aws_ssh_key 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: a1d98409d56eb70c50fad4bf78a9ef33f09f9a236c461d55b509e88eb48031d5
4
+ data.tar.gz: 22f4e64bfcfdbfbfa9d34f53a0d79797a7ab9cd752692b6cf02edb7c2c46e9f2
5
+ SHA512:
6
+ metadata.gz: 9b2369b7c4bcc28bd075f146930085e3b09dd74fff58ce03a9658e6f36ff2624643e8d9585603e69cb117b5b80b67552f070ebc9e9a25a183f0b18d1ce23740d
7
+ data.tar.gz: 98b192366415ea0c3177e45905b3740fefd8adcec53d5a1d1d312e6ad898d87dc9bed6d1d8fb7cd4df8e5763d2f26e734b0527f70a544bd0c0461dd3a221395f
@@ -0,0 +1,12 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
12
+ .ruby-version
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.4.3
5
+ before_install: gem install bundler -v 1.16.2
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in aws_ssh_key.gemspec
6
+ gemspec
@@ -0,0 +1,45 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ aws_ssh_key (0.1.0)
5
+ aws-sdk (~> 2.11)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ aws-sdk (2.11.78)
11
+ aws-sdk-resources (= 2.11.78)
12
+ aws-sdk-core (2.11.78)
13
+ aws-sigv4 (~> 1.0)
14
+ jmespath (~> 1.0)
15
+ aws-sdk-resources (2.11.78)
16
+ aws-sdk-core (= 2.11.78)
17
+ aws-sigv4 (1.0.3)
18
+ diff-lcs (1.3)
19
+ jmespath (1.4.0)
20
+ rake (12.3.1)
21
+ rspec (3.7.0)
22
+ rspec-core (~> 3.7.0)
23
+ rspec-expectations (~> 3.7.0)
24
+ rspec-mocks (~> 3.7.0)
25
+ rspec-core (3.7.1)
26
+ rspec-support (~> 3.7.0)
27
+ rspec-expectations (3.7.0)
28
+ diff-lcs (>= 1.2.0, < 2.0)
29
+ rspec-support (~> 3.7.0)
30
+ rspec-mocks (3.7.0)
31
+ diff-lcs (>= 1.2.0, < 2.0)
32
+ rspec-support (~> 3.7.0)
33
+ rspec-support (3.7.1)
34
+
35
+ PLATFORMS
36
+ ruby
37
+
38
+ DEPENDENCIES
39
+ aws_ssh_key!
40
+ bundler
41
+ rake
42
+ rspec
43
+
44
+ BUNDLED WITH
45
+ 1.16.2
@@ -0,0 +1,35 @@
1
+ # AwsSshKey
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/aws_ssh_key`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'aws_ssh_key'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install aws_ssh_key
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/aws_ssh_key.
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,31 @@
1
+
2
+ lib = File.expand_path("../lib", __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require "aws_ssh_key/version"
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "aws_ssh_key"
8
+ spec.version = AwsSshKey::VERSION
9
+ spec.authors = ["kief "]
10
+ spec.email = ["kmorris@thoughtworks.com"]
11
+
12
+ spec.summary = 'Library to manage ssh keys stored in AWS encrypted parameter store'
13
+ spec.description = 'Library to manage ssh keys stored in AWS encrypted parameter store'
14
+ spec.homepage = 'https://github.com/cloudspinners/aws_ssh_key'
15
+ spec.license = 'MIT'
16
+
17
+ # Specify which files should be added to the gem when it is released.
18
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
19
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
20
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
21
+ end
22
+ spec.bindir = "exe"
23
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
24
+ spec.require_paths = ["lib"]
25
+
26
+ spec.add_dependency 'aws-sdk', '~> 2.11'
27
+
28
+ spec.add_development_dependency 'rspec'
29
+ spec.add_development_dependency 'bundler'
30
+ spec.add_development_dependency 'rake'
31
+ end
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "aws_ssh_key"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,56 @@
1
+ require 'fileutils'
2
+ require 'aws_ssh_key/version'
3
+ require 'aws_ssh_key/key_maker'
4
+ require 'aws_ssh_key/secure_parameter'
5
+
6
+ module AwsSshKey
7
+
8
+ class Key
9
+
10
+ def initialize(key_path:, key_name:, aws_region:, role: nil, tags: {})
11
+ @key_path = key_path
12
+ @key_name = key_name
13
+ @aws_region = aws_region
14
+ @tags = tags
15
+
16
+ @secure_parameter_ssh_key_public = "#{key_path}/ssh_key/#{key_name}/public"
17
+ @secure_parameter_ssh_key_private = "#{key_path}/ssh_key/#{key_name}/private"
18
+
19
+ @public_key = nil
20
+ @role_to_assume = role
21
+ end
22
+
23
+ def load
24
+ if @public_key.nil?
25
+ @public_key = get_remote_public_key
26
+ end
27
+ if @public_key.nil?
28
+ key_pair = generate_key
29
+ put_remote_key_pair(key_pair)
30
+ @public_key = key_pair
31
+ end
32
+ @key
33
+ end
34
+
35
+ def get_remote_public_key
36
+ AwsSshKey::SecureParameter.get_parameter(@secure_parameter_ssh_key_public, @aws_region, @role_to_assume)
37
+ end
38
+
39
+ def generate_key
40
+ AwsSshKey::KeyMaker.make_key(@key_name)
41
+ end
42
+
43
+ def put_remote_key_pair(key_pair)
44
+ AwsSshKey::SecureParameter.put_parameter(@secure_parameter_ssh_key_public, key_pair[:public], @aws_region, @role_to_assume, @tags)
45
+ AwsSshKey::SecureParameter.put_parameter(@secure_parameter_ssh_key_private, key_pair[:private], @aws_region, @role_to_assume, @tags)
46
+ key_pair[:public]
47
+ end
48
+
49
+ def write(folder)
50
+ FileUtils.mkpath folder
51
+ File.open("#{folder}/#{@key_name}.pub", 'w') {|f| f.write(@public_key) }
52
+ end
53
+
54
+ end
55
+
56
+ end
@@ -0,0 +1,19 @@
1
+ require "aws_ssh_key/version"
2
+
3
+ module AwsSshKey
4
+
5
+ class KeyMaker
6
+ def self.make_key(keyname)
7
+ Dir.mktmpdir {|dir|
8
+ `ssh-keygen -N '' -f "#{dir}/#{keyname}" -b 4096`
9
+ private_key = IO.read("#{dir}/#{keyname}")
10
+ public_key = IO.read("#{dir}/#{keyname}.pub")
11
+ {
12
+ :private => private_key,
13
+ :public => public_key
14
+ }
15
+ }
16
+ end
17
+ end
18
+
19
+ end
@@ -0,0 +1,77 @@
1
+ require 'aws-sdk'
2
+
3
+ module AwsSshKey
4
+
5
+ class SecureParameter
6
+
7
+ def self.client(region, arn_of_role_to_assume = nil)
8
+ if arn_of_role_to_assume.nil?
9
+ Aws::SSM::Client.new(
10
+ region: region
11
+ )
12
+ else
13
+ Aws::SSM::Client.new(
14
+ region: region,
15
+ credentials: assumed_credentials(region, arn_of_role_to_assume)
16
+ )
17
+ end
18
+ end
19
+
20
+ def self.assumed_credentials(region, arn_of_role_to_assume)
21
+ Aws::AssumeRoleCredentials.new(
22
+ role_arn: arn_of_role_to_assume,
23
+ role_session_name: 'aws_ssh_key'
24
+ )
25
+ end
26
+
27
+ def self.get_parameter(name, region, arn_of_role_to_assume = nil)
28
+ ssm = client(region, arn_of_role_to_assume)
29
+ if parameter_exists?(name, region, arn_of_role_to_assume) then
30
+ parameter = ssm.get_parameter({
31
+ name: name,
32
+ with_decryption: true,
33
+ }).parameter
34
+ parameter.value
35
+ else
36
+ nil
37
+ end
38
+ end
39
+
40
+ def self.parameter_exists?(name, region, arn_of_role_to_assume = nil)
41
+ ssm = client(region, arn_of_role_to_assume)
42
+ parameters = ssm.describe_parameters({
43
+ filters: [
44
+ {
45
+ key: "Name",
46
+ values: [name]
47
+ }
48
+ ]
49
+ }).parameters
50
+ parameters.size > 0
51
+ end
52
+
53
+ def self.put_parameter(name, value, region, arn_of_role_to_assume, tags)
54
+ ssm = client(region, arn_of_role_to_assume)
55
+ ssm.put_parameter({
56
+ name: name,
57
+ value: value,
58
+ type: "SecureString",
59
+ overwrite: true
60
+ })
61
+
62
+ unless tags.empty?
63
+ tag_list = tags.map { |key, value|
64
+ { key: key, value: value }
65
+ }
66
+
67
+ resp = ssm.add_tags_to_resource({
68
+ resource_type: 'Parameter',
69
+ resource_id: name,
70
+ tags: tag_list
71
+ })
72
+ end
73
+ end
74
+
75
+ end
76
+
77
+ end
@@ -0,0 +1,3 @@
1
+ module AwsSshKey
2
+ VERSION = "0.1.0"
3
+ end
metadata ADDED
@@ -0,0 +1,114 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: aws_ssh_key
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - 'kief '
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2018-07-13 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-sdk
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.11'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rspec
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Library to manage ssh keys stored in AWS encrypted parameter store
70
+ email:
71
+ - kmorris@thoughtworks.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - ".rspec"
78
+ - ".travis.yml"
79
+ - Gemfile
80
+ - Gemfile.lock
81
+ - README.md
82
+ - Rakefile
83
+ - aws_ssh_key.gemspec
84
+ - bin/console
85
+ - bin/setup
86
+ - lib/aws_ssh_key.rb
87
+ - lib/aws_ssh_key/key_maker.rb
88
+ - lib/aws_ssh_key/secure_parameter.rb
89
+ - lib/aws_ssh_key/version.rb
90
+ homepage: https://github.com/cloudspinners/aws_ssh_key
91
+ licenses:
92
+ - MIT
93
+ metadata: {}
94
+ post_install_message:
95
+ rdoc_options: []
96
+ require_paths:
97
+ - lib
98
+ required_ruby_version: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ required_rubygems_version: !ruby/object:Gem::Requirement
104
+ requirements:
105
+ - - ">="
106
+ - !ruby/object:Gem::Version
107
+ version: '0'
108
+ requirements: []
109
+ rubyforge_project:
110
+ rubygems_version: 2.7.6
111
+ signing_key:
112
+ specification_version: 4
113
+ summary: Library to manage ssh keys stored in AWS encrypted parameter store
114
+ test_files: []