---------------
+[![Build Status](https://travis-ci.org/scalefactory/aws-assume-role.svg?branch=master)](https://travis-ci.org/scalefactory/aws-assume-role)
+[![Coverage Status](https://coveralls.io/repos/github/scalefactory/aws-assume-role/badge.svg?branch=master)](https://coveralls.io/github/scalefactory/aws-assume-role?branch=master)
+[![Code Climate](https://codeclimate.com/github/scalefactory/aws-assume-role/badges/gpa.svg)](https://codeclimate.com/github/scalefactory/aws-assume-role)
+[![Dependencies](https://img.shields.io/librariesio/github/scalefactory/aws-assume-role.svg)](https://libraries.io/rubygems/aws_assume_role)
+[![Gem Version](https://badge.fury.io/rb/aws_assume_role.svg)](https://badge.fury.io/rb/aws_assume_role)
 
 aws-assume-role is a utility intended for developer and operator environments
 who need to use 2FA and role assumption to access AWS services.
@@ -17,11 +22,11 @@ disk as unencrypted files.
 
 It allows easy credential management and role assumption with a 2FA/MFA device.
 
-For more information on role assumption, see the AWS documentation.
+For more information on role assumption, see the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).
 
 Requirements
 ------------
-*   Ruby ≥ 2.2
+*   Ruby ≥ 2.1
 *   OS X KeyChain or GNOME Keyring
 
 Install
@@ -179,14 +184,14 @@ where options is a hash with the following symbol keys:
 `aws_assume_role` resolves credentials in almost the same way as the AWS SDK, i.e.:
 
 ```no-highlight
-static credentials ⟶ environment variables ⟶ configured profiles
+static credentials ⟶ environment variables ⟶ configured profiles role ⟶ assumption (look up source profile and check for 2FA)
 ```
 
 Any of the above may get chained to do MFA or role assumption, or both,
 in the following order:
 
 ```no-highlight
-second factor ⟶ role assumption (look up source profile and check for 2FA) ⟶ ecs/instance profile
+second factor ⟶  ecs/instance profile
 ```
 
 These are the same as the AWS SDK equivalents whereever possible. The command line help will give an explanation of the rest.

data/Rakefile

@@ -1,8 +1,23 @@
 require "bundler/gem_tasks"
-task default: :spec
+task default: :test
 
 begin
     require "rspec/core/rake_task"
     RSpec::Core::RakeTask.new(:spec)
 rescue LoadError # rubocop:disable Lint/HandleExceptions
 end
+
+begin
+    require "rubocop/rake_task"
+    RuboCop::RakeTask.new(:rubocop)
+rescue LoadError # rubocop:disable Lint/HandleExceptions
+end
+
+task :test => [:no_pry, :rubocop, :spec] # rubocop:disable Style/HashSyntax
+
+task :no_pry do
+    files = Dir.glob("**/**").reject { |x| x.match(/^spec|Gemfile|coverage|\.gemspec$|Rakefile/) || File.directory?(x) }
+    files.each do |file|
+        raise "Use of pry found in #{file}." if File.read(file) =~ /"pry"/
+    end
+end

data/aws_assume_role.gemspec

@@ -22,10 +22,10 @@ Gem::Specification.new do |spec|
     spec.executables   = spec.files.grep(%r{^bin/aws}) { |f| File.basename(f) }
     spec.require_paths = ["lib"]
 
-    spec.add_runtime_dependency "activesupport", "~> 4.0"
+    spec.add_runtime_dependency "activesupport", "~> 4.2"
     spec.add_runtime_dependency "aws-sdk", "~> 2.7"
     spec.add_runtime_dependency "dry-configurable", "~> 0.5"
-    spec.add_runtime_dependency "dry-initializer", "~> 1.1"
+    spec.add_runtime_dependency "dry-struct", "~> 0.1"
     spec.add_runtime_dependency "dry-types", "~> 0.9"
     spec.add_runtime_dependency "dry-validation", "~> 0.10"
     spec.add_runtime_dependency "gli", "~> 2.15"
@@ -38,6 +38,8 @@ Gem::Specification.new do |spec|
     spec.add_development_dependency "rspec", "~> 3.5"
     spec.add_development_dependency "rubocop", "~> 0.46"
     spec.add_development_dependency "yard", "~> 0.9"
+    spec.add_development_dependency "simplecov", "~> 0.13"
+    spec.add_development_dependency "webmock", "~> 2.3"
 
     case Gem::Platform.local.os
     when "linux"

data/lib/aws_assume_role/cli/actions/abstract_action.rb

@@ -4,12 +4,15 @@ require_relative "../../profile_configuration"
 class AwsAssumeRole::Cli::Actions::AbstractAction
     include AwsAssumeRole
     include AwsAssumeRole::Types
-    include Ui
+    include AwsAssumeRole::Ui
+    include AwsAssumeRole::Logging
     CommandSchema = proc { raise "CommandSchema Not implemented" }
 
     def initialize(global_options, options, args)
         config = ProfileConfiguration.new_from_cli(global_options, options, args)
-        result = validate_options(config.to_h.deep_symbolize_keys)
+        logger.debug "Config initialized with #{config.to_hash}"
+        result = validate_options(config.to_hash)
+        logger.debug "Config validated as #{result.to_hash}"
         return act_on(config) if result.success?
         Ui.show_validation_errors result
     end
@@ -17,8 +20,9 @@ class AwsAssumeRole::Cli::Actions::AbstractAction
     private
 
     def try_for_credentials(config)
-        @provider ||= AwsAssumeRole::Credentials::Factories::DefaultChainProvider.new(config.to_h)
+        @provider ||= AwsAssumeRole::Credentials::Factories::DefaultChainProvider.new(config.to_hash)
         creds = @provider.resolve(nil_with_role_not_set: true)
+        logger.debug "Got credentials #{creds}"
         return creds unless creds.nil?
     rescue NoMethodError
         error "Cannot find any credentials"

data/lib/aws_assume_role/cli/actions/includes.rb

@@ -1,13 +1,5 @@
-require "i18n"
-require "aws-sdk"
-require "dry-types"
+require_relative "../includes"
 require_relative "../../types"
-require "dry-validation"
-require "active_support/core_ext/hash/compact"
-require "active_support/core_ext/hash/keys"
-require "launchy"
-require "open-uri"
-require "json"
 require_relative "../../../aws_assume_role"
 
 module AwsAssumeRole

data/lib/aws_assume_role/cli/actions/run.rb

@@ -20,7 +20,7 @@ class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAc
     def act_on(config)
         credentials = try_for_credentials config.to_h
         unless config.args.empty?
-            Runner.new(config.args,
+            Runner.new(command: config.args,
                        environment: { "AWS_DEFAULT_REGION" => resolved_region },
                        credentials: credentials)
         end

data/lib/aws_assume_role/cli/actions/test.rb

@@ -17,7 +17,9 @@ class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractA
     end
 
     def act_on(config)
-        credentials = try_for_credentials config.to_h
+        logger.debug "Will try for credentials"
+        credentials = try_for_credentials config
+        logger.debug "Got credentials #{credentials}"
         client = Aws::STS::Client.new(credentials: credentials, region: resolved_region)
         identity = client.get_caller_identity
         out format(t("commands.test.output"), identity.account, identity.arn, identity.user_id)

data/lib/aws_assume_role/cli/includes.rb

@@ -0,0 +1 @@
+require_relative "../includes"

data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb

@@ -1,4 +1,4 @@
-require "aws-sdk"
+require_relative "../../includes"
 module AwsAssumeRole
     module CoreExt
         module Aws

data/lib/aws_assume_role/credentials/factories/abstract_factory.rb

@@ -15,7 +15,7 @@ class AwsAssumeRole::Credentials::Factories::AbstractFactory
     end
 
     def self.type(str)
-        @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :role_assumption_provider)[str]
+        @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :instance_role_provider)[str]
         register_if_complete
     end
 

data/lib/aws_assume_role/credentials/factories/assume_role.rb

@@ -4,11 +4,14 @@ require_relative "../providers/mfa_session_credentials"
 
 class AwsAssumeRole::Credentials::Factories::AssumeRole < AwsAssumeRole::Credentials::Factories::AbstractFactory
     include AwsAssumeRole::Credentials::Factories
-    type :role_assumption_provider
-    priority 30
+    type :credential_provider
+    priority 20
 
     def initialize(options)
+        logger.debug "AwsAssumeRole::Credentials::Factories::AssumeRole initiated with #{options}"
+        return unless options[:profile] || options[:role_arn]
         if options[:profile]
+            logger.debug "AwsAssumeRole: #{options[:profile]} found. Trying with profile"
             try_with_profile(options)
         else
             if options[:use_mfa]
@@ -19,20 +22,16 @@ class AwsAssumeRole::Credentials::Factories::AssumeRole < AwsAssumeRole::Credent
     end
 
     def try_with_profile(options)
-        if AwsAssumeRole.shared_config.config_enabled?
-            @profile = options[:profile]
-            @region = options[:region]
-            @credentials = assume_role_with_profile(options[:profle], options[:region])
-        end
-        @credentials = assume_role_with_profile(@profile, @region)
-        @region ||= AwsAssumeRole.shared_config.profile_region(@profiles)
+        return unless AwsAssumeRole.shared_config.config_enabled?
+        logger.debug "AwsAssumeRole: Shared Config enabled"
+        @profile = options[:profile]
+        @region = options[:region]
+        @credentials = assume_role_with_profile(options)
+        @region ||= AwsAssumeRole.shared_config.profile_region(@profile)
         @role_arn ||= AwsAssumeRole.shared_config.profile_role(@profile)
     end
 
-    def assume_role_with_profile(prof, region)
-        AwsAssumeRole.shared_config.assume_role_credentials_from_config(
-            profile: prof,
-            region: region,
-        )
+    def assume_role_with_profile(options)
+        AwsAssumeRole.shared_config.assume_role_credentials_from_config(options)
     end
 end

data/lib/aws_assume_role/credentials/factories/default_chain_provider.rb

@@ -6,77 +6,83 @@ require_relative "environment"
 require_relative "repository"
 require_relative "instance_profile"
 require_relative "assume_role"
-require_relative "shared_keyring"
 require_relative "shared"
 require_relative "static"
 
-class AwsAssumeRole::Credentials::Factories::DefaultChainProvider
-    extend Dry::Initializer::Mixin
+class AwsAssumeRole::Credentials::Factories::DefaultChainProvider < Dry::Struct
+    constructor_type :schema
     include AwsAssumeRole::Credentials::Factories
+    include AwsAssumeRole::Logging
 
-    option :access_key_id, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :credentials, default: proc { nil }
-    option :secret_access_key, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :session_token, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :duration_seconds, Dry::Types["coercible.int"].optional, default: proc { nil }
-    option :external_id, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :persist_session, Dry::Types["strict.bool"], default: proc { true }
-    option :profile, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :profile_name, Dry::Types["strict.string"].optional, default: proc { @profile }
-    option :region, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :role_arn, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :role_session_name, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :serial_number, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :use_mfa, default: proc { false }
-    option :no_profile, default: proc { false }
-    option :source_profile, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :instance_profile_credentials_retries, Dry::Types["strict.int"], default: proc { 0 }
-    option :instance_profile_credentials_timeout, Dry::Types["coercible.float"], default: proc { 1 }
+    attribute :access_key_id, Dry::Types["strict.string"].optional
+    attribute :credentials, Dry::Types["object"].optional
+    attribute :secret_access_key, Dry::Types["strict.string"].optional
+    attribute :session_token, Dry::Types["strict.string"].optional
+    attribute :duration_seconds, Dry::Types["coercible.int"].optional
+    attribute :external_id, Dry::Types["strict.string"].optional
+    attribute :persist_session, Dry::Types["strict.bool"].default(true)
+    attribute :path, Dry::Types["strict.string"].optional
+    attribute :profile, Dry::Types["strict.string"].optional
+    attribute :profile_name, Dry::Types["strict.string"].optional
+    attribute :region, Dry::Types["strict.string"].optional
+    attribute :role_arn, Dry::Types["strict.string"].optional
+    attribute :role_session_name, Dry::Types["strict.string"].optional
+    attribute :serial_number, Dry::Types["strict.string"].optional
+    attribute :mfa_serial, Dry::Types["strict.string"].optional
+    attribute :use_mfa, Dry::Types["strict.bool"].default(false)
+    attribute :no_profile, Dry::Types["strict.bool"].default(false)
+    attribute :source_profile, Dry::Types["strict.string"].optional
+    attribute :instance_profile_credentials_retries, Dry::Types["strict.int"].default(0)
+    attribute :instance_profile_credentials_timeout, Dry::Types["coercible.float"].default(1.0)
 
-    def initialize(*options)
-        if options[0].is_a? Seahorse::Client::Configuration::DefaultResolver
-            initialize_with_seahorse(options[0])
+    def self.new(options)
+        if options.respond_to? :resolve
+            finalize_instance new_with_seahorse(options)
         else
-            super(*options)
+            finalize_instance(options)
         end
-        @profile_name ||= @profile
-        @original_profile = @profile
+    end
+
+    def self.finalize_instance(options)
+        new_opts = options.to_h
+        new_opts[:profile_name] ||= new_opts[:profile]
+        new_opts[:original_profile] = new_opts[:profile_name]
+        instance = allocate
+        instance.send(:initialize, new_opts)
+        instance
+    end
+
+    def self.new_with_seahorse(resolver)
+        keys = resolver.resolve
+        options = keys.map do |k|
+            [k, resolver.send(k)]
+        end
+        finalize_instance(options.to_h)
     end
 
     def resolve(nil_with_role_not_set: false, explicit_default_profile: false)
         resolve_final_credentials(explicit_default_profile)
-        nil_creds = Aws::Credentials.new(nil, nil, nil)
-        return nil_creds if (nil_with_role_not_set &&
+        # nil_creds = Aws::Credentials.new(nil, nil, nil)
+        return nil if (nil_with_role_not_set &&
                              @role_arn &&
                              @credentials.credentials.session_token.nil?) || @credentials.nil?
         @credentials
     end
 
+    def to_h
+        to_hash
+    end
+
     private
 
     def resolve_final_credentials(explicit_default_profile = false)
         resolve_credentials(:credential_provider, true, explicit_default_profile)
         return @credentials if @credentials && @credentials.set? && !use_mfa && !role_arn
         resolve_credentials(:second_factor_provider, true, explicit_default_profile)
-        return @credentials if @credentials && @credentials.set? && !role_arn
-        resolve_credentials(:role_assumption_provider, true, explicit_default_profile)
         return @credentials if @credentials && @credentials.set?
-        Aws::Credentials.new(nil, nil, nil)
-    end
-
-    def initialize_with_seahorse(resolver)
-        keys = resolver.resolve
-        options = keys.map do |k|
-            [k, resolver.send(k)]
-        end
-        __initialize__(options.to_h)
-    end
-
-    def to_h
-        instance_values.delete("__options__").symbolize_keys.merge(
-            instance_profile_credentials_retries: instance_profile_credentials_retries,
-            instance_profile_credentials_timeout: instance_profile_credentials_timeout,
-        )
+        resolve_credentials(:instance_role_provider, true, explicit_default_profile)
+        return @credentials if @credentials && @credentials.set?
+        nil
     end
 
     def resolve_credentials(type, break_if_successful = false, explicit_default_profile = false)
@@ -84,13 +90,16 @@ class AwsAssumeRole::Credentials::Factories::DefaultChainProvider
         factories_to_try.each do |x|
             options = to_h
             options[:credentials] = credentials if credentials && credentials.set?
+            logger.debug "About to try credential lookup with #{x}"
             factory = x.new(options)
             @region ||= factory.region
             @profile ||= factory.profile
             @role_arn ||= factory.role_arn
             next unless factory.credentials && factory.credentials.set?
+            logger.debug "Profile currently #{@profile}"
             next if explicit_default_profile && (@profile == "default") && (@profile != @original_profile)
             @credentials ||= factory.credentials
+            logger.debug "Got #{@credentials}"
             break if break_if_successful
         end
     end

data/lib/aws_assume_role/credentials/factories/includes.rb

@@ -1,17 +1,13 @@
-require "dry-initializer"
-require "dry-types"
-require "aws-sdk"
+require_relative "../includes"
 require_relative "../../logging"
 require_relative "../../vendored/aws"
 require_relative "../../../aws_assume_role"
 
-module AwsAssumeRole
-    module Credentials
-        module Factories
-            Types = Dry::Types.module
-            include AwsAssumeRole
-            include AwsAssumeRole::Logging
-            include AwsAssumeRole::Vendored::Aws
-        end
+module AwsAssumeRole::Credentials
+    module Factories
+        Types = Dry::Types.module
+        include AwsAssumeRole
+        include AwsAssumeRole::Logging
+        include AwsAssumeRole::Vendored::Aws
     end
 end

data/lib/aws_assume_role/credentials/factories/instance_profile.rb

@@ -1,7 +1,7 @@
 require_relative "abstract_factory"
 
 class AwsAssumeRole::Credentials::Factories::InstanceProfile < AwsAssumeRole::Credentials::Factories::AbstractFactory
-    type :role_assumption_provider
+    type :instance_role_provider
     priority 40
 
     def initialize(options = {})

data/lib/aws_assume_role/credentials/factories/repository.rb

@@ -9,7 +9,7 @@ class AwsAssumeRole::Credentials::Factories::Repository
     FactoryRepositoryType = Types::Hash.schema(
         credential_provider: SubFactoryRepositoryType,
         second_factor_provider: SubFactoryRepositoryType,
-        role_assumption_provider: SubFactoryRepositoryType,
+        instance_role_provider: SubFactoryRepositoryType,
     )
 
     def self.factories
@@ -20,7 +20,7 @@ class AwsAssumeRole::Credentials::Factories::Repository
         @repository ||= FactoryRepositoryType[
             credential_provider: {},
             second_factor_provider: {},
-            role_assumption_provider: {},
+            instance_role_provider: {},
         ]
     end
 

data/lib/aws_assume_role/credentials/factories/shared.rb

@@ -1,14 +1,16 @@
 require_relative "abstract_factory"
+require_relative "../providers/shared_keyring_credentials"
 
 class AwsAssumeRole::Credentials::Factories::Shared < AwsAssumeRole::Credentials::Factories::AbstractFactory
     type :credential_provider
-    priority 20
+    priority 30
 
     def initialize(options = {})
-        @profile = options[:profile] || "default"
-        @credentials = AwsAssumeRole::Vendored::Aws::SharedCredentials.new(profile_name: @profile)
-        @region = AwsAssumeRole.shared_config.profile_region(@profile)
-        @role_arn = AwsAssumeRole.shared_config.profile_role(@profile)
+        logger.debug "Shared Factory initiated with #{options}"
+        @profile = options[:profile]
+        @credentials = AwsAssumeRole::Credentials::Providers::SharedKeyringCredentials.new(options)
+        @region = @credentials.region
+        @role_arn = @credentials.role_arn
     rescue Aws::Errors::NoSuchProfileError
         nil
     end

data/lib/aws_assume_role/credentials/includes.rb

@@ -0,0 +1,4 @@
+require_relative "../includes"
+module AwsAssumeRole
+    module Credentials end
+end

data/lib/aws_assume_role/credentials/providers/includes.rb

@@ -1,9 +1,7 @@
+require_relative "../includes"
 require_relative "../../vendored/aws"
 require_relative "../../ui"
 require_relative "../../logging"
-module AwsAssumeRole
-    module Credentials
-        module Providers
-        end
-    end
+module AwsAssumeRole::Credentials
+    module Providers end
 end

data/lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb

@@ -1,32 +1,29 @@
 require_relative "includes"
 require_relative "../../types"
+require_relative "../../configuration"
 
-class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials
+class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials < Dry::Struct
+    constructor_type :schema
     include AwsAssumeRole::Vendored::Aws::CredentialProvider
     include AwsAssumeRole::Vendored::Aws::RefreshingCredentials
     include AwsAssumeRole::Ui
     include AwsAssumeRole::Logging
-    include AwsAssumeRole
-    Types = Dry::Types.module
-    extend Dry::Initializer::Mixin
-
-    attr_reader :permanent_credentials
-
-    option :permanent_credentials, default: proc { credentials }
-    option :credentials
-    option :expiration, type: Types::Strict::Time, default: proc { Time.now }
-    option :first_time, type: Types::Strict::Bool, default: proc { true }
-    option :persist_session, type: Types::Strict::Bool, default: proc { true }
-    option :duration_seconds, type: Types::Coercible::Int, default: proc { 3600 }
-    option :region, type: AwsAssumeRole::Types::Region.optional, default: proc { AwsAssumeRole.Config.region }
-    option :serial_number, type: AwsAssumeRole::Types::MfaSerial.optional, default: proc { "automatic" }
-
-    def initialize(*options)
-        super(*options)
+
+    attribute :permanent_credentials, Dry::Types["object"].optional
+    attribute :credentials, Dry::Types["object"].optional
+    attribute :expiration, Dry::Types["strict.time"].default(Time.now)
+    attribute :first_time, Dry::Types["strict.bool"].default(true)
+    attribute :persist_session, Dry::Types["strict.bool"].default(true)
+    attribute :duration_seconds, Dry::Types["coercible.int"].default(3600)
+    attribute :region, AwsAssumeRole::Types::Region.optional
+    attribute :serial_number, AwsAssumeRole::Types::MfaSerial.optional.default("automatic")
+
+    def initialize(options)
+        options.each { |key, value| instance_variable_set("@#{key}", value) }
         @permanent_credentials ||= credentials
         @credentials = nil
         @serial_number = resolve_serial_number(serial_number)
-        AwsAssumeRole::Vendored::Aws::RefreshingCredentials.instance_method(:initialize).bind(self).call(*options)
+        AwsAssumeRole::Vendored::Aws::RefreshingCredentials.instance_method(:initialize).bind(self).call(options)
     end
 
     private
@@ -67,14 +64,15 @@ class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials
     end
 
     def credentials_from_keyring
-        @credentials_from_keyring ||= AwsAssumeRole::Store::Keyring.fetch @keyring_username
+        @credentials_from_keyring ||= AwsAssumeRole::Store::Keyring.fetch keyring_username
     rescue Aws::Errors::NoSuchProfileError
         logger.debug "Key not found"
         @credentials_from_keyring = nil
+        return nil
     end
 
     def persist_credentials
-        AwsAssumeRole::Store::Keyring.save_credentials @keyring_username, @credentials, expiration: @expiration
+        AwsAssumeRole::Store::Keyring.save_credentials keyring_username, @credentials, expiration: @expiration
     end
 
     def instance_credentials(credentials)
@@ -84,7 +82,7 @@ class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials
     end
 
     def set_credentials_from_keyring
-        instance_credentials credentials_from_keyring
+        instance_credentials credentials_from_keyring if credentials_from_keyring
         initialized
         refresh_using_mfa unless @credentials && !near_expiration?
     end
@@ -98,5 +96,4 @@ class AwsAssumeRole::Credentials::Providers::MfaSessionCredentials
         user_name = identity.arn.split("/")[1]
         "arn:aws:iam::#{identity.account}:mfa/#{user_name}"
     end
-    Dry::Types.register_class(self)
 end

data/lib/aws_assume_role/credentials/providers/shared_keyring_credentials.rb

@@ -2,21 +2,38 @@ require_relative "includes"
 require_relative "../../types"
 
 class AwsAssumeRole::Credentials::Providers::SharedKeyringCredentials < ::Aws::SharedCredentials
+    include AwsAssumeRole::Logging
+    attr_reader :region, :role_arn
+
     def initialize(options = {})
-        shared_config = AwsAssumeRole.shared_config
+        logger.debug "SharedKeyringCredentials initiated with #{options}"
         @path = options[:path]
-        @path ||= shared_config.credentials_path
-        @profile_name = options[:profile_name]
+        @path ||= AwsAssumeRole.shared_config.credentials_path
+        @profile_name = options[:profile_name] ||= options[:profile]
         @profile_name ||= ENV["AWS_PROFILE"]
-        @profile_name ||= shared_config.profile_name
-        if @path && @path == shared_config.credentials_path
-            @credentials = shared_config.credentials(profile: @profile_name)
+        @profile_name ||= AwsAssumeRole.shared_config.profile_name
+        logger.debug "SharedKeyringCredentials resolved profile name #{@profile_name}"
+        config = determine_config(@path, @profile_name)
+        @role_arn = config.profile_hash(@profile_name)
+        @region = config.profile_region(@profile_name)
+        @role_arn = config.profile_role(@profile_name)
+        attempted_credential = config.credentials(options)
+        return unless attempted_credential && attempted_credential.set?
+        @credentials = attempted_credential
+    end
+
+    private
+
+    def determine_config(path, profile_name)
+        if path && path == AwsAssumeRole.shared_config.credentials_path
+            logger.debug "SharedKeyringCredentials found shared credential path"
+            AwsAssumeRole.shared_config
         else
-            config = AwsAssumeRole::Store::SharedConfig.new(
-                credentials_path: @path,
-                profile_name: @profile_name,
+            logger.debug "SharedKeyringCredentials found custom credential path"
+            AwsAssumeRole::Store::SharedConfigWithKeyring.new(
+                credentials_path: path,
+                profile_name: profile_name,
             )
-            @credentials = config.credentials(profile: @profile_name)
         end
     end
 end

data/lib/aws_assume_role/includes.rb

@@ -1,13 +1,14 @@
 require "i18n"
-require "keyring"
+require "active_support/json"
 require "active_support/core_ext/object/blank"
 require "active_support/core_ext/string/inflections"
+require "active_support/core_ext/hash/compact"
 require "active_support/core_ext/hash/keys"
-require "active_support/core_ext/object/json"
+require "active_support/core_ext/hash/slice"
 require "aws-sdk"
 require "aws-sdk-core/ini_parser"
 require "dry-configurable"
-require "dry-initializer"
+require "dry-struct"
 require "dry-validation"
 require "dry-types"
 require "English"
@@ -15,8 +16,13 @@ require "gli"
 require "highline"
 require "inifile"
 require "json"
+require "keyring"
+require "launchy"
 require "logger"
+require "open-uri"
 require "pastel"
+require "securerandom"
+require "set"
 require "thread"
 require "time"
 

data/lib/aws_assume_role/profile_configuration.rb

@@ -1,29 +1,30 @@
 require_relative "includes"
 require_relative "logging"
 
-class AwsAssumeRole::ProfileConfiguration
-    extend Dry::Initializer
+class AwsAssumeRole::ProfileConfiguration < Dry::Struct
+    constructor_type :schema
     include AwsAssumeRole::Logging
-    option :access_key_id, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :credentials, default: proc { nil }
-    option :secret_access_key, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :session_token, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :duration_seconds, Dry::Types["coercible.int"].optional, default: proc { nil }
-    option :external_id, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :persist_session, Dry::Types["strict.bool"], default: proc { true }
-    option :profile, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :region, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :role_arn, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :role_session_name, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :serial_number, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :mfa_serial, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :use_mfa, default: proc { false }
-    option :no_profile, default: proc { false }
-    option :shell_type, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :source_profile, Dry::Types["strict.string"].optional, default: proc { nil }
-    option :args, default: proc { [] }
-    option :instance_profile_credentials_retries, Dry::Types["strict.int"], default: proc { 0 }
-    option :instance_profile_credentials_timeout, Dry::Types["coercible.float"], default: proc { 1 }
+    attribute :access_key_id, Dry::Types["strict.string"].optional
+    attribute :credentials, Dry::Types["object"].optional
+    attribute :secret_access_key, Dry::Types["strict.string"].optional
+    attribute :session_token, Dry::Types["strict.string"].optional
+    attribute :duration_seconds, Dry::Types["coercible.int"].optional
+    attribute :external_id, Dry::Types["strict.string"].optional
+    attribute :path, Dry::Types["strict.string"].optional
+    attribute :persist_session, Dry::Types["strict.bool"].optional.default(true)
+    attribute :profile, Dry::Types["strict.string"].optional
+    attribute :region, Dry::Types["strict.string"].optional
+    attribute :role_arn, Dry::Types["strict.string"].optional
+    attribute :role_session_name, Dry::Types["strict.string"].optional
+    attribute :serial_number, Dry::Types["strict.string"].optional
+    attribute :mfa_serial, Dry::Types["strict.string"].optional
+    attribute :use_mfa, Dry::Types["strict.bool"].optional.default(false)
+    attribute :no_profile, Dry::Types["strict.bool"].optional.default(false)
+    attribute :shell_type, Dry::Types["strict.string"].optional
+    attribute :source_profile, Dry::Types["strict.string"].optional
+    attribute :args, Dry::Types["strict.array"].optional.default([])
+    attribute :instance_profile_credentials_retries, Dry::Types["strict.int"].default(0)
+    attribute :instance_profile_credentials_timeout, Dry::Types["coercible.float"].default(1.0)
 
     attr_writer :credentials
 
@@ -64,8 +65,6 @@ class AwsAssumeRole::ProfileConfiguration
     end
 
     def to_h
-        instance_values.delete("__options__").symbolize_keys
+        to_hash
     end
-
-    Dry::Types.register_class(self)
 end

data/lib/aws_assume_role/runner.rb

@@ -1,18 +1,17 @@
 require_relative "includes"
 require_relative "logging"
 
-class AwsAssumeRole::Runner
+class AwsAssumeRole::Runner < Dry::Struct
     include AwsAssumeRole::Logging
-    extend Dry::Initializer
+    constructor_type :schema
+    attribute :command, Dry::Types["coercible.array"].member(Dry::Types["strict.string"]).default([])
+    attribute :exit_on_error, Dry::Types["strict.bool"].default(true)
+    attribute :expected_exit_code, Dry::Types["strict.int"].default(0)
+    attribute :environment, Dry::Types["strict.hash"].default({})
+    attribute :credentials, Dry::Types["object"].optional
 
-    param :command, Dry::Types["coercible.array"].member(Dry::Types["strict.string"])
-    option :exit_on_error, Dry::Types["strict.bool"], default: proc { true }
-    option :expected_exit_code, Dry::Types["strict.int"], default: proc { 0 }
-    option :environment, Dry::Types["strict.hash"], default: proc { {} }
-    option :credentials, optional: true
-
-    def initialize(params, options = {})
-        super(params, options)
+    def initialize(options)
+        super(options)
         command_to_exec = command.join(" ")
         process_credentials unless credentials.blank?
         system environment, command_to_exec

data/lib/aws_assume_role/store/includes.rb

@@ -1,14 +1,4 @@
-require "active_support/core_ext/object/blank"
-require "active_support/core_ext/string/inflections"
-require "active_support/core_ext/hash/slice"
-require "active_support/json"
-require "aws-sdk"
-require "aws-sdk-core/ini_parser"
-require "inifile"
-require "json"
-require "keyring"
-require "time"
-require "securerandom"
+require_relative "../includes"
 
 module AwsAssumeRole
     module Store

data/lib/aws_assume_role/store/keyring.rb

@@ -38,8 +38,7 @@ module AwsAssumeRole::Store::Keyring
     def fetch(id, backend: nil)
         logger.debug "Fetching #{id} from keyring"
         fetched = keyring(backend).get_password(KEYRING_KEY, id)
-        return nil if fetched == "null" || fetched.nil?
-        raise Aws::Errors::NoSuchProfileError unless fetched
+        raise Aws::Errors::NoSuchProfileError if fetched == "null" || fetched.nil? || !fetched
         JSON.parse(fetched, symbolize_names: true)
     end
 

data/lib/aws_assume_role/store/shared_config_with_keyring.rb

@@ -10,14 +10,51 @@ class AwsAssumeRole::Store::SharedConfigWithKeyring < AwsAssumeRole::Vendored::A
 
     attr_reader :parsed_config
 
+    # @param [Hash] options
+    # @option options [String] :credentials_path Path to the shared credentials
+    #   file. Defaults to "#{Dir.home}/.aws/credentials".
+    # @option options [String] :config_path Path to the shared config file.
+    #   Defaults to "#{Dir.home}/.aws/config".
+    # @option options [String] :profile_name The credential/config profile name
+    #   to use. If not specified, will check `ENV['AWS_PROFILE']` before using
+    #   the fixed default value of 'default'.
+    # @option options [Boolean] :config_enabled If true, loads the shared config
+    #   file and enables new config values outside of the old shared credential
+    #   spec.
     def initialize(options = {})
-        super(options)
-        @config_enabled = true
-        @config_path = determine_config_path
-        load_config_file
+        @profile_name = determine_profile(options)
+        @config_enabled = options[:config_enabled]
+        @credentials_path = options[:credentials_path] ||
+                            determine_credentials_path
+        @parsed_credentials = {}
+        load_credentials_file if loadable?(@credentials_path)
+        return unless @config_enabled
+        @config_path = options[:config_path] || determine_config_path
+        load_config_file if loadable?(@config_path)
+    end
+
+    # @api private
+    def fresh(options = {})
+        @configuration = nil
+        @semaphore = nil
+        @assume_role_shared_config = nil
+        @profile_name = nil
+        @credentials_path = nil
+        @config_path = nil
+        @parsed_credentials = {}
+        @parsed_config = nil
+        @config_enabled = options[:config_enabled] ? true : false
+        @profile_name = determine_profile(options)
+        @credentials_path = options[:credentials_path] ||
+                            determine_credentials_path
+        load_credentials_file if loadable?(@credentials_path)
+        return unless @config_enabled
+        @config_path = options[:config_path] || determine_config_path
+        load_config_file if loadable?(@config_path)
     end
 
     def credentials(opts = {})
+        logger.debug "SharedConfigWithKeyring asked for credentials with opts #{opts}"
         p = opts[:profile] || @profile_name
         validate_profile_exists(p) if credentials_present?
         credentials_from_keyring(p, opts) || credentials_from_shared(p, opts) || credentials_from_config(p, opts)
@@ -59,20 +96,15 @@ class AwsAssumeRole::Store::SharedConfigWithKeyring < AwsAssumeRole::Vendored::A
     end
 
     def profile_region(profile_name)
-        prof_cfg = @parsed_config[profile_key(profile_name)]
-        resolve_region(@parsed_config, prof_cfg)
+        resolve_profile_parameter(profile_name, "region")
     end
 
     def profile_role(profile_name)
-        prof_cfg = @parsed_config[profile_key(profile_name)]
-        resolve_arn(@parsed_config, prof_cfg)
+        resolve_profile_parameter(profile_name, "role_arn")
     end
 
-    def determine_profile(options)
-        ret = options[:profile_name]
-        ret ||= ENV["AWS_PROFILE"]
-        ret ||= "default"
-        ret
+    def profile_hash(profile_name)
+        {} || @parsed_config[profile_key(profile_name)]
     end
 
     private
@@ -86,21 +118,32 @@ class AwsAssumeRole::Store::SharedConfigWithKeyring < AwsAssumeRole::Vendored::A
         end
     end
 
-    def resolve_region(cfg, prof_cfg)
+    def resolve_profile_parameter(profile_name, param)
+        return unless @parsed_config
+        prof_cfg = @parsed_config[profile_key(profile_name)]
+        resolve_parameter(param, @parsed_config, prof_cfg)
+    end
+
+    def resolve_parameter(param, cfg, prof_cfg)
         return unless prof_cfg && cfg
-        return prof_cfg["region"] if prof_cfg.key? "region"
-        source_cfg = cfg[prof_cfg["source_profile"]]
-        cfg[prof_cfg["source_profile"]]["region"] if source_cfg && source_cfg.key?("region")
+        return prof_cfg[param] if prof_cfg.key? param
+        source_profile = prof_cfg["source_profile"]
+        return unless source_profile
+        source_cfg = cfg[source_profile]
+        return unless source_cfg
+        cfg[prof_cfg["source_profile"]][param] if source_cfg.key?(param)
+    end
+
+    def resolve_region(cfg, prof_cfg)
+        resolve_parameter("region", cfg, prof_cfg)
     end
 
     def resolve_arn(cfg, prof_cfg)
-        return unless prof_cfg && cfg
-        return prof_cfg["role_arn"] if prof_cfg.key? "role_arn"
-        source_cfg = cfg[prof_cfg["source_profile"]]
-        cfg[prof_cfg["source_profile"]]["role_arn"] if source_cfg && source_cfg.key?("role_arn")
+        resolve_parameter("role_arn", cfg, prof_cfg)
     end
 
     def assume_role_from_profile(cfg, profile, opts)
+        logger.debug "Entering assume_role_from_profile with #{cfg}, #{profile}, #{opts}"
         prof_cfg = cfg[profile]
         return unless cfg && prof_cfg
         opts[:source_profile] ||= prof_cfg["source_profile"]
@@ -133,7 +176,7 @@ class AwsAssumeRole::Store::SharedConfigWithKeyring < AwsAssumeRole::Vendored::A
     def mfa_session(cfg, profile, opts)
         prof_cfg = cfg[profile]
         return unless cfg && prof_cfg
-        opts[:serial_number] ||= prof_cfg["mfa_serial"]
+        opts[:serial_number] ||= opts[:mfa_serial] || prof_cfg["mfa_serial"]
         opts[:source_profile] ||= prof_cfg["source_profile"]
         opts[:region] ||= profile_region(profile)
         return unless opts[:serial_number]
@@ -141,11 +184,26 @@ class AwsAssumeRole::Store::SharedConfigWithKeyring < AwsAssumeRole::Vendored::A
         AwsAssumeRole::Credentials::Providers::MfaSessionCredentials.new(opts)
     end
 
-    def credentials_from_keyring(profile, _options)
-        return unless @parsed_config && @parsed_config[profile_key(profile)]
-        logger.debug "Attempt to fetch #{profile} from keyring"
-        creds = Serialization.credentials_from_hash Keyring.fetch(profile)
-        creds if credentials_complete(creds)
+    def credentials_from_keyring(profile, opts)
+        logger.debug "Entering credentials_from_keyring"
+        return unless @parsed_config
+        logger.debug "credentials_from_keyring: @parsed_config found"
+        prof_cfg = @parsed_config[profile]
+        return unless prof_cfg
+        logger.debug "credentials_from_keyring: prof_cfg found"
+        opts[:serial_number] ||= opts[:mfa_serial] || prof_cfg[:mfa_serial] || prof_cfg[:serial_number]
+        if opts[:serial_number]
+            logger.debug "credentials_from_keyring detected mfa requirement"
+            mfa_session(@parsed_config, profile, opts)
+        else
+            logger.debug "Attempt to fetch #{profile} from keyring"
+            keyring_creds = Keyring.fetch(profile)
+            return unless keyring_creds
+            creds = Serialization.credentials_from_hash Keyring.fetch(profile)
+            creds if credentials_complete(creds)
+        end
+    rescue Aws::Errors::NoSourceProfileError, Aws::Errors::NoSuchProfileError
+        nil
     end
 
     def semaphore
@@ -170,6 +228,6 @@ module AwsAssumeRole
 
     def shared_config
         enabled = ENV["AWS_SDK_CONFIG_OPT_OUT"] ? false : true
-        @assuome_role_shared_config ||= ::AwsAssumeRole::Store::SharedConfigWithKeyring.new(config_enabled: enabled)
+        @assume_role_shared_config ||= ::AwsAssumeRole::Store::SharedConfigWithKeyring.new(config_enabled: enabled)
     end
 end

data/lib/aws_assume_role/types.rb

@@ -1,5 +1,4 @@
-require "dry-types"
-
+require_relative "includes"
 module AwsAssumeRole
     module Types
         Dry = Dry::Types.module

data/lib/aws_assume_role/vendored/aws/assume_role_credentials.rb

@@ -1,5 +1,4 @@
 require_relative "includes"
-require "set"
 
 module AwsAssumeRole::Vendored::Aws
     # An auto-refreshing credential provider that works by assuming

data/lib/aws_assume_role/vendored/aws/includes.rb

@@ -1,4 +1,4 @@
-require "aws-sdk"
+require_relative "../../includes"
 
 module AwsAssumeRole
     module Vendored

data/lib/aws_assume_role/vendored/aws/refreshing_credentials.rb

@@ -1,5 +1,3 @@
-require "thread"
-
 module AwsAssumeRole::Vendored::Aws
     # Base class used credential classes that can be refreshed. This
     # provides basic refresh logic in a thread-safe manor. Classes mixing in

data/lib/aws_assume_role/vendored/aws/shared_config.rb

@@ -2,6 +2,7 @@ require_relative "includes"
 module AwsAssumeRole::Vendored::Aws
     # @api private
     class SharedConfig
+        include AwsAssumeRole::Logging
         # @return [String]
         attr_reader :credentials_path
 
@@ -102,9 +103,11 @@ module AwsAssumeRole::Vendored::Aws
         # Will always attempt first to assume a role from the shared credentials
         # file, if present.
         def assume_role_credentials_from_config(opts = {})
+            logger.debug "Entered assume_role_credentials_from_config with #{opts}"
             p = opts.delete(:profile) || @profile_name
             credentials = assume_role_from_profile(@parsed_credentials, p, opts)
             if @parsed_config
+                logger.debug "Parsed config loaded, testing"
                 credentials ||= assume_role_from_profile(@parsed_config, p, opts)
             end
             credentials
@@ -140,7 +143,7 @@ module AwsAssumeRole::Vendored::Aws
                         opts[:external_id] ||= prof_cfg["external_id"]
                         opts[:serial_number] ||= prof_cfg["mfa_serial"]
                         opts[:profile] = opts.delete(:source_profile)
-                        AwsAssumeRole::Vendored::Aws::AssumeRoleCredentials.new(opts)
+                        AssumeRoleCredentials.new(opts)
                     else
                         raise ::Aws::Errors::NoSourceProfileError, "Profile #{profile} has a role_arn, and source_profile, but the"\
                               " source_profile does not have credentials."

data/lib/aws_assume_role/version.rb

@@ -1,3 +1,3 @@
 module AwsAssumeRole
-    VERSION = "0.1.1".freeze
+    VERSION = "0.1.2".freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_assume_role
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Jon Topper
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-16 00:00:00.000000000 Z
+date: 2017-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -18,14 +18,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '4.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
@@ -55,19 +55,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.5'
 - !ruby/object:Gem::Dependency
-  name: dry-initializer
+  name: dry-struct
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: dry-types
   requirement: !ruby/object:Gem::Requirement
@@ -242,6 +242,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: gir_ffi-gnome_keyring
   requirement: !ruby/object:Gem::Requirement
@@ -275,6 +303,8 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rubocop.yml"
+- ".ruby-version"
+- ".simplecov"
 - ".travis.yml"
 - Gemfile
 - LICENSE.md
@@ -305,6 +335,7 @@ files:
 - lib/aws_assume_role/cli/commands/migrate.rb
 - lib/aws_assume_role/cli/commands/run.rb
 - lib/aws_assume_role/cli/commands/test.rb
+- lib/aws_assume_role/cli/includes.rb
 - lib/aws_assume_role/configuration.rb
 - lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb
 - lib/aws_assume_role/core_ext/aws-sdk/includes.rb
@@ -317,8 +348,8 @@ files:
 - lib/aws_assume_role/credentials/factories/instance_profile.rb
 - lib/aws_assume_role/credentials/factories/repository.rb
 - lib/aws_assume_role/credentials/factories/shared.rb
-- lib/aws_assume_role/credentials/factories/shared_keyring.rb
 - lib/aws_assume_role/credentials/factories/static.rb
+- lib/aws_assume_role/credentials/includes.rb
 - lib/aws_assume_role/credentials/providers/assume_role_credentials.rb
 - lib/aws_assume_role/credentials/providers/includes.rb
 - lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb
@@ -360,7 +391,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Manage AWS STS credentials with MFA

data/lib/aws_assume_role/credentials/factories/shared_keyring.rb

@@ -1,16 +0,0 @@
-require_relative "abstract_factory"
-require_relative "../providers/shared_keyring_credentials"
-
-class AwsAssumeRole::Credentials::Factories::SharedKeyring < AwsAssumeRole::Credentials::Factories::AbstractFactory
-    type :credential_provider
-    priority 19
-
-    def initialize(options = {})
-        @profile = options[:profile] || "default"
-        @credentials = AwsAssumeRole::Credentials::Providers::SharedKeyringCredentials.new(profile_name: @profile)
-        @region = AwsAssumeRole.shared_config.profile_region(@profile)
-        @role_arn = AwsAssumeRole.shared_config.profile_role(@profile)
-    rescue Aws::Errors::NoSuchProfileError
-        nil
-    end
-end