aws_runas 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3cf662be3a59636d2a1a7ff48aa16f94ab59c3cd
4
- data.tar.gz: ce8b78edee148945ccd0eef3387f9218b90801e8
3
+ metadata.gz: 354da6c78da53eb8386cfb4bd53251271e4f19c3
4
+ data.tar.gz: 39b6306ebfe1599e54abb61507d73a0a3e7b428e
5
5
  SHA512:
6
- metadata.gz: '084c9f4f888f25eb54aca7b6fa4a645cd92efb2389c89d7cebe5c8452ccd0b4eb9e341a2ff6092cdaa37c86d0edb083c3c91bdfb81b8be68263febaf57577705'
7
- data.tar.gz: 0c209927cefdd91c01074b25d99d408add9642b81084d95766716e2470d6d9d16ba2ad553e9ad18ace383f47a578ee0e7e1510950d998455212d4ba0dbec1cdd
6
+ metadata.gz: 26d43b13c4c6f7b051f88a053da1ee80ab15b3bc6e9d854eecf9a3db8dc4b952f3dafd35c52e386e48083a8e9137b1fd17536f1532990b5f51e450e5411286e5
7
+ data.tar.gz: 416193ead9c704909597dd3ee6d94da7b02b0e1845f89a801309f0a764ee7db1a3f5b53ae5bd550826cb5faf796a0d9303980bf202a645d500ee6580fb5c749f
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -1,3 +1,4 @@
1
+ dist: trusty
1
2
  langauge: ruby
2
3
  rvm:
3
4
  - "2.4.0"
@@ -1,3 +1,10 @@
1
+ ## v0.4.2
2
+
3
+ The role that aws-runas assumed and the profile it used are now exposed as
4
+ `AWS_RUNAS_ASSUMED_ROLE_ARN` and `AWS_RUNAS_PROFILE`, respectively. These can be
5
+ used in scripts to track the profile being used or the role ARN used, in case
6
+ this data is needed later, or for troubleshooting purposes.
7
+
1
8
  ## v0.4.1
2
9
 
3
10
  Fixed the escape sequence in the bash shell prompt indicator so that it has the
data/LICENSE CHANGED
@@ -186,7 +186,7 @@
186
186
  same "printed page" as the copyright notice for easier
187
187
  identification within third-party archives.
188
188
 
189
- Copyright 2015 Chris Marchesi
189
+ Copyright 2015-2017 Chris Marchesi
190
190
 
191
191
  Licensed under the Apache License, Version 2.0 (the "License");
192
192
  you may not use this file except in compliance with the License.
data/README.md CHANGED
@@ -31,6 +31,34 @@ thing, but there are some differentiators in this gem:
31
31
  you for MFA (useful for tooling that needs to assume multiple roles off the
32
32
  same session token).
33
33
 
34
+ How it Works
35
+ -------------
36
+
37
+ Roles are assumed, or session tokens are simply acquired (if `--no-role` is
38
+ specified) via the `AssumeRole` or the `GetSessionToken` AWS STS API calls.
39
+ After this, your command or shell is launched with the standard AWS credential
40
+ chain environment variables set:
41
+
42
+ * `AWS_ACCESS_KEY_ID`
43
+ * `AWS_SECRET_ACCESS_KEY`
44
+ * `AWS_SESSION_TOKEN`
45
+
46
+ ### Additional Variables
47
+
48
+ In addition to the above, two toolchain-local environment variables are set to
49
+ help you determine what credentials are in use locally:
50
+
51
+ * `AWS_RUNAS_ASSUMED_ROLE_ARN` - set when a role is assumed (not set if
52
+ `--no-role` is used)
53
+ * `AWS_RUNAS_PROFILE` - set with the profile used when `aws-runas` was run
54
+
55
+ ### Fancy Bash Prompt
56
+
57
+ If you use `aws-runas` without any options and your default shell is Bash, a
58
+ colorized prompt will appear with the profile that is in use if a role is
59
+ assumed, or a simple `(AWS)` indicator added to the prompt if a session token is
60
+ only obtained. See the video at the start of the doc for a demo!
61
+
34
62
  Usage
35
63
  ------
36
64
 
@@ -64,18 +92,18 @@ Usage on Windows
64
92
  -----------------
65
93
 
66
94
  `aws_runas` works on Windows platforms, but YMMV. The gem has been tested
67
- lightly on Cygwin and MinGW32, and if I needed to recommend one over the other,
68
- I would recommend Cygwin.
69
-
70
- If you want to use the gem on Windows without Cygwin, the following below may
71
- be necessary:
95
+ lightly on Cygwin and MSYS. Cygwin works great if you use the self-contained
96
+ Ruby ecosystem. Operating on MSYS or bare Windows will probably work as well as
97
+ any other Ruby gem. Running on WSL has not been tested, but as long as you can
98
+ get the minimum required Ruby version on it (currently >= 2.2.6), it should
99
+ generally work.
72
100
 
73
101
  ### OpenSSL Cert Bundle for Windows
74
102
 
75
- OpenSSL does not come pre-bundled with a CA certificate bundle on non-Cygwin
76
- Windows installations. To get this working with that, you will need to get
77
- the certificate bundle from somewhere like [here](http://curl.haxx.se/docs/caextract.html)
78
- and set your `SSL_CERT_FILE` environment variable to go to the file.
103
+ Running `aws-runas` on native Windows may require the installation of a CA
104
+ certificate bundle. To do this, you will need to get the certificate bundle from
105
+ somewhere like [here](http://curl.haxx.se/docs/caextract.html) and set your
106
+ `SSL_CERT_FILE` environment variable to go to the file.
79
107
 
80
108
 
81
109
  Author
@@ -87,7 +115,7 @@ License
87
115
  --------
88
116
 
89
117
  ```
90
- Copyright 2015 Chris Marchesi
118
+ Copyright 2015-2017 Chris Marchesi
91
119
 
92
120
  Licensed under the Apache License, Version 2.0 (the "License");
93
121
  you may not use this file except in compliance with the License.
@@ -73,6 +73,8 @@ module AwsRunAs
73
73
  env['AWS_ACCESS_KEY_ID'] = @role_credentials.access_key_id
74
74
  env['AWS_SECRET_ACCESS_KEY'] = @role_credentials.secret_access_key
75
75
  env['AWS_SESSION_TOKEN'] = @role_credentials.session_token
76
+ env['AWS_RUNAS_PROFILE'] = @cfg.profile
77
+ env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn') unless @no_role
76
78
  env
77
79
  end
78
80
 
@@ -13,5 +13,5 @@
13
13
  # limitations under the License.
14
14
 
15
15
  module AwsRunAs
16
- VERSION = '0.4.1'
16
+ VERSION = '0.4.2'
17
17
  end
@@ -99,21 +99,49 @@ describe AwsRunAs::Main do
99
99
  end
100
100
 
101
101
  describe '#credentials_env' do
102
- before(:context) do
103
- @env = @main.credentials_env
102
+ before do
103
+ allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
104
+ Aws::STS::Client.new(
105
+ stub_responses: true
106
+ )
107
+ )
108
+ end
109
+ subject(:env) do
110
+ ENV.delete('AWS_SESSION_TOKEN')
111
+ main = AwsRunAs::Main.new(
112
+ path: MOCK_AWS_CONFIGPATH,
113
+ profile: 'test-profile',
114
+ mfa_code: '123456',
115
+ no_role: no_role
116
+ )
117
+ main.assume_role
118
+ main.credentials_env
104
119
  end
120
+ let(:no_role) { false }
105
121
 
106
- context 'with a static, user-defined config path' do
122
+ context 'with role assumed' do
107
123
  it 'returns AWS_ACCESS_KEY_ID set in env' do
108
- expect(@env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
124
+ expect(env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
109
125
  end
110
-
111
126
  it 'returns AWS_SECRET_ACCESS_KEY set in env' do
112
- expect(@env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
127
+ expect(env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
113
128
  end
114
-
115
129
  it 'returns AWS_SESSION_TOKEN set in env' do
116
- expect(@env['AWS_SESSION_TOKEN']).to eq('tokenType')
130
+ expect(env['AWS_SESSION_TOKEN']).to eq('tokenType')
131
+ end
132
+ it 'has AWS_RUNAS_PROFILE set to the profile in use' do
133
+ expect(env['AWS_RUNAS_PROFILE']).to eq('test-profile')
134
+ end
135
+ it 'has AWS_RUNAS_ASSUMED_ROLE_ARN set to the assumed role ARN' do
136
+ expect(env['AWS_RUNAS_ASSUMED_ROLE_ARN']).to eq('arn:aws:iam::123456789012:role/test-admin')
137
+ end
138
+ end
139
+
140
+ context 'with no role assumed' do
141
+ let(:no_role) { true }
142
+
143
+ it 'does not have AWS_RUNAS_ASSUMED_ROLE_ARN set' do
144
+ expect(env).to_not have_key('AWS_RUNAS_ASSUMED_ROLE_ARN')
117
145
  end
118
146
  end
119
147
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws_runas
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Marchesi
@@ -31,7 +31,7 @@ cert_chain:
31
31
  80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
32
32
  2zQ=
33
33
  -----END CERTIFICATE-----
34
- date: 2017-03-17 00:00:00.000000000 Z
34
+ date: 2017-05-03 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: aws-sdk
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
187
  version: '0'
188
188
  requirements: []
189
189
  rubyforge_project:
190
- rubygems_version: 2.6.8
190
+ rubygems_version: 2.6.11
191
191
  signing_key:
192
192
  specification_version: 4
193
193
  summary: Run a command or shell under an assumed AWS IAM role
metadata.gz.sig CHANGED
Binary file