aws_runas 0.4.1 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3cf662be3a59636d2a1a7ff48aa16f94ab59c3cd
-  data.tar.gz: ce8b78edee148945ccd0eef3387f9218b90801e8
+  metadata.gz: 354da6c78da53eb8386cfb4bd53251271e4f19c3
+  data.tar.gz: 39b6306ebfe1599e54abb61507d73a0a3e7b428e
 SHA512:
-  metadata.gz: '084c9f4f888f25eb54aca7b6fa4a645cd92efb2389c89d7cebe5c8452ccd0b4eb9e341a2ff6092cdaa37c86d0edb083c3c91bdfb81b8be68263febaf57577705'
-  data.tar.gz: 0c209927cefdd91c01074b25d99d408add9642b81084d95766716e2470d6d9d16ba2ad553e9ad18ace383f47a578ee0e7e1510950d998455212d4ba0dbec1cdd
+  metadata.gz: 26d43b13c4c6f7b051f88a053da1ee80ab15b3bc6e9d854eecf9a3db8dc4b952f3dafd35c52e386e48083a8e9137b1fd17536f1532990b5f51e450e5411286e5
+  data.tar.gz: 416193ead9c704909597dd3ee6d94da7b02b0e1845f89a801309f0a764ee7db1a3f5b53ae5bd550826cb5faf796a0d9303980bf202a645d500ee6580fb5c749f

data/.travis.yml

@@ -1,3 +1,4 @@
+dist: trusty
 langauge: ruby
 rvm:
   - "2.4.0"

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## v0.4.2
+
+The role that aws-runas assumed and the profile it used are now exposed as
+`AWS_RUNAS_ASSUMED_ROLE_ARN` and `AWS_RUNAS_PROFILE`, respectively. These can be
+used in scripts to track the profile being used or the role ARN used, in case
+this data is needed later, or for troubleshooting purposes.
+
 ## v0.4.1
 
 Fixed the escape sequence in the bash shell prompt indicator so that it has the

data/LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2015 Chris Marchesi
+   Copyright 2015-2017 Chris Marchesi
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

data/README.md

@@ -31,6 +31,34 @@ thing, but there are some differentiators in this gem:
    you for MFA (useful for tooling that needs to assume multiple roles off the
    same session token).
 
+How it Works
+-------------
+
+Roles are assumed, or session tokens are simply acquired (if `--no-role` is
+specified) via the `AssumeRole` or the `GetSessionToken` AWS STS API calls.
+After this, your command or shell is launched with the standard AWS credential
+chain environment variables set:
+
+ * `AWS_ACCESS_KEY_ID`
+ * `AWS_SECRET_ACCESS_KEY`
+ * `AWS_SESSION_TOKEN`
+
+### Additional Variables
+
+In addition to the above, two toolchain-local environment variables are set to
+help you determine what credentials are in use locally:
+
+ * `AWS_RUNAS_ASSUMED_ROLE_ARN` - set when a role is assumed (not set if
+   `--no-role` is used)
+ * `AWS_RUNAS_PROFILE` - set with the profile used when `aws-runas` was run
+
+### Fancy Bash Prompt
+
+If you use `aws-runas` without any options and your default shell is Bash, a
+colorized prompt will appear with the profile that is in use if a role is
+assumed, or a simple `(AWS)` indicator added to the prompt if a session token is
+only obtained. See the video at the start of the doc for a demo!
+
 Usage
 ------
 
@@ -64,18 +92,18 @@ Usage on Windows
 -----------------
 
 `aws_runas` works on Windows platforms, but YMMV. The gem has been tested
-lightly on Cygwin and MinGW32, and if I needed to recommend one over the other,
-I would recommend Cygwin.
-
-If you want to use the gem on Windows without Cygwin, the following below may
-be necessary:
+lightly on Cygwin and MSYS. Cygwin works great if you use the self-contained
+Ruby ecosystem. Operating on MSYS or bare Windows will probably work as well as
+any other Ruby gem. Running on WSL has not been tested, but as long as you can
+get the minimum required Ruby version on it (currently >= 2.2.6), it should
+generally work.
 
 ### OpenSSL Cert Bundle for Windows
 
-OpenSSL does not come pre-bundled with a CA certificate bundle on non-Cygwin
-Windows installations. To get this working with that, you will need to get
-the certificate bundle from somewhere like [here](http://curl.haxx.se/docs/caextract.html)
-and set your `SSL_CERT_FILE` environment variable to go to the file.
+Running `aws-runas` on native Windows may require the installation of a CA
+certificate bundle. To do this, you will need to get the certificate bundle from
+somewhere like [here](http://curl.haxx.se/docs/caextract.html) and set your
+`SSL_CERT_FILE` environment variable to go to the file.
 
 
 Author
@@ -87,7 +115,7 @@ License
 --------
 
 ```
-Copyright 2015 Chris Marchesi
+Copyright 2015-2017 Chris Marchesi
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/lib/aws_runas/main.rb

@@ -73,6 +73,8 @@ module AwsRunAs
       env['AWS_ACCESS_KEY_ID'] = @role_credentials.access_key_id
       env['AWS_SECRET_ACCESS_KEY'] = @role_credentials.secret_access_key
       env['AWS_SESSION_TOKEN'] = @role_credentials.session_token
+      env['AWS_RUNAS_PROFILE'] = @cfg.profile
+      env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn') unless @no_role
       env
     end
 

data/lib/aws_runas/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 
 module AwsRunAs
-  VERSION = '0.4.1'
+  VERSION = '0.4.2'
 end

data/spec/aws_runas/main_spec.rb

@@ -99,21 +99,49 @@ describe AwsRunAs::Main do
   end
 
   describe '#credentials_env' do
-    before(:context) do
-      @env = @main.credentials_env
+    before do
+      allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
+        Aws::STS::Client.new(
+          stub_responses: true
+        )
+      )
+    end
+    subject(:env) do
+      ENV.delete('AWS_SESSION_TOKEN')
+      main = AwsRunAs::Main.new(
+        path: MOCK_AWS_CONFIGPATH,
+        profile: 'test-profile',
+        mfa_code: '123456',
+        no_role: no_role
+      )
+      main.assume_role
+      main.credentials_env
     end
+    let(:no_role) { false }
 
-    context 'with a static, user-defined config path' do
+    context 'with role assumed' do
       it 'returns AWS_ACCESS_KEY_ID set in env' do
-        expect(@env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
+        expect(env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
       end
-
       it 'returns AWS_SECRET_ACCESS_KEY set in env' do
-        expect(@env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
+        expect(env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
       end
-
       it 'returns AWS_SESSION_TOKEN set in env' do
-        expect(@env['AWS_SESSION_TOKEN']).to eq('tokenType')
+        expect(env['AWS_SESSION_TOKEN']).to eq('tokenType')
+      end
+      it 'has AWS_RUNAS_PROFILE set to the profile in use' do
+        expect(env['AWS_RUNAS_PROFILE']).to eq('test-profile')
+      end
+      it 'has AWS_RUNAS_ASSUMED_ROLE_ARN set to the assumed role ARN' do
+        expect(env['AWS_RUNAS_ASSUMED_ROLE_ARN']).to eq('arn:aws:iam::123456789012:role/test-admin')
+      end
+    end
+
+    context 'with no role assumed' do
+      let(:no_role) { true }
+
+      it 'does not have AWS_RUNAS_ASSUMED_ROLE_ARN set' do
+        expect(env).to_not have_key('AWS_RUNAS_ASSUMED_ROLE_ARN')
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws_runas
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - Chris Marchesi
@@ -31,7 +31,7 @@ cert_chain:
   80WBA6xKwX0zwURD8J7WNieL2iY5AhBg26cHuFLMQGTCyNEeZHZHnJhCwuBcnV1w
   2zQ=
   -----END CERTIFICATE-----
-date: 2017-03-17 00:00:00.000000000 Z
+date: 2017-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -187,7 +187,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Run a command or shell under an assumed AWS IAM role