awsam 0.1.1 → 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9c70666399bda74e53eb0616fc92b3155abad02f
+  data.tar.gz: 027737d11502c2278b1b0543625077a8b131119f
+SHA512:
+  metadata.gz: 3da93fc42c7ce5ad720d635d1fdfd552df0b69f43492462eaa876923c73fbb08b1b0ffbc35dbedf5f963e2d8be17a5c312b254f6729c28a4a835fb3d6d299625
+  data.tar.gz: c7e1d3cca1aff03500a5417673d9a9b3565305f2721acdfc9d849b0868356b86e2f521f981638cab55d385ad0fd14f29709a266fcb666f587fe0e707788cdd67

data/README.md

@@ -41,13 +41,20 @@ AWSAM supports both AWS' legacy [Java-based CLI tools](http://docs.aws.amazon.co
 
 ### Environment variables
 
-*AWS Account Manager* sets a variety of environment variables when
-selecting accounts and SSH keypairs. Some of these environment
-variables match the ones used by the Amazon EC2 CLI tools and some our
-unique to AWSAM. It is often convenient to use these environment
-variables in DevOPs scripts in place of hard-coded values -- allowing
-your scripts to be seamlessly used for staging and production
-environments simply by switching the active account with `aem`.
+*AWS Account Manager* will set a variety of environment variables when
+ you execute the `aenv` shell wrapper:
+
+    $ env | grep AMAZON_ACCESS
+    Exit 1
+    $ aenv env | grep AMAZON_ACCESS
+    AMAZON_ACCESS_KEY_ID=AK....
+
+Some of these environment variables match the ones used by the Amazon
+EC2 CLI tools and some our unique to AWSAM. It is often convenient to
+use these environment variables in DevOPs scripts in place of
+hard-coded values -- allowing your scripts to be seamlessly used for
+staging and production environments simply by switching the active
+account with `aem` and wrapping execution of the command with `aenv`.
 
 The environment variables set when selecting an account are:
 
@@ -63,6 +70,10 @@ set:
 * `AMAZON_SSH_KEY_NAME` - Name of the keypair.
 * `AMAZON_SSH_KEY_FILE` - Full path to the public key PEM file
 
+**NOTE:** As of version 0.2.0, these are no longer set in the shell
+  environment by default. You must run any command that requires AWS
+  access with the `aenv` wrapper.
+
 ### Updating
 
 1. Update repo (fetch && merge) or `gem update awsam`
@@ -151,6 +162,16 @@ list` output.
 
     $ aem key use --default my-key-name
 
+### aenv utility: wrap command execution with AWS environment
+
+The `aenv` utility will wrap execution of any command with the AWS
+environment variables matching the currently selected account. This
+allows you to securely propagate environment variables only to
+commands that should have access to the current environment. Just
+prefix your command execution with `aenv` like:
+
+    $ aenv aws s3 ls
+
 ### assh utility: SSH by instance ID
 
 Instance IDs will be looked up using the current account details. If

data/bashrc/rc.scr

@@ -316,6 +316,11 @@ function __aem_use()
 	echo "AWSAccessKeyId=${AWS_ACCESS_KEY_ID}"   >| ${CREDENTIALS_FILE}
 	echo "AWSSecretKey=${AWS_SECRET_ACCESS_KEY}" >> ${CREDENTIALS_FILE}
 
+	# We're done, so clear the environment. This protects against
+	# leaking AWS creds to other apps.
+	UNSET_ENV=$(raem --environ --account $ACCT --unset)
+	eval $UNSET_ENV
+
 	return 0
 }
 

data/bin/aenv

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Local Variables:
+# mode: sh
+# End:
+
+if [ $# -lt 1 ]; then
+	echo "Usage: aenv cmd [arg1 arg2 ...]"
+	exit 1
+fi
+
+if [ -z "$AWSAM_ACTIVE_ACCOUNT" ]; then
+	echo "Must pick an account first with `aem use <>`"
+	exit 1
+fi
+
+ENV=$(raem --environ --account $AWSAM_ACTIVE_ACCOUNT --export)
+eval $ENV
+
+exec "$@"

data/bin/raem

@@ -103,6 +103,14 @@ optparse = OptionParser.new do|opts|
     $cmd = :environ_key
   end
 
+  opts.on('--export') do
+    $options[:set_export] = true
+  end
+
+  opts.on('--unset') do
+    $options[:unset_environ] = true
+  end
+
   opts.on('--init') do
     $cmd = :init
   end
@@ -176,7 +184,11 @@ when :environ
     end
   end
 
-  acct.print_environ
+  if $options[:unset_environ]
+    acct.print_unset_environ
+  else
+    acct.print_environ(!$options[:set_export].nil?)
+  end
 
 when :environ_key
   unless $options[:keyname]

data/lib/awsam/account.rb

@@ -45,7 +45,15 @@ module Awsam
       end
     end
 
-    def print_environ
+    def print_unset_environ
+      Utils::bash_unset_environ(get_environ)
+    end
+
+    def print_environ(set_export)
+      Utils::bash_environ(get_environ, set_export)
+    end
+
+    def get_environ
       envs = {
         "AMAZON_ACCESS_KEY_ID"     => @params[:access_key],
         "AWS_ACCESS_KEY_ID"        => @params[:access_key],
@@ -60,8 +68,6 @@ module Awsam
 
         "EC2_URL"                  => ec2_url
       }
-
-      Utils::bash_environ(envs)
     end
 
     def find_key(name)

data/lib/awsam/utils.rb

@@ -9,10 +9,17 @@ module Awsam
       end
     end
 
+    # Unset each of the environ settings to clear the environ
+    def self.bash_unset_environ(envs)
+      envs.each_pair do |k, v|
+        puts "unset #{k}"
+      end
+    end
+
     # Print the appropriate environment variables set commands for bash
-    def self::bash_environ(envs)
+    def self::bash_environ(envs, set_export = true)
       envs.each_pair do |k, v|
-        puts "export #{k}=\"#{v}\""
+        puts "%s#{k}=\"#{v}\"" % [set_export ? "export " : ""]
       end
     end
 

data/lib/awsam/version.rb

@@ -1,3 +1,3 @@
 module Awsam
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,36 +1,32 @@
 --- !ruby/object:Gem::Specification
 name: awsam
 version: !ruby/object:Gem::Version
-  version: 0.1.1
-  prerelease: 
+  version: 0.2.0
 platform: ruby
 authors:
 - Mike Heffner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-14 00:00:00.000000000 Z
+date: 2017-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.3.22
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.3.22
 - !ruby/object:Gem::Dependency
   name: trollop
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -46,52 +41,50 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
 description: Amazon Web Services Account Manager (modeled after 'rvm')
 email:
 - mikeh@fesnel.com
 executables:
+- aenv
 - ascp
 - assh
 - raem
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - awsam.gemspec
 - bashrc/rc.scr
+- bin/aenv
 - bin/ascp
 - bin/assh
 - bin/raem
@@ -107,33 +100,26 @@ files:
 homepage: ''
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 1925284677082289227
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 1925284677082289227
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23.2
+rubygems_version: 2.4.5.1
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Amazon Web Services Account Manager
 test_files:
 - test/helper.rb