aws_assume_role 1.1.0-universal-freebsd

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.rubocop.yml +57 -0
  4. data/.ruby-version +1 -0
  5. data/.simplecov +22 -0
  6. data/.travis.yml +24 -0
  7. data/CHANGELOG.md +61 -0
  8. data/Gemfile +18 -0
  9. data/LICENSE.md +201 -0
  10. data/README.md +303 -0
  11. data/Rakefile +63 -0
  12. data/aws_assume_role.gemspec +56 -0
  13. data/bin/aws-assume-role +4 -0
  14. data/i18n/en.yml +109 -0
  15. data/lib/aws_assume_role/cli/actions/abstract_action.rb +61 -0
  16. data/lib/aws_assume_role/cli/actions/configure_profile.rb +24 -0
  17. data/lib/aws_assume_role/cli/actions/configure_role_assumption.rb +22 -0
  18. data/lib/aws_assume_role/cli/actions/console.rb +70 -0
  19. data/lib/aws_assume_role/cli/actions/delete_profile.rb +22 -0
  20. data/lib/aws_assume_role/cli/actions/includes.rb +12 -0
  21. data/lib/aws_assume_role/cli/actions/list_profiles.rb +12 -0
  22. data/lib/aws_assume_role/cli/actions/migrate_profile.rb +20 -0
  23. data/lib/aws_assume_role/cli/actions/reset_environment.rb +50 -0
  24. data/lib/aws_assume_role/cli/actions/run.rb +36 -0
  25. data/lib/aws_assume_role/cli/actions/set_environment.rb +62 -0
  26. data/lib/aws_assume_role/cli/actions/test.rb +35 -0
  27. data/lib/aws_assume_role/cli/commands/configure.rb +32 -0
  28. data/lib/aws_assume_role/cli/commands/console.rb +19 -0
  29. data/lib/aws_assume_role/cli/commands/delete.rb +13 -0
  30. data/lib/aws_assume_role/cli/commands/environment.rb +34 -0
  31. data/lib/aws_assume_role/cli/commands/list.rb +12 -0
  32. data/lib/aws_assume_role/cli/commands/migrate.rb +13 -0
  33. data/lib/aws_assume_role/cli/commands/run.rb +19 -0
  34. data/lib/aws_assume_role/cli/commands/test.rb +20 -0
  35. data/lib/aws_assume_role/cli/includes.rb +3 -0
  36. data/lib/aws_assume_role/cli.rb +20 -0
  37. data/lib/aws_assume_role/configuration.rb +30 -0
  38. data/lib/aws_assume_role/core_ext/aws-sdk/credential_provider_chain.rb +4 -0
  39. data/lib/aws_assume_role/core_ext/aws-sdk/includes.rb +9 -0
  40. data/lib/aws_assume_role/credentials/factories/abstract_factory.rb +33 -0
  41. data/lib/aws_assume_role/credentials/factories/assume_role.rb +39 -0
  42. data/lib/aws_assume_role/credentials/factories/default_chain_provider.rb +113 -0
  43. data/lib/aws_assume_role/credentials/factories/environment.rb +26 -0
  44. data/lib/aws_assume_role/credentials/factories/includes.rb +15 -0
  45. data/lib/aws_assume_role/credentials/factories/instance_profile.rb +19 -0
  46. data/lib/aws_assume_role/credentials/factories/repository.rb +37 -0
  47. data/lib/aws_assume_role/credentials/factories/shared.rb +19 -0
  48. data/lib/aws_assume_role/credentials/factories/static.rb +18 -0
  49. data/lib/aws_assume_role/credentials/factories.rb +11 -0
  50. data/lib/aws_assume_role/credentials/includes.rb +6 -0
  51. data/lib/aws_assume_role/credentials/providers/assume_role_credentials.rb +60 -0
  52. data/lib/aws_assume_role/credentials/providers/includes.rb +9 -0
  53. data/lib/aws_assume_role/credentials/providers/mfa_session_credentials.rb +119 -0
  54. data/lib/aws_assume_role/credentials/providers/shared_keyring_credentials.rb +41 -0
  55. data/lib/aws_assume_role/includes.rb +38 -0
  56. data/lib/aws_assume_role/logging.rb +27 -0
  57. data/lib/aws_assume_role/profile_configuration.rb +73 -0
  58. data/lib/aws_assume_role/runner.rb +40 -0
  59. data/lib/aws_assume_role/store/includes.rb +8 -0
  60. data/lib/aws_assume_role/store/keyring.rb +61 -0
  61. data/lib/aws_assume_role/store/serialization.rb +20 -0
  62. data/lib/aws_assume_role/store/shared_config_with_keyring.rb +250 -0
  63. data/lib/aws_assume_role/types.rb +31 -0
  64. data/lib/aws_assume_role/ui.rb +57 -0
  65. data/lib/aws_assume_role/vendored/aws/README.md +2 -0
  66. data/lib/aws_assume_role/vendored/aws/assume_role_credentials.rb +67 -0
  67. data/lib/aws_assume_role/vendored/aws/includes.rb +9 -0
  68. data/lib/aws_assume_role/vendored/aws/refreshing_credentials.rb +58 -0
  69. data/lib/aws_assume_role/vendored/aws/shared_config.rb +223 -0
  70. data/lib/aws_assume_role/vendored/aws.rb +4 -0
  71. data/lib/aws_assume_role/version.rb +5 -0
  72. data/lib/aws_assume_role.rb +4 -0
  73. metadata +438 -0
@@ -0,0 +1,70 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "../../runner"
5
+ require "cgi"
6
+ require "json"
7
+
8
+ class AwsAssumeRole::Cli::Actions::Console < AwsAssumeRole::Cli::Actions::AbstractAction
9
+ include AwsAssumeRole::Ui
10
+ include AwsAssumeRole::Logging
11
+
12
+ FEDERATION_URL = "https://signin.aws.amazon.com/federation".freeze
13
+ CONSOLE_URL = "https://console.aws.amazon.com".freeze
14
+ GENERIC_SIGNIN_URL = "https://signin.aws.amazon.com/console".freeze
15
+ SIGNIN_URL = [FEDERATION_URL, "?Action=getSigninToken", "&Session=%s"].join
16
+ LOGIN_URL = [FEDERATION_URL, "?Action=login", "&Destination=%s", "&SigninToken=%s"].join
17
+
18
+ CommandSchema = proc do
19
+ required(:profile).maybe
20
+ optional(:region) { filled? > format?(REGION_REGEX) }
21
+ optional(:serial_number) { filled? > format?(MFA_REGEX) }
22
+ required(:role_arn).maybe
23
+ required(:role_session_name).maybe
24
+ required(:duration_seconds).maybe
25
+ rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
26
+ (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
27
+ end
28
+ end
29
+
30
+ def try_federation(config)
31
+ credentials = try_for_credentials config.to_h
32
+ return unless credentials.set?
33
+ session = session_json(credentials)
34
+ signin_url = format SIGNIN_URL, CGI.escape(session)
35
+ sso_token = JSON.parse(URI.parse(signin_url).read)["SigninToken"]
36
+ format LOGIN_URL, CGI.escape(CONSOLE_URL), CGI.escape(sso_token)
37
+ rescue OpenURI::HTTPError
38
+ error "Error getting federated session, forming simple switch URL instead"
39
+ end
40
+
41
+ def session_json(credentials)
42
+ {
43
+ sessionId: credentials.credentials.access_key_id,
44
+ sessionKey: credentials.credentials.secret_access_key,
45
+ sessionToken: credentials.credentials.session_token,
46
+ }.to_json
47
+ end
48
+
49
+ def try_switch_url(config)
50
+ profile = AwsAssumeRole.shared_config.determine_profile(profile_name: config.profile)
51
+ config_section = AwsAssumeRole.shared_config.parsed_config[profile]
52
+ raise Aws::Errors::NoSuchProfileError if config_section.nil?
53
+ resolved_role_arn = config.role_arn || config_section.fetch("role_arn", nil)
54
+ return unless resolved_role_arn
55
+ components = resolved_role_arn.split(":")
56
+ account = components[4]
57
+ role = components[5].split("/").last
58
+ display_name = config.profile || "#{account}_#{role}"
59
+ format "https://signin.aws.amazon.com/switchrole?account=%s&roleName=%s&displayName=%s", account, role, display_name
60
+ end
61
+
62
+ def act_on(config)
63
+ final_url = try_federation(config) || try_switch_url(config) || CONSOLE_URL
64
+ Launchy.open final_url
65
+ rescue KeyError, Aws::Errors::NoSuchProfileError
66
+ error format(t("errors.NoSuchProfileError"), config.profile)
67
+ rescue Aws::Errors::MissingCredentialsError
68
+ error t("errors.MissingCredentialsError")
69
+ end
70
+ end
@@ -0,0 +1,22 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "../../store/shared_config_with_keyring"
5
+
6
+ class AwsAssumeRole::Cli::Actions::DeleteProfile < AwsAssumeRole::Cli::Actions::AbstractAction
7
+ CommandSchema = proc do
8
+ required(:profile).value(:filled?)
9
+ end
10
+
11
+ def act_on(config)
12
+ prompt_for_option(:name_to_delete, "Name", proc { eql? config.profile }, fmt: config.profile)
13
+ AwsAssumeRole.shared_config.delete_profile config.profile
14
+ out format t("commands.delete.completed"), config.profile
15
+ rescue KeyError, Aws::Errors::NoSuchProfileError
16
+ error format(t("errors.NoSuchProfileError"), config.profile)
17
+ raise
18
+ rescue Aws::Errors::MissingCredentialsError
19
+ error t("errors.MissingCredentialsError")
20
+ raise
21
+ end
22
+ end
@@ -0,0 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../includes"
4
+ require_relative "../../types"
5
+ require_relative "../../../aws_assume_role"
6
+
7
+ module AwsAssumeRole
8
+ module Cli
9
+ module Actions
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+
5
+ class AwsAssumeRole::Cli::Actions::ListProfiles < AwsAssumeRole::Cli::Actions::AbstractAction
6
+ CommandSchema = proc do
7
+ end
8
+
9
+ def act_on(_options)
10
+ AwsAssumeRole.shared_config.profiles.each { |p| puts p }
11
+ end
12
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+
5
+ class AwsAssumeRole::Cli::Actions::MigrateProfile < AwsAssumeRole::Cli::Actions::AbstractAction
6
+ CommandSchema = proc do
7
+ required(:profile).value(:filled?)
8
+ end
9
+
10
+ def act_on(config)
11
+ AwsAssumeRole.shared_config.migrate_profile config.profile
12
+ out format(t("commands.configure.saved"), config[:profile], AwsAssumeRole.shared_config.config_path)
13
+ rescue KeyError, Aws::Errors::NoSuchProfileError
14
+ error format(t("errors.NoSuchProfileError"), config.profile)
15
+ raise
16
+ rescue Aws::Errors::MissingCredentialsError
17
+ error t("errors.MissingCredentialsError")
18
+ raise
19
+ end
20
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+
5
+ class AwsAssumeRole::Cli::Actions::ResetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
6
+ include AwsAssumeRole::Ui
7
+
8
+ SHELL_STRINGS = {
9
+ sh: {
10
+ env_command: "unset %<key>s; ",
11
+ },
12
+ csh: {
13
+ env_command: "unset %<key>s; ",
14
+ },
15
+ fish: {
16
+ env_command: "set -ex %<key>s; ",
17
+ footer: "commands.reset_environment.shells.fish",
18
+ },
19
+ powershell: {
20
+ env_command: "remove-item ENV:%<key>s; ",
21
+ footer: "commands.reset_environment.shells.powershell",
22
+ },
23
+ }.freeze
24
+
25
+ CommandSchema = proc do
26
+ required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
27
+ end
28
+
29
+ def act_on(config)
30
+ shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
31
+ str = String.new("")
32
+ %w[AWS_ACCESS_KEY_ID
33
+ AWS_SECRET_ACCESS_KEY
34
+ AWS_SESSION_TOKEN
35
+ AWS_PROFILE
36
+ AWS_ASSUME_ROLE_LOG_LEVEL
37
+ GLI_DEBUG
38
+ AWS_ASSUME_ROLE_KEYRING_BACKEND].each do |key|
39
+ str << format(shell_strings[:env_command], key: key) if ENV.fetch(key, false)
40
+ end
41
+ str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
42
+ puts str
43
+ rescue KeyError, Aws::Errors::NoSuchProfileError
44
+ error format(t("errors.NoSuchProfileError"), config.profile)
45
+ raise
46
+ rescue Aws::Errors::MissingCredentialsError
47
+ error t("errors.MissingCredentialsError")
48
+ raise
49
+ end
50
+ end
@@ -0,0 +1,36 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "../../runner"
5
+ require_relative "../../credentials/factories/default_chain_provider"
6
+
7
+ class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAction
8
+ include AwsAssumeRole::Ui
9
+
10
+ CommandSchema = proc do
11
+ required(:profile).maybe
12
+ optional(:region) { filled? > format?(REGION_REGEX) }
13
+ optional(:serial_number) { filled? > format?(MFA_REGEX) }
14
+ required(:role_arn).maybe
15
+ required(:role_session_name).maybe
16
+ required(:duration_seconds).maybe
17
+ rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
18
+ (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
19
+ end
20
+ end
21
+
22
+ def act_on(config)
23
+ credentials = try_for_credentials config.to_h
24
+ unless config.args.empty?
25
+ Runner.new(command: config.args,
26
+ environment: { "AWS_DEFAULT_REGION" => resolved_region },
27
+ credentials: credentials)
28
+ end
29
+ rescue KeyError, Aws::Errors::NoSuchProfileError
30
+ error format(t("errors.NoSuchProfileError"), config.profile)
31
+ raise
32
+ rescue Aws::Errors::MissingCredentialsError
33
+ error t("errors.MissingCredentialsError")
34
+ raise
35
+ end
36
+ end
@@ -0,0 +1,62 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "../../credentials/factories/default_chain_provider"
5
+
6
+ class AwsAssumeRole::Cli::Actions::SetEnvironment < AwsAssumeRole::Cli::Actions::AbstractAction
7
+ include AwsAssumeRole::Ui
8
+
9
+ SHELL_STRINGS = {
10
+ sh: {
11
+ env_command: "%<key>s=%<value>s; export %<key>s; ",
12
+ },
13
+ csh: {
14
+ env_command: "setenv %<key>s %<value>s; ",
15
+ },
16
+ fish: {
17
+ env_command: "set -x %<key>s %<value>s; ",
18
+ footer: "commands.set_environment.shells.fish",
19
+ },
20
+ powershell: {
21
+ env_command: "set-item ENV:%<key>s %<value>s; ",
22
+ footer: "commands.set_environment.shells.powershell",
23
+ },
24
+ }.freeze
25
+
26
+ CommandSchema = proc do
27
+ optional(:profile).filled?
28
+ optional(:region) { filled? > format?(REGION_REGEX) }
29
+ optional(:serial_number) { filled? > format?(MFA_REGEX) }
30
+ optional(:external_id) { filled? > format?(EXTERNAL_ID_REGEX) }
31
+ required(:shell_type).value(included_in?: SHELL_STRINGS.stringify_keys.keys)
32
+ required(:role_arn).maybe { filled? > format?(ROLE_REGEX) }
33
+ required(:role_session_name).maybe { filled? > format?(ROLE_SESSION_NAME_REGEX) }
34
+ required(:duration_seconds).maybe
35
+ rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
36
+ (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
37
+ end
38
+ end
39
+
40
+ def act_on(config)
41
+ credentials = try_for_credentials config.to_h
42
+ shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
43
+ str = String.new("")
44
+ [
45
+ [:access_key_id, "AWS_ACCESS_KEY_ID"],
46
+ [:secret_access_key, "AWS_SECRET_ACCESS_KEY"],
47
+ [:session_token, "AWS_SESSION_TOKEN"],
48
+ ].each do |key|
49
+ value = credentials.credentials.send key[0]
50
+ next if value.blank?
51
+ str << format(shell_strings[:env_command], key: key[1], value: value)
52
+ end
53
+ str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
54
+ puts str
55
+ rescue KeyError, Aws::Errors::NoSuchProfileError
56
+ error format(t("errors.NoSuchProfileError"), config.profile)
57
+ raise
58
+ rescue Aws::Errors::MissingCredentialsError
59
+ error t("errors.MissingCredentialsError")
60
+ raise
61
+ end
62
+ end
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "../../credentials/factories/default_chain_provider"
5
+
6
+ class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractAction
7
+ include AwsAssumeRole::Ui
8
+
9
+ CommandSchema = proc do
10
+ required(:profile).maybe
11
+ optional(:region) { filled? > format?(REGION_REGEX) }
12
+ optional(:serial_number) { filled? > format?(MFA_REGEX) }
13
+ required(:role_arn).maybe
14
+ required(:role_session_name).maybe
15
+ required(:duration_seconds).maybe
16
+ rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
17
+ (p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
18
+ end
19
+ end
20
+
21
+ def act_on(config)
22
+ logger.debug "Will try for credentials"
23
+ credentials = try_for_credentials config
24
+ logger.debug "Got credentials #{credentials}"
25
+ client = Aws::STS::Client.new(credentials: credentials, region: resolved_region)
26
+ identity = client.get_caller_identity
27
+ out format(t("commands.test.output"), identity.account, identity.arn, identity.user_id)
28
+ rescue KeyError, Aws::Errors::NoSuchProfileError
29
+ error format(t("errors.NoSuchProfileError"), config.profile)
30
+ raise
31
+ rescue Aws::Errors::MissingCredentialsError
32
+ error t("errors.MissingCredentialsError")
33
+ raise
34
+ end
35
+ end
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/configure_profile"
4
+ require_relative "../actions/configure_role_assumption"
5
+
6
+ module AwsAssumeRole::Cli
7
+ desc t "commands.configure.desc"
8
+ long_desc t "commands.configure.long_desc"
9
+ command :configure do |c|
10
+ c.flag [:p, "profile"], desc: t("options.profile_name")
11
+ c.action do |global_options, options, args|
12
+ AwsAssumeRole::Cli::Actions::ConfigureProfile.new(global_options, options, args)
13
+ end
14
+
15
+ c.desc t "commands.configure.desc"
16
+ c.long_desc t "commands.configure.long_desc"
17
+ c.command :role do |r|
18
+ r.flag ["source-profile"], desc: t("options.source_profile")
19
+ r.flag ["role-session-name"], desc: t("options.role_session_name")
20
+ r.flag ["role-arn"], desc: t("options.role_arn")
21
+ r.flag ["mfa-serial"], desc: t("options.mfa_serial")
22
+ r.flag ["region"], desc: t("options.region")
23
+ r.flag ["external-id"], desc: t("options.external_id")
24
+ r.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
25
+ r.flag ["yubikey-oath-name"], desc: t("options.yubikey_oath_name")
26
+
27
+ r.action do |global_options, options, args|
28
+ AwsAssumeRole::Cli::Actions::ConfigureRoleAssumption.new(global_options, options, args)
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/console"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.console.desc"
7
+ command :console do |c|
8
+ c.flag [:p, "profile"], desc: t("options.profile_name")
9
+ c.flag ["role-session-name"], desc: t("options.role_session_name")
10
+ c.flag ["role-arn"], desc: t("options.role_arn")
11
+ c.flag ["mfa-serial"], desc: t("options.mfa_serial")
12
+ c.flag ["region"], desc: t("options.region")
13
+ c.flag ["external-id"], desc: t("options.external_id")
14
+ c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
15
+ c.action do |global_options, options, args|
16
+ AwsAssumeRole::Cli::Actions::Console.new(global_options, options, args)
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/delete_profile"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.delete.desc"
7
+ command :delete do |c|
8
+ c.flag [:p, "profile"], desc: t("options.profile_name")
9
+ c.action do |global_options, options, args|
10
+ AwsAssumeRole::Cli::Actions::DeleteProfile.new(global_options, options, args)
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,34 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/set_environment"
4
+ require_relative "../actions/reset_environment"
5
+
6
+ module AwsAssumeRole::Cli
7
+ desc t "commands.set_environment.desc"
8
+ long_desc t "commands.set_environment.long_desc"
9
+ command :environment do |c|
10
+ desc t "commands.set_environment.desc"
11
+ long_desc t "commands.set_environment.long_desc"
12
+ c.command :set do |s|
13
+ s.flag [:p, "profile"], desc: t("options.profile_name")
14
+ s.flag [:s, "shell-type"], desc: t("options.shell_type"), default_value: "sh"
15
+ s.flag ["role-session-name"], desc: t("options.role_session_name")
16
+ s.flag ["role-arn"], desc: t("options.role_arn")
17
+ s.flag ["mfa-serial"], desc: t("options.mfa_serial")
18
+ s.flag ["region"], desc: t("options.region")
19
+ s.flag ["external-id"], desc: t("options.external_id")
20
+ s.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
21
+ s.action do |global_options, options, args|
22
+ AwsAssumeRole::Cli::Actions::SetEnvironment.new(global_options, options, args)
23
+ end
24
+ end
25
+
26
+ desc t "commands.reset_environment.desc"
27
+ long_desc t "commands.reset_environment.long_desc"
28
+ c.command :reset do |s|
29
+ s.action do |global_options, options, args|
30
+ AwsAssumeRole::Cli::Actions::ResetEnvironment.new(global_options, options, args)
31
+ end
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/list_profiles"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.list.desc"
7
+ command :list do |c|
8
+ c.action do |global_options, options, args|
9
+ AwsAssumeRole::Cli::Actions::ListProfiles.new(global_options, options, args)
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/migrate_profile"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.migrate.desc"
7
+ command :migrate do |c|
8
+ c.flag [:p, "profile"], desc: t("options.profile_name")
9
+ c.action do |global_options, options, args|
10
+ AwsAssumeRole::Cli::Actions::MigrateProfile.new(global_options, options, args)
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/run"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.run.desc"
7
+ command :run do |c|
8
+ c.flag [:p, "profile"], desc: t("options.profile_name")
9
+ c.flag ["role-session-name"], desc: t("options.role_session_name")
10
+ c.flag ["role-arn"], desc: t("options.role_arn")
11
+ c.flag ["mfa-serial"], desc: t("options.mfa_serial")
12
+ c.flag ["region"], desc: t("options.region")
13
+ c.flag ["external-id"], desc: t("options.external_id")
14
+ c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
15
+ c.action do |global_options, options, args|
16
+ AwsAssumeRole::Cli::Actions::Run.new(global_options, options, args)
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../actions/test"
4
+
5
+ module AwsAssumeRole::Cli
6
+ desc t "commands.test.desc"
7
+ command :test do |c|
8
+ c.flag [:p, "profile"], desc: t("options.profile_name")
9
+ c.flag ["role-session-name"], desc: t("options.role_session_name")
10
+ c.flag ["role-arn"], desc: t("options.role_arn")
11
+ c.flag ["mfa-serial"], desc: t("options.mfa_serial")
12
+ c.flag ["region"], desc: t("options.region")
13
+ c.flag ["external-id"], desc: t("options.external_id")
14
+ c.flag ["duration-seconds"], desc: t("options.duration_seconds"), default_value: 3600
15
+ c.switch ["no-profile"], desc: t("options.duration_seconds"), default_value: false
16
+ c.action do |global_options, options, args|
17
+ AwsAssumeRole::Cli::Actions::Test.new(global_options, options, args)
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../includes"
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "ui"
5
+ require_relative "logging"
6
+
7
+ module AwsAssumeRole::Cli
8
+ include AwsAssumeRole
9
+ include AwsAssumeRole::Ui
10
+ include AwsAssumeRole::Logging
11
+ logger.debug "Bootstrapping"
12
+ include GLI::DSL
13
+ include GLI::App
14
+ extend self # rubocop:disable Style/ModuleFunction
15
+
16
+ commands_from File.join(File.realpath(__dir__), "cli", "commands")
17
+ program_desc t "program_description"
18
+
19
+ exit run(ARGV)
20
+ end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+
5
+ module AwsAssumeRole
6
+ class Configuration
7
+ extend Dry::Configurable
8
+ Types = Dry::Types.module
9
+
10
+ setting(:backend_plugin, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_PLUGIN", nil)) do |value|
11
+ Types::Coercible::String[value]
12
+ end
13
+
14
+ setting(:backend, ENV.fetch("AWS_ASSUME_ROLE_KEYRING_BACKEND", "automatic")) do |value|
15
+ value == "automatic" ? nil : Types::Coercible::String[value]
16
+ end
17
+
18
+ setting(:log_level, ENV.fetch("AWS_ASSUME_ROLE_LOG_LEVEL", "WARN")) do |value|
19
+ {
20
+ DEBUG: 0,
21
+ INFO: 1,
22
+ WARN: 2,
23
+ ERROR: 3,
24
+ FATAL: 4,
25
+ UNKNOWN: 5,
26
+ }[value.to_sym] || 2
27
+ end
28
+ end
29
+ Config = Configuration.config
30
+ end
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../../credentials/factories/default_chain_provider"
4
+ Aws.const_set :CredentialProviderChain, AwsAssumeRole::Credentials::Factories::DefaultChainProvider
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../../includes"
4
+ module AwsAssumeRole
5
+ module CoreExt
6
+ module Aws
7
+ end
8
+ end
9
+ end
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "includes"
4
+ require_relative "repository"
5
+ require_relative "../../profile_configuration"
6
+
7
+ class AwsAssumeRole::Credentials::Factories::AbstractFactory
8
+ include AwsAssumeRole
9
+ include AwsAssumeRole::Credentials::Factories
10
+ include AwsAssumeRole::Logging
11
+
12
+ Dry::Types.register_class(Aws::SharedCredentials)
13
+ attr_reader :credentials, :region, :profile, :role_arn
14
+
15
+ def initialize(_options)
16
+ raise "Not implemented"
17
+ end
18
+
19
+ def self.type(str)
20
+ @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :instance_role_provider)[str]
21
+ register_if_complete
22
+ end
23
+
24
+ def self.priority(i)
25
+ @priority = Types::Strict::Int[i]
26
+ register_if_complete
27
+ end
28
+
29
+ def self.register_if_complete
30
+ return unless @type && @priority
31
+ Repository.register_factory(self, @type, @priority)
32
+ end
33
+ end
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "abstract_factory"
4
+ require_relative "../providers/assume_role_credentials"
5
+ require_relative "../providers/mfa_session_credentials"
6
+
7
+ class AwsAssumeRole::Credentials::Factories::AssumeRole < AwsAssumeRole::Credentials::Factories::AbstractFactory
8
+ include AwsAssumeRole::Credentials::Factories
9
+ type :credential_provider
10
+ priority 20
11
+
12
+ def initialize(options)
13
+ logger.debug "AwsAssumeRole::Credentials::Factories::AssumeRole initiated with #{options}"
14
+ return unless options[:profile] || options[:role_arn]
15
+ if options[:profile]
16
+ logger.debug "AwsAssumeRole: #{options[:profile]} found. Trying with profile"
17
+ try_with_profile(options)
18
+ else
19
+ if options[:use_mfa]
20
+ options[:credentials] = AwsAssumeRole::Credentials::Providers::MfaSessionCredentials.new(options).credentials
21
+ end
22
+ @credentials = AwsAssumeRole::Credentials::Providers::AssumeRoleCredentials.new(options)
23
+ end
24
+ end
25
+
26
+ def try_with_profile(options)
27
+ return unless AwsAssumeRole.shared_config.config_enabled?
28
+ logger.debug "AwsAssumeRole: Shared Config enabled"
29
+ @profile = options[:profile]
30
+ @region = options[:region]
31
+ @credentials = assume_role_with_profile(options)
32
+ @region ||= AwsAssumeRole.shared_config.profile_region(@profile)
33
+ @role_arn ||= AwsAssumeRole.shared_config.profile_role(@profile)
34
+ end
35
+
36
+ def assume_role_with_profile(options)
37
+ AwsAssumeRole.shared_config.assume_role_credentials_from_config(options)
38
+ end
39
+ end