awsecrets 1.13.0 → 1.14.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8502b9ee75ac740ecdc77ba755789d48d53f85f4
4
- data.tar.gz: b2c69e88b743afb44281aa3def9df1a134978ac8
3
+ metadata.gz: b57fc9a0340fffea08fbcfddff251f9ef297cbcc
4
+ data.tar.gz: 70a54f7ee11afd5c3cee22fe9def13e193228791
5
5
  SHA512:
6
- metadata.gz: 6d5247906f68137ec2c7b8c4b811416335632bda0067b94f602c2d95b8fe7780ddfd6107416564694ce6c4128a136b9e2b670fe9d4e62ce92a93927990dfc87b
7
- data.tar.gz: f4f346b1381789ea59f283dafee43e7d37fed1a11e7adcef3cc1af14ecb4ef0480e10de569efe03a68a2f5f27e532a03f42261bf77ed93324fa4f2d6c6c90558
6
+ metadata.gz: 00715cbafab1b0f33df6da7ad7ddd394eb0b5083666f8f164b1a585a715d229188853f1e48b98b5b4a64fe8703c4b4e8e56a3552577a73151e122eb74e23b8b8
7
+ data.tar.gz: 7fb15484326e4a5f48884eb12429db4b5d8f0ef55d944066b96d135c47340747c4db0a0f3c73081e29282e1455eab5f34db7d77fcda852c0c342ee6e9870f250
data/.gitignore CHANGED
@@ -7,3 +7,4 @@
7
7
  /pkg/
8
8
  /spec/reports/
9
9
  /tmp/
10
+ *.sw*
@@ -11,10 +11,10 @@ Metrics/AbcSize:
11
11
  Max: 50
12
12
 
13
13
  Metrics/ClassLength:
14
- Max: 120
14
+ Max: 125
15
15
 
16
16
  Metrics/ModuleLength:
17
- Max: 120
17
+ Max: 125
18
18
 
19
19
  Metrics/CyclomaticComplexity:
20
20
  Max: 15
data/README.md CHANGED
@@ -62,7 +62,7 @@ $ ec2sample i-1aa1aaaa
62
62
 
63
63
  ### Use AssumeRole
64
64
 
65
- Support `role_arn` `role_session_name` `source_profile`.
65
+ Support `role_arn` `role_session_name` `source_profile` `external_id`.
66
66
 
67
67
  #### 1. .aws/config and .aws/credentials
68
68
 
@@ -72,6 +72,7 @@ see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
72
72
  # .aws/config
73
73
  [profile assumed]
74
74
  role_arn = arn:aws:iam::123456780912:role/assumed-role
75
+ external_id = myfoo_id
75
76
  source_profile = assume_test
76
77
  ```
77
78
 
data/Rakefile CHANGED
@@ -9,10 +9,13 @@ begin
9
9
  rescue LoadError
10
10
  end
11
11
 
12
+ desc 'Default task: run spec'
13
+ task default: 'spec'
14
+
15
+ desc 'Run spec:all - spec:core and spec:rubocop'
12
16
  task spec: 'spec:all'
13
17
  namespace :spec do
14
- task all: ['spec:core',
15
- 'spec:rubocop']
18
+ task all: ['spec:core', 'spec:rubocop']
16
19
  RSpec::Core::RakeTask.new(:core)
17
20
  RuboCop::RakeTask.new
18
21
  end
@@ -1,8 +1,6 @@
1
- # coding: utf-8
2
-
3
1
  lib = File.expand_path('../lib', __FILE__)
4
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
- require 'awsecrets/version'
3
+ require_relative 'lib/awsecrets/version'
6
4
 
7
5
  Gem::Specification.new do |spec|
8
6
  spec.name = 'awsecrets'
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
- require 'awsecrets'
2
+ require_relative '../lib/awsecrets'
3
3
 
4
4
  Awsecrets.load
5
5
  ec2_client = Aws::EC2::Client.new
@@ -1,4 +1,4 @@
1
- require 'awsecrets/version'
1
+ require_relative 'awsecrets/version'
2
2
  require 'optparse'
3
3
  require 'aws-sdk'
4
4
  require 'aws_config'
@@ -7,12 +7,20 @@ require 'yaml'
7
7
 
8
8
  module Awsecrets
9
9
  def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
10
- @profile = profile
11
- @region = region
12
- @secrets_path = secrets_path
10
+ @profile = profile
11
+ @region = region
12
+ @secrets_path = secrets_path
13
13
  @disable_load_secrets = disable_load_secrets
14
14
  @disable_load_secrets = true if secrets_path == false
15
- @credentials = @access_key_id = @secret_access_key = @session_token = @role_arn = @source_profile = nil
15
+
16
+ @credentials = nil
17
+ @access_key_id = nil
18
+ @secret_access_key = nil
19
+ @session_token = nil
20
+ @role_arn = nil
21
+ @external_id = nil
22
+ @source_profile = nil
23
+ @role_session_name = nil
16
24
 
17
25
  # 1. Command Line Options
18
26
  load_options if load_method_args
@@ -48,15 +56,15 @@ module Awsecrets
48
56
  end
49
57
 
50
58
  def self.load_env
51
- @region ||= ENV['AWS_REGION']
52
- @region ||= ENV['AWS_DEFAULT_REGION']
53
- @profile ||= ENV['AWS_PROFILE']
59
+ @region ||= ENV['AWS_REGION']
60
+ @region ||= ENV['AWS_DEFAULT_REGION']
61
+ @profile ||= ENV['AWS_PROFILE']
54
62
  @secrets_path ||= ENV['AWS_SECRETS_PATH']
55
63
  return if @access_key_id
56
64
  return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
57
- @access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
65
+ @access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
58
66
  @secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
59
- @session_token ||= ENV['AWS_SESSION_TOKEN']
67
+ @session_token ||= ENV['AWS_SESSION_TOKEN']
60
68
  end
61
69
 
62
70
  def self.load_yaml
@@ -68,21 +76,24 @@ module Awsecrets
68
76
  return unless creds &&
69
77
  creds.include?('aws_access_key_id') &&
70
78
  creds.include?('aws_secret_access_key')
71
- @access_key_id ||= creds['aws_access_key_id']
79
+ @access_key_id ||= creds['aws_access_key_id']
72
80
  @secret_access_key ||= creds['aws_secret_access_key']
73
- @session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
74
- @role_arn ||= creds['role_arn'] if creds.include?('role_arn')
81
+ @session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
82
+ @role_arn ||= creds['role_arn'] if creds.include?('role_arn')
83
+ @external_id ||= creds['external_id'] if creds.include?('external_id')
75
84
  @role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
85
+
76
86
  return unless @role_arn
77
87
  @role_session_name ||= generate_session_name
78
- @credentials ||= Aws::AssumeRoleCredentials.new(
88
+ @credentials ||= role_creds(
79
89
  client: Aws::STS::Client.new(
80
90
  region: @region,
81
91
  access_key_id: @access_key_id,
82
92
  secret_access_key: @secret_access_key
83
93
  ),
84
94
  role_arn: @role_arn,
85
- role_session_name: @role_session_name
95
+ role_session_name: @role_session_name,
96
+ external_id: @external_id
86
97
  )
87
98
  end
88
99
 
@@ -93,9 +104,10 @@ module Awsecrets
93
104
  AWSConfig['default']['region']
94
105
  end
95
106
 
96
- @role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
107
+ @role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
97
108
  @role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
98
- @source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
109
+ @external_id ||= AWSConfig[@profile]['external_id'] if AWSConfig[@profile]
110
+ @source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
99
111
  end
100
112
 
101
113
  def self.set_aws_config
@@ -110,13 +122,14 @@ module Awsecrets
110
122
  AWSConfig['default']['region']
111
123
  end
112
124
 
113
- @credentials ||= Aws::AssumeRoleCredentials.new(
125
+ @credentials ||= role_creds(
114
126
  client: Aws::STS::Client.new(
115
127
  region: region,
116
128
  credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name)
117
129
  ),
118
130
  role_arn: @role_arn,
119
- role_session_name: @role_session_name
131
+ role_session_name: @role_session_name,
132
+ external_id: @external_id
120
133
  )
121
134
  end
122
135
 
@@ -137,4 +150,8 @@ module Awsecrets
137
150
  az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
138
151
  az[0...-1]
139
152
  end
153
+
154
+ def self.role_creds(args)
155
+ Aws::AssumeRoleCredentials.new(args)
156
+ end
140
157
  end
@@ -1,3 +1,3 @@
1
1
  module Awsecrets
2
- VERSION = '1.13.0'
2
+ VERSION = '1.14.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awsecrets
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.13.0
4
+ version: 1.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - k1LoW
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-09-05 00:00:00.000000000 Z
11
+ date: 2017-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk