aws_assume_role 1.1.0-universal-freebsd

data/lib/aws_assume_role/cli/actions/console.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "../../runner"
+require "cgi"
+require "json"
+
+class AwsAssumeRole::Cli::Actions::Console < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+    include AwsAssumeRole::Logging
+
+    FEDERATION_URL = "https://signin.aws.amazon.com/federation".freeze
+    CONSOLE_URL = "https://console.aws.amazon.com".freeze
+    GENERIC_SIGNIN_URL = "https://signin.aws.amazon.com/console".freeze
+    SIGNIN_URL = [FEDERATION_URL, "?Action=getSigninToken", "&Session=%s"].join
+    LOGIN_URL = [FEDERATION_URL, "?Action=login", "&Destination=%s", "&SigninToken=%s"].join
+
+    CommandSchema = proc do
+        required(:profile).maybe
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        required(:role_arn).maybe
+        required(:role_session_name).maybe
+        required(:duration_seconds).maybe
+        rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def try_federation(config)
+        credentials = try_for_credentials config.to_h
+        return unless credentials.set?
+        session = session_json(credentials)
+        signin_url = format SIGNIN_URL, CGI.escape(session)
+        sso_token = JSON.parse(URI.parse(signin_url).read)["SigninToken"]
+        format LOGIN_URL, CGI.escape(CONSOLE_URL), CGI.escape(sso_token)
+    rescue OpenURI::HTTPError
+        error "Error getting federated session, forming simple switch URL instead"
+    end
+
+    def session_json(credentials)
+        {
+            sessionId: credentials.credentials.access_key_id,
+            sessionKey: credentials.credentials.secret_access_key,
+            sessionToken: credentials.credentials.session_token,
+        }.to_json
+    end
+
+    def try_switch_url(config)
+        profile = AwsAssumeRole.shared_config.determine_profile(profile_name: config.profile)
+        config_section = AwsAssumeRole.shared_config.parsed_config[profile]
+        raise Aws::Errors::NoSuchProfileError if config_section.nil?
+        resolved_role_arn = config.role_arn || config_section.fetch("role_arn", nil)
+        return unless resolved_role_arn
+        components = resolved_role_arn.split(":")
+        account = components[4]
+        role = components[5].split("/").last
+        display_name = config.profile || "#{account}_#{role}"
+        format "https://signin.aws.amazon.com/switchrole?account=%s&roleName=%s&displayName=%s", account, role, display_name
+    end
+
+    def act_on(config)
+        final_url = try_federation(config) || try_switch_url(config) || CONSOLE_URL
+        Launchy.open final_url
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+    end
+end

data/lib/aws_assume_role/cli/actions/delete_profile.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "../../store/shared_config_with_keyring"
+
+class AwsAssumeRole::Cli::Actions::DeleteProfile < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+        required(:profile).value(:filled?)
+    end
+
+    def act_on(config)
+        prompt_for_option(:name_to_delete, "Name", proc { eql? config.profile }, fmt: config.profile)
+        AwsAssumeRole.shared_config.delete_profile config.profile
+        out format t("commands.delete.completed"), config.profile
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/includes.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "../includes"
+require_relative "../../types"
+require_relative "../../../aws_assume_role"
+
+module AwsAssumeRole
+    module Cli
+        module Actions
+        end
+    end
+end

data/lib/aws_assume_role/cli/actions/list_profiles.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::ListProfiles < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+    end
+
+    def act_on(_options)
+        AwsAssumeRole.shared_config.profiles.each { |p| puts p }
+    end
+end

data/lib/aws_assume_role/cli/actions/migrate_profile.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::MigrateProfile < AwsAssumeRole::Cli::Actions::AbstractAction
+    CommandSchema = proc do
+        required(:profile).value(:filled?)
+    end
+
+    def act_on(config)
+        AwsAssumeRole.shared_config.migrate_profile config.profile
+        out format(t("commands.configure.saved"), config[:profile], AwsAssumeRole.shared_config.config_path)
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/reset_environment.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+
+class AwsAssumeRole::Cli::Actions::ResetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    SHELL_STRINGS = {
+        sh: {
+            env_command: "unset %<key>s; ",
+        },
+        csh: {
+            env_command: "unset %<key>s; ",
+        },
+        fish: {
+            env_command: "set -ex %<key>s; ",
+            footer: "commands.reset_environment.shells.fish",
+        },
+        powershell: {
+            env_command: "remove-item ENV:%<key>s; ",
+            footer: "commands.reset_environment.shells.powershell",
+        },
+    }.freeze
+
+    CommandSchema = proc do
+        required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
+    end
+
+    def act_on(config)
+        shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
+        str = String.new("")
+        %w[AWS_ACCESS_KEY_ID
+           AWS_SECRET_ACCESS_KEY
+           AWS_SESSION_TOKEN
+           AWS_PROFILE
+           AWS_ASSUME_ROLE_LOG_LEVEL
+           GLI_DEBUG
+           AWS_ASSUME_ROLE_KEYRING_BACKEND].each do |key|
+            str << format(shell_strings[:env_command], key: key) if ENV.fetch(key, false)
+        end
+        str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
+        puts str
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/run.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "../../runner"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    CommandSchema = proc do
+        required(:profile).maybe
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        required(:role_arn).maybe
+        required(:role_session_name).maybe
+        required(:duration_seconds).maybe
+        rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        credentials = try_for_credentials config.to_h
+        unless config.args.empty?
+            Runner.new(command: config.args,
+                       environment: { "AWS_DEFAULT_REGION" => resolved_region },
+                       credentials: credentials)
+        end
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/set_environment.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::SetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    SHELL_STRINGS = {
+        sh: {
+            env_command: "%<key>s=%<value>s; export %<key>s; ",
+        },
+        csh: {
+            env_command: "setenv %<key>s %<value>s; ",
+        },
+        fish: {
+            env_command: "set -x %<key>s %<value>s; ",
+            footer: "commands.set_environment.shells.fish",
+        },
+        powershell: {
+            env_command: "set-item ENV:%<key>s %<value>s; ",
+            footer: "commands.set_environment.shells.powershell",
+        },
+    }.freeze
+
+    CommandSchema = proc do
+        optional(:profile).filled?
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        optional(:external_id) { filled? > format?(EXTERNAL_ID_REGEX) }
+        required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
+        required(:role_arn).maybe { filled? > format?(ROLE_REGEX) }
+        required(:role_session_name).maybe { filled? > format?(ROLE_SESSION_NAME_REGEX) }
+        required(:duration_seconds).maybe
+        rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        credentials = try_for_credentials config.to_h
+        shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
+        str = String.new("")
+        [
+            [:access_key_id, "AWS_ACCESS_KEY_ID"],
+            [:secret_access_key, "AWS_SECRET_ACCESS_KEY"],
+            [:session_token, "AWS_SESSION_TOKEN"],
+        ].each do |key|
+            value = credentials.credentials.send key[0]
+            next if value.blank?
+            str << format(shell_strings[:env_command], key: key[1], value: value)
+        end
+        str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
+        puts str
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/actions/test.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "../../credentials/factories/default_chain_provider"
+
+class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractAction
+    include AwsAssumeRole::Ui
+
+    CommandSchema = proc do
+        required(:profile).maybe
+        optional(:region) { filled? > format?(REGION_REGEX) }
+        optional(:serial_number) { filled? > format?(MFA_REGEX) }
+        required(:role_arn).maybe
+        required(:role_session_name).maybe
+        required(:duration_seconds).maybe
+        rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
+            (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
+        end
+    end
+
+    def act_on(config)
+        logger.debug "Will try for credentials"
+        credentials = try_for_credentials config
+        logger.debug "Got credentials #{credentials}"
+        client = Aws::STS::Client.new(credentials: credentials, region: resolved_region)
+        identity = client.get_caller_identity
+        out format(t("commands.test.output"), identity.account, identity.arn, identity.user_id)
+    rescue KeyError, Aws::Errors::NoSuchProfileError
+        error format(t("errors.NoSuchProfileError"), config.profile)
+        raise
+    rescue Aws::Errors::MissingCredentialsError
+        error t("errors.MissingCredentialsError")
+        raise
+    end
+end

data/lib/aws_assume_role/cli/commands/configure.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative "../actions/configure_profile"
+require_relative "../actions/configure_role_assumption"
+
+module AwsAssumeRole::Cli
+    desc t "commands.configure.desc"
+    long_desc t "commands.configure.long_desc"
+    command :configure do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::ConfigureProfile.new(global_options, options, args)
+        end
+
+        c.desc t "commands.configure.desc"
+        c.long_desc t "commands.configure.long_desc"
+        c.command :role do |r|
+            r.flag ["source-profile"], desc: t("options.source_profile")
+            r.flag ["role-session-name"], desc: t("options.role_session_name")
+            r.flag ["role-arn"], desc: t("options.role_arn")
+            r.flag ["mfa-serial"], desc: t("options.mfa_serial")
+            r.flag ["region"], desc: t("options.region")
+            r.flag ["external-id"], desc: t("options.external_id")
+            r.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+            r.flag ["yubikey-oath-name"], desc: t("options.yubikey_oath_name")
+
+            r.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::ConfigureRoleAssumption.new(global_options, options, args)
+            end
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/console.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "../actions/console"
+
+module AwsAssumeRole::Cli
+    desc t "commands.console.desc"
+    command :console do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Console.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/delete.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require_relative "../actions/delete_profile"
+
+module AwsAssumeRole::Cli
+    desc t "commands.delete.desc"
+    command :delete do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::DeleteProfile.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/environment.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative "../actions/set_environment"
+require_relative "../actions/reset_environment"
+
+module AwsAssumeRole::Cli
+    desc t "commands.set_environment.desc"
+    long_desc t "commands.set_environment.long_desc"
+    command :environment do |c|
+        desc t "commands.set_environment.desc"
+        long_desc t "commands.set_environment.long_desc"
+        c.command :set do |s|
+            s.flag [:p, "profile"], desc: t("options.profile_name")
+            s.flag [:s, "shell-type"], desc: t("options.shell_type"), default_value: "sh"
+            s.flag ["role-session-name"], desc: t("options.role_session_name")
+            s.flag ["role-arn"], desc: t("options.role_arn")
+            s.flag ["mfa-serial"], desc: t("options.mfa_serial")
+            s.flag ["region"], desc: t("options.region")
+            s.flag ["external-id"], desc: t("options.external_id")
+            s.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+            s.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::SetEnvironment.new(global_options, options, args)
+            end
+        end
+
+        desc t "commands.reset_environment.desc"
+        long_desc t "commands.reset_environment.long_desc"
+        c.command :reset do |s|
+            s.action do |global_options, options, args|
+                AwsAssumeRole::Cli::Actions::ResetEnvironment.new(global_options, options, args)
+            end
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/list.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "../actions/list_profiles"
+
+module AwsAssumeRole::Cli
+    desc t "commands.list.desc"
+    command :list do |c|
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::ListProfiles.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/migrate.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require_relative "../actions/migrate_profile"
+
+module AwsAssumeRole::Cli
+    desc t "commands.migrate.desc"
+    command :migrate do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::MigrateProfile.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/run.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "../actions/run"
+
+module AwsAssumeRole::Cli
+    desc t "commands.run.desc"
+    command :run do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Run.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/commands/test.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative "../actions/test"
+
+module AwsAssumeRole::Cli
+    desc t "commands.test.desc"
+    command :test do |c|
+        c.flag [:p, "profile"], desc: t("options.profile_name")
+        c.flag ["role-session-name"], desc: t("options.role_session_name")
+        c.flag ["role-arn"], desc: t("options.role_arn")
+        c.flag ["mfa-serial"], desc: t("options.mfa_serial")
+        c.flag ["region"], desc: t("options.region")
+        c.flag ["external-id"], desc: t("options.external_id")
+        c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
+        c.switch ["no-profile"], desc: t("options.duration_seconds"), default_value: false
+        c.action do |global_options, options, args|
+            AwsAssumeRole::Cli::Actions::Test.new(global_options, options, args)
+        end
+    end
+end

data/lib/aws_assume_role/cli/includes.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative "../includes"

data/lib/aws_assume_role/cli.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "ui"
+require_relative "logging"
+
+module AwsAssumeRole::Cli
+    include AwsAssumeRole
+    include AwsAssumeRole::Ui
+    include AwsAssumeRole::Logging
+    logger.debug "Bootstrapping"
+    include GLI::DSL
+    include GLI::App
+    extend self # rubocop:disable Style/ModuleFunction
+
+    commands_from File.join(File.realpath(__dir__), "cli", "commands")
+    program_desc t "program_description"
+
+    exit run(ARGV)
+end

data/lib/aws_assume_role/configuration.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+
+module AwsAssumeRole
+    class Configuration
+        extend Dry::Configurable
+        Types = Dry::Types.module
+
+        setting(:backend_plugin, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_PLUGIN", nil)) do |value|
+            Types::Coercible::String[value]
+        end
+
+        setting(:backend, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_BACKEND", "automatic")) do |value|
+            value == "automatic" ? nil : Types::Coercible::String[value]
+        end
+
+        setting(:log_level, ENV.fetch("AWS_ASSUME_ROLE_LOG_LEVEL", "WARN")) do |value|
+            {
+                DEBUG: 0,
+                INFO: 1,
+                WARN: 2,
+                ERROR: 3,
+                FATAL: 4,
+                UNKNOWN: 5,
+            }[value.to_sym] || 2
+        end
+    end
+    Config = Configuration.config
+end

data/lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require_relative "../../credentials/factories/default_chain_provider"
+Aws.const_set :CredentialProviderChain, AwsAssumeRole::Credentials::Factories::DefaultChainProvider

data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require_relative "../../includes"
+module AwsAssumeRole
+    module CoreExt
+        module Aws
+        end
+    end
+end

data/lib/aws_assume_role/credentials/factories/abstract_factory.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative "includes"
+require_relative "repository"
+require_relative "../../profile_configuration"
+
+class AwsAssumeRole::Credentials::Factories::AbstractFactory
+    include AwsAssumeRole
+    include AwsAssumeRole::Credentials::Factories
+    include AwsAssumeRole::Logging
+
+    Dry::Types.register_class(Aws::SharedCredentials)
+    attr_reader :credentials, :region, :profile, :role_arn
+
+    def initialize(_options)
+        raise "Not implemented"
+    end
+
+    def self.type(str)
+        @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :instance_role_provider)[str]
+        register_if_complete
+    end
+
+    def self.priority(i)
+        @priority = Types::Strict::Int[i]
+        register_if_complete
+    end
+
+    def self.register_if_complete
+        return unless @type && @priority
+        Repository.register_factory(self, @type, @priority)
+    end
+end

data/lib/aws_assume_role/credentials/factories/assume_role.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative "abstract_factory"
+require_relative "../providers/assume_role_credentials"
+require_relative "../providers/mfa_session_credentials"
+
+class AwsAssumeRole::Credentials::Factories::AssumeRole < AwsAssumeRole::Credentials::Factories::AbstractFactory
+    include AwsAssumeRole::Credentials::Factories
+    type :credential_provider
+    priority 20
+
+    def initialize(options)
+        logger.debug "AwsAssumeRole::Credentials::Factories::AssumeRole initiated with #{options}"
+        return unless options[:profile] || options[:role_arn]
+        if options[:profile]
+            logger.debug "AwsAssumeRole: #{options[:profile]} found. Trying with profile"
+            try_with_profile(options)
+        else
+            if options[:use_mfa]
+                options[:credentials] = AwsAssumeRole::Credentials::Providers::MfaSessionCredentials.new(options).credentials
+            end
+            @credentials = AwsAssumeRole::Credentials::Providers::AssumeRoleCredentials.new(options)
+        end
+    end
+
+    def try_with_profile(options)
+        return unless AwsAssumeRole.shared_config.config_enabled?
+        logger.debug "AwsAssumeRole: Shared Config enabled"
+        @profile = options[:profile]
+        @region = options[:region]
+        @credentials = assume_role_with_profile(options)
+        @region ||= AwsAssumeRole.shared_config.profile_region(@profile)
+        @role_arn ||= AwsAssumeRole.shared_config.profile_role(@profile)
+    end
+
+    def assume_role_with_profile(options)
+        AwsAssumeRole.shared_config.assume_role_credentials_from_config(options)
+    end
+end