RubyGems - aws_runas - Versions diffs - 0.3.0 → 0.3.1 - Mend

aws_runas 0.3.0 → 0.3.1

Files changed (12) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +3 -2
data/CHANGELOG.md +9 -0
data/aws_runas.gemspec +1 -1
data/lib/aws_runas/main.rb +5 -0
data/lib/aws_runas/version.rb +1 -1
data/spec/aws_runas/main_spec.rb +38 -8
data/spec/helpers/config_spec.rb +1 -0
data/spec/helpers/files/aws_config_nosource +6 -0
metadata +6 -4
metadata.gz.sig +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a1725b31ac831ab9d03534988e9503c9531933be
-  data.tar.gz: 77d0509bb39c0d274bedb21152c8de1c340ed9d2
+  metadata.gz: f9e60ed4c0cf8087605426ff18b859a4effcb7d0
+  data.tar.gz: 23c46cc1407a5c521b8d7ac4a3130f85c3ef368e
 SHA512:
-  metadata.gz: c2d5095da3b865dc73abf72abf2492f12641d1ddef9b772f82ce6f68427354dcc10da2f1e4f81ec2766ee59133911f3a85a83239aca40f9b937eabc8c6b16122
-  data.tar.gz: 660afcfda580390e17abe2cf36e0dc1c91980121953209ffe5baf4bba83ebd08480a3304673e8987fc0120b675a3771ca29618303bccbcd576c5f068eaf62b9c
+  metadata.gz: 2774fd7e5f13d104a7c2cf24bcd03f8402162e388a296dbfe75d1632e8a2c60477d106923a89a95ade20b8185fd324a40ef30de2a264ee3707620fd3818eb579
+  data.tar.gz: d283315d8d0025df28dc433b01fbd8a883f219c3dd1bb022e194f967ee4bf4d17a810bea6ec73e65aac40f5f497e5496fb7a67424452dfdcd99b953581a4cfdd

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data.tar.gz.sig CHANGED Viewed

@@ -1,2 +1,3 @@
-;h�&���m��Nޭ��v}����5��}�[a\L/SX���u�,X��k,
-{(�T�f�cTT����fx3��&��8����B�*��+���[��4��a�m(�*�R�.zl�N-�	�f8&t�A0W78^m��&/�gҊ�M��)^���Do�N
+�{�ZL�q���G��ˉ٨xR�7�ˌ�):�[a�s?m`�`sE�ͫ��Z.je�J�Z��ӥo�=��;8���u)'F��O�;��d�qZ�]	��[�J���)=KWwj��2�wX�hK}&�.T���[w��)�*w�PW5�h��MpT|��h�}JF�z᛼��uå�1l�H���]�z$
+l
+�_}|����-�����6IB�m��Zq�j5䂚<g�]b��*�6���։�Ԭ+9]:O9����O&n�ͳ

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## v0.3.1
+This update sets `AWS_SDK_CONFIG_OPT_OUT` before the `aws-sdk` Ruby gem is
+loaded to start assuming roles, to disable newer AWS Ruby SDK functionality that
+allows the assumption of roles from `~/.aws/config` directly through the
+toolchain. This conflicts with `aws-runas`'s own config file handling and breaks
+in scenarios where one may want a default `~/.aws/config` file but no
+credentials (ie: instance profiles).
 ## v0.3.0
 Add session only features:

data/aws_runas.gemspec CHANGED Viewed

@@ -37,7 +37,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ['>= 2.1']
-  spec.add_dependency 'aws-sdk', '~> 2.2'
+  spec.add_dependency 'aws-sdk', '~> 2.6'
   spec.add_dependency 'inifile', '~> 3.0'
   spec.add_dependency 'trollop', '~> 2.1'

data/lib/aws_runas/main.rb CHANGED Viewed

@@ -14,6 +14,11 @@
 require 'aws_runas/config'
 require 'aws_runas/utils'
+# AWS_SDK_CONFIG_OPT_OUT must be set here so that we use the pre-2.4 SDK
+# behaviour, which ensures that ~/.aws/config is not re-read when assuming
+# roles.
+ENV.store('AWS_SDK_CONFIG_OPT_OUT', '1')
 require 'aws-sdk'
 module AwsRunAs

data/lib/aws_runas/version.rb CHANGED Viewed

@@ -13,5 +13,5 @@
 # limitations under the License.
 module AwsRunAs
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'
 end

data/spec/aws_runas/main_spec.rb CHANGED Viewed

@@ -16,6 +16,9 @@ require 'spec_helper'
 require 'aws_runas/main'
 MFA_ERROR = 'No mfa_serial in selected profile, session will be useless'.freeze
+AWS_DEFAULT_CFG_PATH = "#{Dir.home}/.aws/config".freeze
+AWS_DEFAULT_CREDENTIALS_PATH = "#{Dir.home}/.aws/credentials".freeze
+AWS_LOCAL_CFG_PATH = "#{Dir.pwd}/aws_config".freeze
 describe AwsRunAs::Main do
   before(:context) do
@@ -68,6 +71,31 @@ describe AwsRunAs::Main do
       ENV.store('AWS_SESSION_TOKEN', 'foo')
       @main.assume_role
     end
+    context 'with $HOME/.aws/config (test AWS_SDK_CONFIG_OPT_OUT)' do
+      before(:example) do
+        Aws.config.update(stub_responses: false)
+        allow(File).to receive(:exist?).with(AWS_LOCAL_CFG_PATH).and_return false
+        allow(File).to receive(:exist?).with(AWS_DEFAULT_CFG_PATH).and_return true
+        allow(File).to receive(:exist?).with(AWS_DEFAULT_CREDENTIALS_PATH).and_return false
+        allow(File).to receive(:read).with(AWS_DEFAULT_CFG_PATH).and_return File.read(MOCK_AWS_NO_SOURCE_PATH)
+        allow(IniFile).to receive(:load).with(AWS_DEFAULT_CFG_PATH).and_return IniFile.load(MOCK_AWS_NO_SOURCE_PATH)
+        allow(Aws::AssumeRoleCredentials).to receive(:new).and_return(
+          Aws::AssumeRoleCredentials.new(
+            role_arn: 'roleARN',
+            role_session_name: 'roleSessionName',
+            stub_responses: true
+          )
+        )
+        @main = AwsRunAs::Main.new(
+          profile: 'test-profile'
+        )
+      end
+      it 'assumes a role correctly' do
+        @main.assume_role
+      end
+    end
   end
   describe '#credentials_env' do
@@ -75,16 +103,18 @@ describe AwsRunAs::Main do
       @env = @main.credentials_env
     end
-    it 'returns AWS_ACCESS_KEY_ID set in env' do
-      expect(@env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
-    end
+    context 'with a static, user-defined config path' do
+      it 'returns AWS_ACCESS_KEY_ID set in env' do
+        expect(@env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
+      end
-    it 'returns AWS_SECRET_ACCESS_KEY set in env' do
-      expect(@env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
-    end
+      it 'returns AWS_SECRET_ACCESS_KEY set in env' do
+        expect(@env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
+      end
-    it 'returns AWS_SESSION_TOKEN set in env' do
-      expect(@env['AWS_SESSION_TOKEN']).to eq('tokenType')
+      it 'returns AWS_SESSION_TOKEN set in env' do
+        expect(@env['AWS_SESSION_TOKEN']).to eq('tokenType')
+      end
     end
   end

data/spec/helpers/config_spec.rb CHANGED Viewed

@@ -16,3 +16,4 @@ require 'spec_helper'
 MOCK_AWS_CONFIGPATH = File.expand_path('../files/aws_config', __FILE__)
 MOCK_AWS_NO_MFA_PATH = File.expand_path('../files/aws_config_nomfa', __FILE__)
+MOCK_AWS_NO_SOURCE_PATH = File.expand_path('../files/aws_config_nosource', __FILE__)

data/spec/helpers/files/aws_config_nosource ADDED Viewed

@@ -0,0 +1,6 @@
+[default]
+region = us-east-1
+[profile test-profile]
+role_arn = arn:aws:iam::123456789012:role/test-admin
+region = us-west-1

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_runas
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Chris Marchesi
@@ -31,7 +31,7 @@ cert_chain:
   reriQxVYXGlD8ZDuaKlDyVqUbF026ZHIlHKIgg90O037qFPxCBACTtxtYTP2hwug
   Yis=
   -----END CERTIFICATE-----
-date: 2016-06-11 00:00:00.000000000 Z
+date: 2016-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -39,14 +39,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.6'
 - !ruby/object:Gem::Dependency
   name: inifile
   requirement: !ruby/object:Gem::Requirement
@@ -163,6 +163,7 @@ files:
 - spec/helpers/config_spec.rb
 - spec/helpers/files/aws_config
 - spec/helpers/files/aws_config_nomfa
+- spec/helpers/files/aws_config_nosource
 - spec/spec_helper.rb
 homepage: https://github.com/vancluever/aws-runas
 licenses:
@@ -196,4 +197,5 @@ test_files:
 - spec/helpers/config_spec.rb
 - spec/helpers/files/aws_config
 - spec/helpers/files/aws_config_nomfa
+- spec/helpers/files/aws_config_nosource
 - spec/spec_helper.rb

metadata.gz.sig CHANGED Viewed

Binary file