aws_assume_role 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/CHANGELOG.md +4 -1
- data/Gemfile +1 -0
- data/README.md +9 -1
- data/Rakefile +1 -1
- data/aws_assume_role.gemspec +2 -1
- data/lib/aws_assume_role/cli/actions/console.rb +1 -1
- data/lib/aws_assume_role/cli/actions/reset_environment.rb +2 -2
- data/lib/aws_assume_role/cli/actions/run.rb +1 -1
- data/lib/aws_assume_role/cli/actions/set_environment.rb +1 -1
- data/lib/aws_assume_role/cli/actions/test.rb +1 -1
- data/lib/aws_assume_role/credentials/factories/environment.rb +5 -5
- data/lib/aws_assume_role/credentials/providers/assume_role_credentials.rb +1 -1
- data/lib/aws_assume_role/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ce405e4811023c4452afc56ecff14db811f6688
|
4
|
+
data.tar.gz: 2db25acdd8e183f631a21f3100002689f218c463
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 42c5c843da415cf310e5ba0e3f1e138eb05bb72427b6965594f12033881caae18d5434ee74121f6edb4aa46c567b657f2c7dbda6ebbacce927249fa56d2184e7
|
7
|
+
data.tar.gz: 34426b7182d419a5e817dae23c37cd9b53de59adec5438f9e46a4a25230f8dd58ff4c260b0e1fd92b6d08e88e2bf481f27be99da9c7f51669d0ff07313029f1f
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,7 +1,10 @@
|
|
1
|
+
## 0.2.1
|
2
|
+
* Loosen requirement on highline to improve compatibility with Puppet tools (@randomvariable)
|
3
|
+
|
1
4
|
## 0.2.0
|
2
5
|
|
3
6
|
* Add support for Yubikey as a source for MFA (@davbo)
|
4
|
-
* Remove expired
|
7
|
+
* Remove expired credentials before writing new STS credentials (@davbo)
|
5
8
|
|
6
9
|
## 0.1.2
|
7
10
|
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -27,7 +27,10 @@ For more information on role assumption, see the [AWS documentation](https://doc
|
|
27
27
|
Requirements
|
28
28
|
------------
|
29
29
|
* Ruby ≥ 2.1
|
30
|
-
*
|
30
|
+
* macOS Keychain / GNOME Keyring
|
31
|
+
* At least one account with Amazon Web Services
|
32
|
+
* An IAM role configured in the target account
|
33
|
+
* An IAM user with rights to assume that role
|
31
34
|
|
32
35
|
Install
|
33
36
|
-------
|
@@ -53,6 +56,11 @@ yum install gobject-introspection-devel
|
|
53
56
|
```
|
54
57
|
Setup
|
55
58
|
-----
|
59
|
+
|
60
|
+
You should already have an IAM user that you can log in to via AWS' console.
|
61
|
+
If you do not already have an AWS access key and matching secret key for your
|
62
|
+
own IAM user, use the AWS console to create that credential pair.
|
63
|
+
|
56
64
|
aws-assume-role works best if you also store permanent credentials in your keystore:
|
57
65
|
|
58
66
|
``` sh
|
data/Rakefile
CHANGED
@@ -13,7 +13,7 @@ begin
|
|
13
13
|
rescue LoadError # rubocop:disable Lint/HandleExceptions
|
14
14
|
end
|
15
15
|
|
16
|
-
task :test => [
|
16
|
+
task :test => %i[no_pry rubocop spec] # rubocop:disable Style/HashSyntax
|
17
17
|
|
18
18
|
task :no_pry do
|
19
19
|
files = Dir.glob("**/**").reject { |x| x.match(/^spec|Gemfile|coverage|\.gemspec$|Rakefile/) || File.directory?(x) }
|
data/aws_assume_role.gemspec
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# coding: utf-8
|
2
|
+
|
2
3
|
$LOAD_PATH << File.expand_path("../lib", __FILE__)
|
3
4
|
require "aws_assume_role/version"
|
4
5
|
Gem::Specification.new do |spec|
|
@@ -29,7 +30,7 @@ Gem::Specification.new do |spec|
|
|
29
30
|
spec.add_runtime_dependency "dry-types", "~> 0.9"
|
30
31
|
spec.add_runtime_dependency "dry-validation", "~> 0.10"
|
31
32
|
spec.add_runtime_dependency "gli", "~> 2.15"
|
32
|
-
spec.add_runtime_dependency "highline", "~> 1.
|
33
|
+
spec.add_runtime_dependency "highline", "~> 1.6"
|
33
34
|
spec.add_runtime_dependency "i18n", "~> 0.7"
|
34
35
|
spec.add_runtime_dependency "inifile", "~> 3.0"
|
35
36
|
spec.add_runtime_dependency "launchy", "~> 2.4"
|
@@ -20,7 +20,7 @@ class AwsAssumeRole::Cli::Actions::Console < AwsAssumeRole::Cli::Actions::Abstra
|
|
20
20
|
required(:role_arn).maybe
|
21
21
|
required(:role_session_name).maybe
|
22
22
|
required(:duration_seconds).maybe
|
23
|
-
rule(role_specification: [
|
23
|
+
rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
|
24
24
|
(p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
|
25
25
|
end
|
26
26
|
end
|
@@ -27,13 +27,13 @@ class AwsAssumeRole::Cli::Actions::ResetEnvironment < AwsAssumeRole::Cli::Action
|
|
27
27
|
def act_on(config)
|
28
28
|
shell_strings = SHELL_STRINGS[config.shell_type.to_sym]
|
29
29
|
str = ""
|
30
|
-
%w
|
30
|
+
%w[AWS_ACCESS_KEY_ID
|
31
31
|
AWS_SECRET_ACCESS_KEY
|
32
32
|
AWS_SESSION_TOKEN
|
33
33
|
AWS_PROFILE
|
34
34
|
AWS_ASSUME_ROLE_LOG_LEVEL
|
35
35
|
GLI_DEBUG
|
36
|
-
AWS_ASSUME_ROLE_KEYRING_BACKEND
|
36
|
+
AWS_ASSUME_ROLE_KEYRING_BACKEND].each do |key|
|
37
37
|
str << format(shell_strings[:env_command], key: key) if ENV.fetch(key, false)
|
38
38
|
end
|
39
39
|
str << "# #{pastel.yellow t(shell_strings.fetch(:footer, 'commands.set_environment.shells.others'))}"
|
@@ -12,7 +12,7 @@ class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAc
|
|
12
12
|
required(:role_arn).maybe
|
13
13
|
required(:role_session_name).maybe
|
14
14
|
required(:duration_seconds).maybe
|
15
|
-
rule(role_specification: [
|
15
|
+
rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
|
16
16
|
(p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
|
17
17
|
end
|
18
18
|
end
|
@@ -30,7 +30,7 @@ class AwsAssumeRole::Cli::Actions::SetEnvironment < AwsAssumeRole::Cli::Actions:
|
|
30
30
|
required(:role_arn).maybe { filled? > format?(ROLE_REGEX) }
|
31
31
|
required(:role_session_name).maybe { filled? > format?(ROLE_SESSION_NAME_REGEX) }
|
32
32
|
required(:duration_seconds).maybe
|
33
|
-
rule(role_specification: [
|
33
|
+
rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
|
34
34
|
(p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
|
35
35
|
end
|
36
36
|
end
|
@@ -11,7 +11,7 @@ class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractA
|
|
11
11
|
required(:role_arn).maybe
|
12
12
|
required(:role_session_name).maybe
|
13
13
|
required(:duration_seconds).maybe
|
14
|
-
rule(role_specification: [
|
14
|
+
rule(role_specification: %i[profile role_arn role_session_name duration_seconds]) do |p, r, s, d|
|
15
15
|
(p.filled? | p.empty? & r.filled?) & (r.filled? > s.filled? & d.filled?)
|
16
16
|
end
|
17
17
|
end
|
@@ -5,11 +5,11 @@ class AwsAssumeRole::Credentials::Factories::Environment < AwsAssumeRole::Creden
|
|
5
5
|
priority 10
|
6
6
|
|
7
7
|
def initialize(_options, **)
|
8
|
-
key = %w
|
9
|
-
secret = %w
|
10
|
-
token = %w
|
11
|
-
region = %w
|
12
|
-
profile = %w
|
8
|
+
key = %w[AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY]
|
9
|
+
secret = %w[AWS_SECRET_ACCESS_KEY AMAZON_SECRET_ACCESS_KEY AWS_SECRET_KEY]
|
10
|
+
token = %w[AWS_SESSION_TOKEN AMAZON_SESSION_TOKEN]
|
11
|
+
region = %w[AWS_DEFAULT_REGION]
|
12
|
+
profile = %w[AWS_PROFILE]
|
13
13
|
@credentials = Aws::Credentials.new(envar(key), envar(secret), envar(token))
|
14
14
|
@region = envar(region)
|
15
15
|
@profile = envar(profile)
|
@@ -14,7 +14,7 @@ class AwsAssumeRole::Credentials::Providers::AssumeRoleCredentials
|
|
14
14
|
#
|
15
15
|
#
|
16
16
|
|
17
|
-
STS_KEYS = [
|
17
|
+
STS_KEYS = %i[role_arn role_session_name policy duration_seconds external_id client credentials region].freeze
|
18
18
|
|
19
19
|
def initialize(options = {})
|
20
20
|
client_opts = {}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_assume_role
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jon Topper
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2017-03
|
13
|
+
date: 2017-04-03 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: activesupport
|
@@ -116,14 +116,14 @@ dependencies:
|
|
116
116
|
requirements:
|
117
117
|
- - "~>"
|
118
118
|
- !ruby/object:Gem::Version
|
119
|
-
version: '1.
|
119
|
+
version: '1.6'
|
120
120
|
type: :runtime
|
121
121
|
prerelease: false
|
122
122
|
version_requirements: !ruby/object:Gem::Requirement
|
123
123
|
requirements:
|
124
124
|
- - "~>"
|
125
125
|
- !ruby/object:Gem::Version
|
126
|
-
version: '1.
|
126
|
+
version: '1.6'
|
127
127
|
- !ruby/object:Gem::Dependency
|
128
128
|
name: i18n
|
129
129
|
requirement: !ruby/object:Gem::Requirement
|