RubyGems - aws_role_creds - Versions diffs - 0.0.3 → 0.0.4 - Mend

aws_role_creds 0.0.3 → 0.0.4

Files changed (6) hide show

checksums.yaml +4 -4
data/aws_role_creds.gemspec +1 -2
data/bin/aws_role_creds +43 -0
data/lib/aws_role_creds.rb +158 -133
metadata +2 -3
data/lib/aws_role_creds/version.rb +0 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: acdee9633306f776e02a11bbda375e756a01cdb7
-  data.tar.gz: aad07bfcf86d745f9c92366c866f99146fd89cf2
+  metadata.gz: 90f2cfa18dace72e0c3a31bcee06d4c90bf59ed5
+  data.tar.gz: 5dd592fa50a7618c896eb5b07b08ceb73f5a647f
 SHA512:
-  metadata.gz: 1552316b4db809780073c711f0cb5894c4091f35f6b522e0a6075e96c980737f57eeb5c7a56c1bdffa3c14f72fe7bea64e109420f11af4c043423be156a8fa5f
-  data.tar.gz: aaab2e6f1ed8fa5e1a638b42092b4d7a30a82160579a7c9ab7f7fc1f281f9b5a564e7de4feabb42a396862c5927ac2e12c55a07419e95bce486abddeb96e1924
+  metadata.gz: 264bce1ca434be3ea91f30b478b84e0b7ce25301f653df59c33974e2f075191b75e1e1c69bd2fa59ad3de37855e5048d45c4b1719f36656fa607f86a755e5fe9
+  data.tar.gz: 11f56f0179cf3c9e1be208dddb8aa3a3de58f947ba8feb953a79fa84d0024fd5133e22bfa00dd2df8d0fbb20acd5e05ace78af8fcf988df5bb65dd3eceeaacfc

data/aws_role_creds.gemspec CHANGED Viewed

@@ -1,11 +1,10 @@
 # coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'aws_role_creds/version'
 Gem::Specification.new do |spec|
   spec.name          = "aws_role_creds"
-  spec.version       = AwsRoleCreds::VERSION
+  spec.version       = "0.0.4"
   spec.authors       = ["Jack Thomas"]
   spec.email         = ["jackdavidthomas@gmail.com"]

data/bin/aws_role_creds CHANGED Viewed

@@ -1,2 +1,45 @@
 #!/usr/bin/env ruby
+require 'optparse'
+require 'logger'
 require 'aws_role_creds'
+options = {}
+optparse = OptionParser.new do |opts|
+    options[:in_config] = "#{ENV['HOME']}/.aws/config.yaml"
+    opts.on('-c', '--config file', 'Config file.') do |c|
+        options[:config] = c
+    end
+    options[:out_config] = "#{ENV['HOME']}/.aws/config"
+    opts.on('--out-config file', 'AWS config file to use') do |c|
+        options[:out_config] = c
+    end
+    options[:cred_config] = "#{ENV['HOME']}/.aws/credentials"
+    opts.on('--credentials-out file', 'AWS credentials file to use') do |c|
+        options[:cred_config] = c
+    end
+    options[:debug] = false
+    opts.on('-d', '--debug', 'Enable debugging') do
+        options[:debug] = true
+    end
+end
+optparse.parse!
+log = Logger.new(STDERR)
+if options[:debug]
+    log.level = Logger::DEBUG
+else
+    log.level = Logger::INFO
+end
+arc = AwsRoleCreds.new( :config_in_file => options[:in_config],
+                        :config_out_file => options[:out_config],
+                        :credentials_out_file => options[:cred_config],
+                        :logger => log)
+arc.run()

data/lib/aws_role_creds.rb CHANGED Viewed

@@ -1,162 +1,187 @@
-require "aws_role_creds/version"
 require 'aws-sdk'
 require 'yaml'
 require 'time'
 require 'inifile'
 require 'fileutils'
-module AwsRoleCreds
-    IN_FILE = "#{ENV['HOME']}/.aws/config.yaml"
-    # The config file we write out
-    CONFIG_OUT_FILE = "#{ENV['HOME']}/.aws/config"
-    CREDENTIALS_OUT_FILE = "#{ENV['HOME']}/.aws/credentials"
-    SESSION_CREDS_FILE = "#{ENV['HOME']}/.aws/session.yaml"
-    SESSION_DURATION = 86400
-    ROLE_DURATION = 3600
-    REGION = 'eu-west-1'
-    if File.exists?( IN_FILE )
-        @config = YAML::load( File.open( IN_FILE ) )
-    else
-        puts "Please create a yaml config file in #{INFILE}"
-        exit!(1)
-    end
+IN_FILE = "#{ENV['HOME']}/.aws/config.yaml"
+# The config file we write out
+CONFIG_OUT_FILE = "#{ENV['HOME']}/.aws/config"
+CREDENTIALS_OUT_FILE = "#{ENV['HOME']}/.aws/credentials"
+SESSION_CREDS_FILE = "#{ENV['HOME']}/.aws/session.yaml"
+SESSION_DURATION = 86400
+ROLE_DURATION = 3600
+REGION = 'eu-west-1'
+class AwsRoleCreds
+    # Options hash should be:
+    # config_in_file
+    # config_out_file
+    # credentials_out_file
+    # logger
+    def initialize( options )
+        @log = options[:logger] or Logger.new( STDERR )
+        if File.exists?( options[:config_in_file] )
+            @config = YAML::load( File.open( options[:config_in_file] ) )
+        else
+            @log.error "Please create a yaml config file in #{options[:config_in_file]}"
+            exit!(1)
+        end
+        if File.exists?(SESSION_CREDS_FILE)
+            @session_credentials = YAML::load( File.open( SESSION_CREDS_FILE ) ) || {}
+        else
+            @session_credentials = {}
+        end
+        @role_credentials = {}
+        @config_out_file = options[:config_out_file] || CONFIG_OUT_FILE
+        @credentials_out_file = options[:credentials_out_file] || CREDENTIALS_OUT_FILE
-    if File.exists?(SESSION_CREDS_FILE)
-        @session_credentials = YAML::load( File.open( SESSION_CREDS_FILE ) ) || {}
-    else
-        @session_credentials = {}
     end
-    @role_credentials = {}
+    attr :session_credentials
+    attr :role_credentials
+    attr :config_out_file
+    attr :credentials_out_file
+    attr :config
-    # Get session credentials for each 'master' account
-    @config['default'].each do |p|
-        name = p['name']
-        region = p['region'] || REGION
-        duration = p['duration'] || SESSION_DURATION
-        if @session_credentials.key?(name)
-            next if @session_credentials[name]['expiration'] > Time.now
+    def run()
+        self.generate
+        self.save
+    end
+    def generate()
+        # Get session credentials for each 'master' account
+        @config['default'].each do |p|
+            name = p['name']
+            region = p['region'] || REGION
+            duration = p['duration'] || SESSION_DURATION
+            if @session_credentials.key?(name)
+                next if @session_credentials[name]['expiration'] > Time.now
+            end
+            if p['id'] and p['key']
+                client = Aws::STS::Client.new(
+                    access_key_id: p['id'],
+                    secret_access_key: p['key'],
+                    region: region
+                )
+            else
+                client = Aws::STS::Client.new(region: region)
+            end
+            if p['mfa_arn']
+                puts "Enter MFA token code for #{name} using #{p['mfa_arn']}"
+                token = gets
+                session_credentials = client.get_session_token(
+                    duration_seconds: duration,
+                    serial_number: p['mfa_arn'],
+                    token_code: token.chomp
+                )
+            else
+                session_credentials = client.get_session_token(
+                    duration_seconds: duration
+                )
+            end
+            @session_credentials[name] = {
+                'access_key_id' => session_credentials.credentials.access_key_id,
+                'secret_access_key' => session_credentials.credentials.secret_access_key,
+                'session_token' => session_credentials.credentials.session_token,
+                'expiration' => session_credentials.credentials.expiration,
+                'region' => region
+            }
         end
-        if p['id'] and p['key']
+        # Cache session credentials
+        File.open( SESSION_CREDS_FILE, 'w' ) { |f|
+            f.write @session_credentials.to_yaml
+        }
+        # For each role we want to assume grab some assumed credentials using approriate session
+        @config['profiles'].each do |p|
+            name = p['name']
+            default = p['default']
+            region =  p['region'] || REGION
+            duration = p['duration'] || ROLE_DURATION
+            session_credentials = @session_credentials[default]
+            @log.debug "Getting credentials for #{name} using #{p['role_arn']}"
             client = Aws::STS::Client.new(
-                access_key_id: p['id'],
-                secret_access_key: p['key'],
+                access_key_id: session_credentials['access_key_id'],
+                secret_access_key: session_credentials['secret_access_key'],
+                session_token: session_credentials['session_token'],
                 region: region
             )
-        else
-            client = Aws::STS::Client.new(region: region)
-        end
-        if p['mfa_arn']
-            puts "Enter MFA token code for #{name} using #{p['mfa_arn']}"
-            token = gets
-            session_credentials = client.get_session_token(
+            role_credentials = client.assume_role(
+                role_arn: p['role_arn'],
+                role_session_name: name,
                 duration_seconds: duration,
-                serial_number: p['mfa_arn'],
-                token_code: token.chomp
-            )
-        else
-            session_credentials = client.get_session_token(
-                duration_seconds: duration
             )
+            @role_credentials[name] = {
+                'role' => p['role_arn'],
+                'access_key_id' => role_credentials.credentials.access_key_id,
+                'secret_access_key' => role_credentials.credentials.secret_access_key,
+                'session_token' => role_credentials.credentials.session_token,
+                'expiration' => role_credentials.credentials.expiration,
+                'region' => region
+            }
         end
-        @session_credentials[name] = {
-            'access_key_id' => session_credentials.credentials.access_key_id,
-            'secret_access_key' => session_credentials.credentials.secret_access_key,
-            'session_token' => session_credentials.credentials.session_token,
-            'expiration' => session_credentials.credentials.expiration,
-            'region' => region
-        }
     end
-    # Cache session credentials
-    File.open( SESSION_CREDS_FILE, 'w' ) { |f|
-        f.write @session_credentials.to_yaml
-    }
-    # For each role we want to assume grab some assumed credentials using approriate session
-    @config['profiles'].each do |p|
-        name = p['name']
-        default = p['default']
-        region =  p['region'] || REGION
-        duration = p['duration'] || ROLE_DURATION
-        session_credentials = @session_credentials[default]
-        puts "Getting credentials for #{name} using #{p['role_arn']}"
-        client = Aws::STS::Client.new(
-            access_key_id: session_credentials['access_key_id'],
-            secret_access_key: session_credentials['secret_access_key'],
-            session_token: session_credentials['session_token'],
-            region: region
-        )
-        role_credentials = client.assume_role(
-            role_arn: p['role_arn'],
-            role_session_name: name,
-            duration_seconds: duration,
-        )
-        @role_credentials[name] = {
-            'role' => p['role_arn'],
-            'access_key_id' => role_credentials.credentials.access_key_id,
-            'secret_access_key' => role_credentials.credentials.secret_access_key,
-            'session_token' => role_credentials.credentials.session_token,
-            'expiration' => role_credentials.credentials.expiration,
-            'region' => region
-        }
-    end
+    def save()
+        # Write out config file
+        # first make a backup
+        FileUtils.cp( config_out_file, "#{config_out_file}.backup" )
+        FileUtils.cp( credentials_out_file, "#{credentials_out_file}.backup" )
-    # Write out config file
-    # first make a backup
+        # create a new ini file object
+        config = IniFile.new
+        config.filename = config_out_file
-    FileUtils.cp( CONFIG_OUT_FILE, "#{CONFIG_OUT_FILE}.backup" )
-    FileUtils.cp( CREDENTIALS_OUT_FILE, "#{CREDENTIALS_OUT_FILE}.backup" )
+        credentials = IniFile.new
+        credentials.filename = credentials_out_file
-    # create a new ini file object
-    config = IniFile.new
-    config.filename = CONFIG_OUT_FILE
+        config['default'] = { "region" => REGION }
-    credentials = IniFile.new
-    credentials.filename = CREDENTIALS_OUT_FILE
+        # set properties
+        @session_credentials.each do |k, c|
+            profile = {
+                "aws_access_key_id" => "#{c['access_key_id']}",
+                "aws_secret_access_key" => "#{c['secret_access_key']}",
+                "aws_security_token" => "#{c['session_token']}",
+                "region" => "#{c['region']}",
+            }
+            config["profile #{k}"] = profile
+            credentials["#{k}"] = profile
+        end
-    config['default'] = { "region" => REGION }
+        @role_credentials.each do |k, c|
+            profile = {
+                "aws_access_key_id" => "#{c['access_key_id']}",
+                "aws_secret_access_key" => "#{c['secret_access_key']}",
+                "aws_security_token" => "#{c['session_token']}",
+                "region" => "#{c['region']}",
+            }
+            config["profile #{k}"] = profile
+            credentials["#{k}"] = profile
+        end
-    # set properties
-    @session_credentials.each do |k, c|
-        profile = {
-            "aws_access_key_id" => "#{c['access_key_id']}",
-            "aws_secret_access_key" => "#{c['secret_access_key']}",
-            "aws_security_token" => "#{c['session_token']}",
-            "region" => "#{c['region']}",
-        }
-        config["profile #{k}"] = profile
-        credentials["#{k}"] = profile
-    end
+        # save file
+        config.write()
+        @log.debug "#{config_out_file} updated"
+        credentials.write()
+        @log.debug "#{credentials_out_file} updated"
-    @role_credentials.each do |k, c|
-        profile = {
-            "aws_access_key_id" => "#{c['access_key_id']}",
-            "aws_secret_access_key" => "#{c['secret_access_key']}",
-            "aws_security_token" => "#{c['session_token']}",
-            "region" => "#{c['region']}",
-        }
-        config["profile #{k}"] = profile
-        credentials["#{k}"] = profile
     end
-    # save file
-    config.write()
-    puts "#{CONFIG_OUT_FILE} updated"
-    credentials.write()
-    puts "#{CREDENTIALS_OUT_FILE} updated"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws_role_creds
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Jack Thomas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-07-14 00:00:00.000000000 Z
+date: 2016-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -84,7 +84,6 @@ files:
 - bin/aws_role_creds
 - bin/setup
 - lib/aws_role_creds.rb
-- lib/aws_role_creds/version.rb
 homepage: https://github.com/MrPrimate/aws_role_keys
 licenses:
 - MIT

data/lib/aws_role_creds/version.rb DELETED Viewed

@@ -1,3 +0,0 @@
-module AwsRoleCreds
-  VERSION = "0.0.3"
-end