aws_session_token 0.5.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.semver +2 -2
- data/bin/aws_session_token +18 -0
- data/lib/aws_session_token.rb +1 -0
- data/lib/aws_session_token/cli.rb +3 -1
- data/lib/aws_session_token/console.rb +35 -0
- data/lib/aws_session_token/options.rb +18 -5
- data/spec/aws_session_token/cli_spec.rb +4 -0
- data/spec/aws_session_token/options_spec.rb +27 -21
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 823b2357e963f5cd6bd8f1ee6f8205f70219febc
|
4
|
+
data.tar.gz: e1fcce8d063d5258f9c67fa74b29cd365ff8f779
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 58a4448806b562224bc95ad5252ecbcfd5c0f1c5a79dd04665df8b54710fead49e6fef83bdc3f3bb2c14af8d74453532cbbec527d897b6f07ac294d6f1305f52
|
7
|
+
data.tar.gz: 7afec25d871d033a05d2908dd08645e31ec412e2eb5e9a65faf31fa58abadfe83f126502fe57796250280b78c1cc249a9f5cb274547e52398ca499b07dfded3f
|
data/.semver
CHANGED
data/bin/aws_session_token
CHANGED
@@ -1,6 +1,24 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
#
|
5
|
+
# AWS Session Token Gem - Tool to wrap AWS API to create and store Session tokens
|
6
|
+
# so that other commands/tools (e.g. Terraform) can function as necessary.
|
7
|
+
#
|
8
|
+
# Copyright 2018 Bryan Stopp <bryan.stopp@gmail.com>
|
9
|
+
#
|
10
|
+
# Licensed under the Apache License, Version 2.0 (the 'License');
|
11
|
+
# you may not use this file except in compliance with the License.
|
12
|
+
# You may obtain a copy of the License at
|
13
|
+
#
|
14
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
15
|
+
#
|
16
|
+
# Unless required by applicable law or agreed to in writing, software
|
17
|
+
# distributed under the License is distributed on an 'AS IS' BASIS,
|
18
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
19
|
+
# See the License for the specific language governing permissions and
|
20
|
+
# limitations under the License.
|
21
|
+
|
4
22
|
$LOAD_PATH.unshift("#{__dir__}/../lib")
|
5
23
|
|
6
24
|
require 'aws_session_token'
|
data/lib/aws_session_token.rb
CHANGED
@@ -28,6 +28,7 @@ module AwsSessionToken
|
|
28
28
|
def initialize
|
29
29
|
@options = Options.new
|
30
30
|
@creds_file = CredentialsFile.new
|
31
|
+
@console = Console.new
|
31
32
|
end
|
32
33
|
|
33
34
|
def run
|
@@ -37,7 +38,8 @@ module AwsSessionToken
|
|
37
38
|
mfa = mfa_device
|
38
39
|
token = @options.token || token_prompt
|
39
40
|
creds = session_token(mfa, token)
|
40
|
-
@creds_file.write(@options.credentials_file, @options.session_profile, creds)
|
41
|
+
@creds_file.write(@options.credentials_file, @options.session_profile, creds) if @options.session_profile
|
42
|
+
@console.write(creds) if @options.console
|
41
43
|
end
|
42
44
|
|
43
45
|
def validate_creds_file
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#
|
4
|
+
# AWS Session Token Gem - Tool to wrap AWS API to create and store
|
5
|
+
# Session tokens so that other commands/tools (e.g. Terraform) can function as
|
6
|
+
# necessary.
|
7
|
+
#
|
8
|
+
#
|
9
|
+
# Copyright 2018 Bryan Stopp <bryan.stopp@gmail.com>
|
10
|
+
#
|
11
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
12
|
+
# you may not use this file except in compliance with the License.
|
13
|
+
# You may obtain a copy of the License at
|
14
|
+
#
|
15
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
16
|
+
#
|
17
|
+
# Unless required by applicable law or agreed to in writing, software
|
18
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
19
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
20
|
+
# See the License for the specific language governing permissions and
|
21
|
+
# limitations under the License.
|
22
|
+
#
|
23
|
+
|
24
|
+
module AwsSessionToken
|
25
|
+
|
26
|
+
# Helper class for outputting creds to console in export variable format.
|
27
|
+
class Console
|
28
|
+
|
29
|
+
def write(credentials)
|
30
|
+
$stdout.puts "export AWS_ACCESS_KEY_ID=#{credentials.access_key_id}"
|
31
|
+
$stdout.puts "export AWS_SECRET_ACCESS_KEY=#{credentials.secret_access_key}"
|
32
|
+
$stdout.puts "export AWS_SESSION_TOKEN=#{credentials.session_token}"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -26,15 +26,15 @@ module AwsSessionToken
|
|
26
26
|
SESSION_PROFILE = 'session_profile'
|
27
27
|
DURATION = 3600
|
28
28
|
|
29
|
-
attr_accessor :credentials_file, :duration, :profile, :profile_provided, :session_profile, :token, :user
|
29
|
+
attr_accessor :console, :credentials_file, :duration, :profile, :profile_provided, :session_profile, :token, :user
|
30
30
|
|
31
31
|
def initialize
|
32
32
|
creds = Aws::SharedCredentials.new
|
33
33
|
self.credentials_file = creds.path
|
34
34
|
self.profile = creds.profile_name
|
35
|
-
self.session_profile = SESSION_PROFILE
|
36
35
|
self.duration = DURATION
|
37
36
|
self.profile_provided = false
|
37
|
+
self.console = false
|
38
38
|
end
|
39
39
|
|
40
40
|
def parse(args)
|
@@ -54,6 +54,7 @@ module AwsSessionToken
|
|
54
54
|
user_option(opts)
|
55
55
|
profile_option(opts)
|
56
56
|
session_profile_option(opts)
|
57
|
+
console_option(opts)
|
57
58
|
duration_option(opts)
|
58
59
|
token_option(opts)
|
59
60
|
common_options(opts)
|
@@ -82,9 +83,16 @@ module AwsSessionToken
|
|
82
83
|
end
|
83
84
|
|
84
85
|
def session_profile_option(opts)
|
85
|
-
opts.on('-s', '--session SESSION_PROFILE',
|
86
|
+
opts.on('-s', '--session [SESSION_PROFILE]',
|
86
87
|
'Specify the name of the profile used to store the session credentials.') do |s|
|
87
|
-
self.session_profile = s
|
88
|
+
self.session_profile = s || SESSION_PROFILE
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def console_option(opts)
|
93
|
+
opts.on('-c', '--console',
|
94
|
+
'Output session information to the console as environment variables available to export.') do
|
95
|
+
self.console = true
|
88
96
|
end
|
89
97
|
end
|
90
98
|
|
@@ -96,7 +104,7 @@ module AwsSessionToken
|
|
96
104
|
end
|
97
105
|
|
98
106
|
def token_option(opts)
|
99
|
-
opts.on('-t', '--token TOKEN',
|
107
|
+
opts.on('-t', '--token [TOKEN]',
|
100
108
|
'Specify the OTP Token to use for creating the session credentials.') do |t|
|
101
109
|
self.token = t
|
102
110
|
end
|
@@ -117,12 +125,17 @@ module AwsSessionToken
|
|
117
125
|
|
118
126
|
def validate
|
119
127
|
validate_profiles
|
128
|
+
validate_output
|
120
129
|
end
|
121
130
|
|
122
131
|
def validate_profiles
|
123
132
|
raise ArgumentError, 'Profile and Session Profile must be different.' if profile == session_profile
|
124
133
|
self.user ||= profile if profile_provided
|
125
134
|
end
|
135
|
+
|
136
|
+
def validate_output
|
137
|
+
raise ArgumentError, 'Either Console or Session Profile is required.' unless console || session_profile
|
138
|
+
end
|
126
139
|
end
|
127
140
|
|
128
141
|
end
|
@@ -50,6 +50,10 @@ describe AwsSessionToken::CLI do
|
|
50
50
|
let(:mfa_token) { '123456' }
|
51
51
|
|
52
52
|
describe 'run' do
|
53
|
+
before do
|
54
|
+
ARGV.clear
|
55
|
+
ARGV << '-s'
|
56
|
+
end
|
53
57
|
it 'should work' do
|
54
58
|
expect(cli).to receive(:set_aws_creds)
|
55
59
|
expect(cli).to receive(:mfa_device).and_return(mfa_arn)
|
@@ -47,9 +47,6 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
47
47
|
it 'should default the profile name' do
|
48
48
|
expect(options.profile).to eq(demo_creds.profile_name)
|
49
49
|
end
|
50
|
-
it 'should default the session_profile name' do
|
51
|
-
expect(options.session_profile).to eq('session_profile')
|
52
|
-
end
|
53
50
|
it 'should default the duration' do
|
54
51
|
expect(options.duration).to eq(AwsSessionToken::Options::DURATION)
|
55
52
|
end
|
@@ -74,9 +71,10 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
74
71
|
-f, --file FILE Specify a custom credentials file.
|
75
72
|
-u, --user USER Specify the AWS User name for passing to API.
|
76
73
|
-p, --profile PROFILE Specify the AWS credentials profile to use. Also sets user, if user is not provided.
|
77
|
-
-s, --session SESSION_PROFILE
|
74
|
+
-s, --session [SESSION_PROFILE] Specify the name of the profile used to store the session credentials.
|
75
|
+
-c, --console Output session information to the console as environment variables available to export.
|
78
76
|
-d, --duration DURATION Specify the duration the of the token in seconds. (Default 3600)
|
79
|
-
-t, --token TOKEN
|
77
|
+
-t, --token [TOKEN] Specify the OTP Token to use for creating the session credentials.
|
80
78
|
|
81
79
|
Common options:
|
82
80
|
-h, --help Show this message.
|
@@ -107,8 +105,8 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
107
105
|
expect { options.parse(['--file']) }.to raise_error(OptionParser::MissingArgument)
|
108
106
|
end
|
109
107
|
it 'succeeds with an argument' do
|
110
|
-
expect { options.parse(%w[-f /foo/bar]) }.to_not raise_error(OptionParser::MissingArgument)
|
111
|
-
expect { options.parse(%w[--file /foo/bar]) }.to_not raise_error(OptionParser::MissingArgument)
|
108
|
+
expect { options.parse(%w[-f /foo/bar -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
109
|
+
expect { options.parse(%w[--file /foo/bar -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
112
110
|
end
|
113
111
|
end
|
114
112
|
|
@@ -118,8 +116,8 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
118
116
|
expect { options.parse(['--profile']) }.to raise_error(OptionParser::MissingArgument)
|
119
117
|
end
|
120
118
|
it 'succeeds with an argument' do
|
121
|
-
expect { options.parse(%w[-p foo]) }.to_not raise_error(OptionParser::MissingArgument)
|
122
|
-
expect { options.parse(%w[--profile foo]) }.to_not raise_error(OptionParser::MissingArgument)
|
119
|
+
expect { options.parse(%w[-p foo -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
120
|
+
expect { options.parse(%w[--profile foo -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
123
121
|
end
|
124
122
|
end
|
125
123
|
|
@@ -129,15 +127,19 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
129
127
|
expect { options.parse(['--user']) }.to raise_error(OptionParser::MissingArgument)
|
130
128
|
end
|
131
129
|
it 'succeeds with an argument' do
|
132
|
-
expect { options.parse(%w[-u foo]) }.to_not raise_error(OptionParser::MissingArgument)
|
133
|
-
expect { options.parse(%w[--user foo]) }.to_not raise_error(OptionParser::MissingArgument)
|
130
|
+
expect { options.parse(%w[-u foo -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
131
|
+
expect { options.parse(%w[--user foo -c]) }.to_not raise_error(OptionParser::MissingArgument)
|
134
132
|
end
|
135
133
|
end
|
136
134
|
|
137
135
|
describe '-s/--session' do
|
138
|
-
it '
|
139
|
-
|
140
|
-
expect
|
136
|
+
it '-s defaults with no argument' do
|
137
|
+
options.parse(['-s'])
|
138
|
+
expect(options.session_profile).to eq('session_profile')
|
139
|
+
end
|
140
|
+
it '-s defaults with no argument' do
|
141
|
+
options.parse(['--session'])
|
142
|
+
expect(options.session_profile).to eq('session_profile')
|
141
143
|
end
|
142
144
|
it 'succeeds with an argument' do
|
143
145
|
expect { options.parse(%w[-s bar]) }.to_not raise_error(OptionParser::MissingArgument)
|
@@ -155,19 +157,19 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
155
157
|
expect { options.parse(%w[--duration abc]) }.to raise_error(OptionParser::InvalidArgument)
|
156
158
|
end
|
157
159
|
it 'succeeds if argument is an integer' do
|
158
|
-
expect { options.parse(%w[-d 1800]) }.to_not raise_error
|
159
|
-
expect { options.parse(%w[--duration 1800]) }.to_not raise_error
|
160
|
+
expect { options.parse(%w[-d 1800 -c]) }.to_not raise_error
|
161
|
+
expect { options.parse(%w[--duration 1800 -c]) }.to_not raise_error
|
160
162
|
end
|
161
163
|
end
|
162
164
|
|
163
165
|
describe '-t/--token' do
|
164
166
|
it 'succeeds with optional argument' do
|
165
|
-
expect { options.parse([
|
166
|
-
expect { options.parse([
|
167
|
+
expect { options.parse(%w[-t -c]) }.to_not raise_error
|
168
|
+
expect { options.parse(%w[--token -c]) }.to_not raise_error
|
167
169
|
end
|
168
170
|
it 'succeeds with an argument' do
|
169
|
-
expect { options.parse(%w[-t 123456]) }.to_not raise_error
|
170
|
-
expect { options.parse(%w[--token 123456]) }.to_not raise_error
|
171
|
+
expect { options.parse(%w[-t 123456 -c]) }.to_not raise_error
|
172
|
+
expect { options.parse(%w[--token 123456 -c]) }.to_not raise_error
|
171
173
|
end
|
172
174
|
end
|
173
175
|
|
@@ -175,8 +177,12 @@ describe AwsSessionToken::Options, :isolated_environment do
|
|
175
177
|
it 'does not allow -p & -s' do
|
176
178
|
expect { options.parse(%w[-p default -s default]) }.to raise_error(ArgumentError)
|
177
179
|
end
|
180
|
+
it 'requires either -c or -s' do
|
181
|
+
expect { options.parse(%w[-p default]) }.to raise_error(ArgumentError)
|
182
|
+
end
|
183
|
+
|
178
184
|
it 'defaults profile attr to user if unspecified' do
|
179
|
-
options.parse(%w[-p foo])
|
185
|
+
options.parse(%w[-p foo -c])
|
180
186
|
expect(options.profile).to eq(options.user)
|
181
187
|
end
|
182
188
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws_session_token
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Bryan Stopp
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-11-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -205,6 +205,7 @@ files:
|
|
205
205
|
- config/syntax.yaml
|
206
206
|
- lib/aws_session_token.rb
|
207
207
|
- lib/aws_session_token/cli.rb
|
208
|
+
- lib/aws_session_token/console.rb
|
208
209
|
- lib/aws_session_token/credentials_file.rb
|
209
210
|
- lib/aws_session_token/options.rb
|
210
211
|
- spec/aws_session_token/cli_spec.rb
|