aws_runas 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +1 -0
- data/CHANGELOG.md +7 -0
- data/LICENSE +1 -1
- data/README.md +38 -10
- data/lib/aws_runas/main.rb +2 -0
- data/lib/aws_runas/version.rb +1 -1
- data/spec/aws_runas/main_spec.rb +36 -8
- metadata +3 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 354da6c78da53eb8386cfb4bd53251271e4f19c3
|
4
|
+
data.tar.gz: 39b6306ebfe1599e54abb61507d73a0a3e7b428e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26d43b13c4c6f7b051f88a053da1ee80ab15b3bc6e9d854eecf9a3db8dc4b952f3dafd35c52e386e48083a8e9137b1fd17536f1532990b5f51e450e5411286e5
|
7
|
+
data.tar.gz: 416193ead9c704909597dd3ee6d94da7b02b0e1845f89a801309f0a764ee7db1a3f5b53ae5bd550826cb5faf796a0d9303980bf202a645d500ee6580fb5c749f
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
## v0.4.2
|
2
|
+
|
3
|
+
The role that aws-runas assumed and the profile it used are now exposed as
|
4
|
+
`AWS_RUNAS_ASSUMED_ROLE_ARN` and `AWS_RUNAS_PROFILE`, respectively. These can be
|
5
|
+
used in scripts to track the profile being used or the role ARN used, in case
|
6
|
+
this data is needed later, or for troubleshooting purposes.
|
7
|
+
|
1
8
|
## v0.4.1
|
2
9
|
|
3
10
|
Fixed the escape sequence in the bash shell prompt indicator so that it has the
|
data/LICENSE
CHANGED
@@ -186,7 +186,7 @@
|
|
186
186
|
same "printed page" as the copyright notice for easier
|
187
187
|
identification within third-party archives.
|
188
188
|
|
189
|
-
Copyright 2015 Chris Marchesi
|
189
|
+
Copyright 2015-2017 Chris Marchesi
|
190
190
|
|
191
191
|
Licensed under the Apache License, Version 2.0 (the "License");
|
192
192
|
you may not use this file except in compliance with the License.
|
data/README.md
CHANGED
@@ -31,6 +31,34 @@ thing, but there are some differentiators in this gem:
|
|
31
31
|
you for MFA (useful for tooling that needs to assume multiple roles off the
|
32
32
|
same session token).
|
33
33
|
|
34
|
+
How it Works
|
35
|
+
-------------
|
36
|
+
|
37
|
+
Roles are assumed, or session tokens are simply acquired (if `--no-role` is
|
38
|
+
specified) via the `AssumeRole` or the `GetSessionToken` AWS STS API calls.
|
39
|
+
After this, your command or shell is launched with the standard AWS credential
|
40
|
+
chain environment variables set:
|
41
|
+
|
42
|
+
* `AWS_ACCESS_KEY_ID`
|
43
|
+
* `AWS_SECRET_ACCESS_KEY`
|
44
|
+
* `AWS_SESSION_TOKEN`
|
45
|
+
|
46
|
+
### Additional Variables
|
47
|
+
|
48
|
+
In addition to the above, two toolchain-local environment variables are set to
|
49
|
+
help you determine what credentials are in use locally:
|
50
|
+
|
51
|
+
* `AWS_RUNAS_ASSUMED_ROLE_ARN` - set when a role is assumed (not set if
|
52
|
+
`--no-role` is used)
|
53
|
+
* `AWS_RUNAS_PROFILE` - set with the profile used when `aws-runas` was run
|
54
|
+
|
55
|
+
### Fancy Bash Prompt
|
56
|
+
|
57
|
+
If you use `aws-runas` without any options and your default shell is Bash, a
|
58
|
+
colorized prompt will appear with the profile that is in use if a role is
|
59
|
+
assumed, or a simple `(AWS)` indicator added to the prompt if a session token is
|
60
|
+
only obtained. See the video at the start of the doc for a demo!
|
61
|
+
|
34
62
|
Usage
|
35
63
|
------
|
36
64
|
|
@@ -64,18 +92,18 @@ Usage on Windows
|
|
64
92
|
-----------------
|
65
93
|
|
66
94
|
`aws_runas` works on Windows platforms, but YMMV. The gem has been tested
|
67
|
-
lightly on Cygwin and
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
95
|
+
lightly on Cygwin and MSYS. Cygwin works great if you use the self-contained
|
96
|
+
Ruby ecosystem. Operating on MSYS or bare Windows will probably work as well as
|
97
|
+
any other Ruby gem. Running on WSL has not been tested, but as long as you can
|
98
|
+
get the minimum required Ruby version on it (currently >= 2.2.6), it should
|
99
|
+
generally work.
|
72
100
|
|
73
101
|
### OpenSSL Cert Bundle for Windows
|
74
102
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
103
|
+
Running `aws-runas` on native Windows may require the installation of a CA
|
104
|
+
certificate bundle. To do this, you will need to get the certificate bundle from
|
105
|
+
somewhere like [here](http://curl.haxx.se/docs/caextract.html) and set your
|
106
|
+
`SSL_CERT_FILE` environment variable to go to the file.
|
79
107
|
|
80
108
|
|
81
109
|
Author
|
@@ -87,7 +115,7 @@ License
|
|
87
115
|
--------
|
88
116
|
|
89
117
|
```
|
90
|
-
Copyright 2015 Chris Marchesi
|
118
|
+
Copyright 2015-2017 Chris Marchesi
|
91
119
|
|
92
120
|
Licensed under the Apache License, Version 2.0 (the "License");
|
93
121
|
you may not use this file except in compliance with the License.
|
data/lib/aws_runas/main.rb
CHANGED
@@ -73,6 +73,8 @@ module AwsRunAs
|
|
73
73
|
env['AWS_ACCESS_KEY_ID'] = @role_credentials.access_key_id
|
74
74
|
env['AWS_SECRET_ACCESS_KEY'] = @role_credentials.secret_access_key
|
75
75
|
env['AWS_SESSION_TOKEN'] = @role_credentials.session_token
|
76
|
+
env['AWS_RUNAS_PROFILE'] = @cfg.profile
|
77
|
+
env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn') unless @no_role
|
76
78
|
env
|
77
79
|
end
|
78
80
|
|
data/lib/aws_runas/version.rb
CHANGED
data/spec/aws_runas/main_spec.rb
CHANGED
@@ -99,21 +99,49 @@ describe AwsRunAs::Main do
|
|
99
99
|
end
|
100
100
|
|
101
101
|
describe '#credentials_env' do
|
102
|
-
before
|
103
|
-
|
102
|
+
before do
|
103
|
+
allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
|
104
|
+
Aws::STS::Client.new(
|
105
|
+
stub_responses: true
|
106
|
+
)
|
107
|
+
)
|
108
|
+
end
|
109
|
+
subject(:env) do
|
110
|
+
ENV.delete('AWS_SESSION_TOKEN')
|
111
|
+
main = AwsRunAs::Main.new(
|
112
|
+
path: MOCK_AWS_CONFIGPATH,
|
113
|
+
profile: 'test-profile',
|
114
|
+
mfa_code: '123456',
|
115
|
+
no_role: no_role
|
116
|
+
)
|
117
|
+
main.assume_role
|
118
|
+
main.credentials_env
|
104
119
|
end
|
120
|
+
let(:no_role) { false }
|
105
121
|
|
106
|
-
context 'with
|
122
|
+
context 'with role assumed' do
|
107
123
|
it 'returns AWS_ACCESS_KEY_ID set in env' do
|
108
|
-
expect(
|
124
|
+
expect(env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
|
109
125
|
end
|
110
|
-
|
111
126
|
it 'returns AWS_SECRET_ACCESS_KEY set in env' do
|
112
|
-
expect(
|
127
|
+
expect(env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
|
113
128
|
end
|
114
|
-
|
115
129
|
it 'returns AWS_SESSION_TOKEN set in env' do
|
116
|
-
expect(
|
130
|
+
expect(env['AWS_SESSION_TOKEN']).to eq('tokenType')
|
131
|
+
end
|
132
|
+
it 'has AWS_RUNAS_PROFILE set to the profile in use' do
|
133
|
+
expect(env['AWS_RUNAS_PROFILE']).to eq('test-profile')
|
134
|
+
end
|
135
|
+
it 'has AWS_RUNAS_ASSUMED_ROLE_ARN set to the assumed role ARN' do
|
136
|
+
expect(env['AWS_RUNAS_ASSUMED_ROLE_ARN']).to eq('arn:aws:iam::123456789012:role/test-admin')
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
context 'with no role assumed' do
|
141
|
+
let(:no_role) { true }
|
142
|
+
|
143
|
+
it 'does not have AWS_RUNAS_ASSUMED_ROLE_ARN set' do
|
144
|
+
expect(env).to_not have_key('AWS_RUNAS_ASSUMED_ROLE_ARN')
|
117
145
|
end
|
118
146
|
end
|
119
147
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_runas
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Marchesi
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
|
32
32
|
2zQ=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date: 2017-03
|
34
|
+
date: 2017-05-03 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: aws-sdk
|
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
187
187
|
version: '0'
|
188
188
|
requirements: []
|
189
189
|
rubyforge_project:
|
190
|
-
rubygems_version: 2.6.
|
190
|
+
rubygems_version: 2.6.11
|
191
191
|
signing_key:
|
192
192
|
specification_version: 4
|
193
193
|
summary: Run a command or shell under an assumed AWS IAM role
|
metadata.gz.sig
CHANGED
Binary file
|