aws_runas 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +1 -0
- data/CHANGELOG.md +7 -0
- data/LICENSE +1 -1
- data/README.md +38 -10
- data/lib/aws_runas/main.rb +2 -0
- data/lib/aws_runas/version.rb +1 -1
- data/spec/aws_runas/main_spec.rb +36 -8
- metadata +3 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 354da6c78da53eb8386cfb4bd53251271e4f19c3
|
4
|
+
data.tar.gz: 39b6306ebfe1599e54abb61507d73a0a3e7b428e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26d43b13c4c6f7b051f88a053da1ee80ab15b3bc6e9d854eecf9a3db8dc4b952f3dafd35c52e386e48083a8e9137b1fd17536f1532990b5f51e450e5411286e5
|
7
|
+
data.tar.gz: 416193ead9c704909597dd3ee6d94da7b02b0e1845f89a801309f0a764ee7db1a3f5b53ae5bd550826cb5faf796a0d9303980bf202a645d500ee6580fb5c749f
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
## v0.4.2
|
2
|
+
|
3
|
+
The role that aws-runas assumed and the profile it used are now exposed as
|
4
|
+
`AWS_RUNAS_ASSUMED_ROLE_ARN` and `AWS_RUNAS_PROFILE`, respectively. These can be
|
5
|
+
used in scripts to track the profile being used or the role ARN used, in case
|
6
|
+
this data is needed later, or for troubleshooting purposes.
|
7
|
+
|
1
8
|
## v0.4.1
|
2
9
|
|
3
10
|
Fixed the escape sequence in the bash shell prompt indicator so that it has the
|
data/LICENSE
CHANGED
@@ -186,7 +186,7 @@
|
|
186
186
|
same "printed page" as the copyright notice for easier
|
187
187
|
identification within third-party archives.
|
188
188
|
|
189
|
-
Copyright 2015 Chris Marchesi
|
189
|
+
Copyright 2015-2017 Chris Marchesi
|
190
190
|
|
191
191
|
Licensed under the Apache License, Version 2.0 (the "License");
|
192
192
|
you may not use this file except in compliance with the License.
|
data/README.md
CHANGED
@@ -31,6 +31,34 @@ thing, but there are some differentiators in this gem:
|
|
31
31
|
you for MFA (useful for tooling that needs to assume multiple roles off the
|
32
32
|
same session token).
|
33
33
|
|
34
|
+
How it Works
|
35
|
+
-------------
|
36
|
+
|
37
|
+
Roles are assumed, or session tokens are simply acquired (if `--no-role` is
|
38
|
+
specified) via the `AssumeRole` or the `GetSessionToken` AWS STS API calls.
|
39
|
+
After this, your command or shell is launched with the standard AWS credential
|
40
|
+
chain environment variables set:
|
41
|
+
|
42
|
+
* `AWS_ACCESS_KEY_ID`
|
43
|
+
* `AWS_SECRET_ACCESS_KEY`
|
44
|
+
* `AWS_SESSION_TOKEN`
|
45
|
+
|
46
|
+
### Additional Variables
|
47
|
+
|
48
|
+
In addition to the above, two toolchain-local environment variables are set to
|
49
|
+
help you determine what credentials are in use locally:
|
50
|
+
|
51
|
+
* `AWS_RUNAS_ASSUMED_ROLE_ARN` - set when a role is assumed (not set if
|
52
|
+
`--no-role` is used)
|
53
|
+
* `AWS_RUNAS_PROFILE` - set with the profile used when `aws-runas` was run
|
54
|
+
|
55
|
+
### Fancy Bash Prompt
|
56
|
+
|
57
|
+
If you use `aws-runas` without any options and your default shell is Bash, a
|
58
|
+
colorized prompt will appear with the profile that is in use if a role is
|
59
|
+
assumed, or a simple `(AWS)` indicator added to the prompt if a session token is
|
60
|
+
only obtained. See the video at the start of the doc for a demo!
|
61
|
+
|
34
62
|
Usage
|
35
63
|
------
|
36
64
|
|
@@ -64,18 +92,18 @@ Usage on Windows
|
|
64
92
|
-----------------
|
65
93
|
|
66
94
|
`aws_runas` works on Windows platforms, but YMMV. The gem has been tested
|
67
|
-
lightly on Cygwin and
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
95
|
+
lightly on Cygwin and MSYS. Cygwin works great if you use the self-contained
|
96
|
+
Ruby ecosystem. Operating on MSYS or bare Windows will probably work as well as
|
97
|
+
any other Ruby gem. Running on WSL has not been tested, but as long as you can
|
98
|
+
get the minimum required Ruby version on it (currently >= 2.2.6), it should
|
99
|
+
generally work.
|
72
100
|
|
73
101
|
### OpenSSL Cert Bundle for Windows
|
74
102
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
103
|
+
Running `aws-runas` on native Windows may require the installation of a CA
|
104
|
+
certificate bundle. To do this, you will need to get the certificate bundle from
|
105
|
+
somewhere like [here](http://curl.haxx.se/docs/caextract.html) and set your
|
106
|
+
`SSL_CERT_FILE` environment variable to go to the file.
|
79
107
|
|
80
108
|
|
81
109
|
Author
|
@@ -87,7 +115,7 @@ License
|
|
87
115
|
--------
|
88
116
|
|
89
117
|
```
|
90
|
-
Copyright 2015 Chris Marchesi
|
118
|
+
Copyright 2015-2017 Chris Marchesi
|
91
119
|
|
92
120
|
Licensed under the Apache License, Version 2.0 (the "License");
|
93
121
|
you may not use this file except in compliance with the License.
|
data/lib/aws_runas/main.rb
CHANGED
@@ -73,6 +73,8 @@ module AwsRunAs
|
|
73
73
|
env['AWS_ACCESS_KEY_ID'] = @role_credentials.access_key_id
|
74
74
|
env['AWS_SECRET_ACCESS_KEY'] = @role_credentials.secret_access_key
|
75
75
|
env['AWS_SESSION_TOKEN'] = @role_credentials.session_token
|
76
|
+
env['AWS_RUNAS_PROFILE'] = @cfg.profile
|
77
|
+
env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn') unless @no_role
|
76
78
|
env
|
77
79
|
end
|
78
80
|
|
data/lib/aws_runas/version.rb
CHANGED
data/spec/aws_runas/main_spec.rb
CHANGED
@@ -99,21 +99,49 @@ describe AwsRunAs::Main do
|
|
99
99
|
end
|
100
100
|
|
101
101
|
describe '#credentials_env' do
|
102
|
-
before
|
103
|
-
|
102
|
+
before do
|
103
|
+
allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
|
104
|
+
Aws::STS::Client.new(
|
105
|
+
stub_responses: true
|
106
|
+
)
|
107
|
+
)
|
108
|
+
end
|
109
|
+
subject(:env) do
|
110
|
+
ENV.delete('AWS_SESSION_TOKEN')
|
111
|
+
main = AwsRunAs::Main.new(
|
112
|
+
path: MOCK_AWS_CONFIGPATH,
|
113
|
+
profile: 'test-profile',
|
114
|
+
mfa_code: '123456',
|
115
|
+
no_role: no_role
|
116
|
+
)
|
117
|
+
main.assume_role
|
118
|
+
main.credentials_env
|
104
119
|
end
|
120
|
+
let(:no_role) { false }
|
105
121
|
|
106
|
-
context 'with
|
122
|
+
context 'with role assumed' do
|
107
123
|
it 'returns AWS_ACCESS_KEY_ID set in env' do
|
108
|
-
expect(
|
124
|
+
expect(env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
|
109
125
|
end
|
110
|
-
|
111
126
|
it 'returns AWS_SECRET_ACCESS_KEY set in env' do
|
112
|
-
expect(
|
127
|
+
expect(env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
|
113
128
|
end
|
114
|
-
|
115
129
|
it 'returns AWS_SESSION_TOKEN set in env' do
|
116
|
-
expect(
|
130
|
+
expect(env['AWS_SESSION_TOKEN']).to eq('tokenType')
|
131
|
+
end
|
132
|
+
it 'has AWS_RUNAS_PROFILE set to the profile in use' do
|
133
|
+
expect(env['AWS_RUNAS_PROFILE']).to eq('test-profile')
|
134
|
+
end
|
135
|
+
it 'has AWS_RUNAS_ASSUMED_ROLE_ARN set to the assumed role ARN' do
|
136
|
+
expect(env['AWS_RUNAS_ASSUMED_ROLE_ARN']).to eq('arn:aws:iam::123456789012:role/test-admin')
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
context 'with no role assumed' do
|
141
|
+
let(:no_role) { true }
|
142
|
+
|
143
|
+
it 'does not have AWS_RUNAS_ASSUMED_ROLE_ARN set' do
|
144
|
+
expect(env).to_not have_key('AWS_RUNAS_ASSUMED_ROLE_ARN')
|
117
145
|
end
|
118
146
|
end
|
119
147
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_runas
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Marchesi
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
|
32
32
|
2zQ=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date: 2017-03
|
34
|
+
date: 2017-05-03 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: aws-sdk
|
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
187
187
|
version: '0'
|
188
188
|
requirements: []
|
189
189
|
rubyforge_project:
|
190
|
-
rubygems_version: 2.6.
|
190
|
+
rubygems_version: 2.6.11
|
191
191
|
signing_key:
|
192
192
|
specification_version: 4
|
193
193
|
summary: Run a command or shell under an assumed AWS IAM role
|
metadata.gz.sig
CHANGED
Binary file
|