awsecrets 1.13.0 → 1.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +2 -2
- data/README.md +2 -1
- data/Rakefile +5 -2
- data/awsecrets.gemspec +1 -3
- data/bin/testcommand +1 -1
- data/lib/awsecrets.rb +36 -19
- data/lib/awsecrets/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b57fc9a0340fffea08fbcfddff251f9ef297cbcc
|
4
|
+
data.tar.gz: 70a54f7ee11afd5c3cee22fe9def13e193228791
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00715cbafab1b0f33df6da7ad7ddd394eb0b5083666f8f164b1a585a715d229188853f1e48b98b5b4a64fe8703c4b4e8e56a3552577a73151e122eb74e23b8b8
|
7
|
+
data.tar.gz: 7fb15484326e4a5f48884eb12429db4b5d8f0ef55d944066b96d135c47340747c4db0a0f3c73081e29282e1455eab5f34db7d77fcda852c0c342ee6e9870f250
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/README.md
CHANGED
@@ -62,7 +62,7 @@ $ ec2sample i-1aa1aaaa
|
|
62
62
|
|
63
63
|
### Use AssumeRole
|
64
64
|
|
65
|
-
Support `role_arn` `role_session_name` `source_profile`.
|
65
|
+
Support `role_arn` `role_session_name` `source_profile` `external_id`.
|
66
66
|
|
67
67
|
#### 1. .aws/config and .aws/credentials
|
68
68
|
|
@@ -72,6 +72,7 @@ see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
|
|
72
72
|
# .aws/config
|
73
73
|
[profile assumed]
|
74
74
|
role_arn = arn:aws:iam::123456780912:role/assumed-role
|
75
|
+
external_id = myfoo_id
|
75
76
|
source_profile = assume_test
|
76
77
|
```
|
77
78
|
|
data/Rakefile
CHANGED
@@ -9,10 +9,13 @@ begin
|
|
9
9
|
rescue LoadError
|
10
10
|
end
|
11
11
|
|
12
|
+
desc 'Default task: run spec'
|
13
|
+
task default: 'spec'
|
14
|
+
|
15
|
+
desc 'Run spec:all - spec:core and spec:rubocop'
|
12
16
|
task spec: 'spec:all'
|
13
17
|
namespace :spec do
|
14
|
-
task all: ['spec:core',
|
15
|
-
'spec:rubocop']
|
18
|
+
task all: ['spec:core', 'spec:rubocop']
|
16
19
|
RSpec::Core::RakeTask.new(:core)
|
17
20
|
RuboCop::RakeTask.new
|
18
21
|
end
|
data/awsecrets.gemspec
CHANGED
data/bin/testcommand
CHANGED
data/lib/awsecrets.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative 'awsecrets/version'
|
2
2
|
require 'optparse'
|
3
3
|
require 'aws-sdk'
|
4
4
|
require 'aws_config'
|
@@ -7,12 +7,20 @@ require 'yaml'
|
|
7
7
|
|
8
8
|
module Awsecrets
|
9
9
|
def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
|
10
|
-
@profile
|
11
|
-
@region
|
12
|
-
@secrets_path
|
10
|
+
@profile = profile
|
11
|
+
@region = region
|
12
|
+
@secrets_path = secrets_path
|
13
13
|
@disable_load_secrets = disable_load_secrets
|
14
14
|
@disable_load_secrets = true if secrets_path == false
|
15
|
-
|
15
|
+
|
16
|
+
@credentials = nil
|
17
|
+
@access_key_id = nil
|
18
|
+
@secret_access_key = nil
|
19
|
+
@session_token = nil
|
20
|
+
@role_arn = nil
|
21
|
+
@external_id = nil
|
22
|
+
@source_profile = nil
|
23
|
+
@role_session_name = nil
|
16
24
|
|
17
25
|
# 1. Command Line Options
|
18
26
|
load_options if load_method_args
|
@@ -48,15 +56,15 @@ module Awsecrets
|
|
48
56
|
end
|
49
57
|
|
50
58
|
def self.load_env
|
51
|
-
@region
|
52
|
-
@region
|
53
|
-
@profile
|
59
|
+
@region ||= ENV['AWS_REGION']
|
60
|
+
@region ||= ENV['AWS_DEFAULT_REGION']
|
61
|
+
@profile ||= ENV['AWS_PROFILE']
|
54
62
|
@secrets_path ||= ENV['AWS_SECRETS_PATH']
|
55
63
|
return if @access_key_id
|
56
64
|
return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
|
57
|
-
@access_key_id
|
65
|
+
@access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
|
58
66
|
@secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
|
59
|
-
@session_token
|
67
|
+
@session_token ||= ENV['AWS_SESSION_TOKEN']
|
60
68
|
end
|
61
69
|
|
62
70
|
def self.load_yaml
|
@@ -68,21 +76,24 @@ module Awsecrets
|
|
68
76
|
return unless creds &&
|
69
77
|
creds.include?('aws_access_key_id') &&
|
70
78
|
creds.include?('aws_secret_access_key')
|
71
|
-
@access_key_id
|
79
|
+
@access_key_id ||= creds['aws_access_key_id']
|
72
80
|
@secret_access_key ||= creds['aws_secret_access_key']
|
73
|
-
@session_token
|
74
|
-
@role_arn
|
81
|
+
@session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
|
82
|
+
@role_arn ||= creds['role_arn'] if creds.include?('role_arn')
|
83
|
+
@external_id ||= creds['external_id'] if creds.include?('external_id')
|
75
84
|
@role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
|
85
|
+
|
76
86
|
return unless @role_arn
|
77
87
|
@role_session_name ||= generate_session_name
|
78
|
-
@credentials ||=
|
88
|
+
@credentials ||= role_creds(
|
79
89
|
client: Aws::STS::Client.new(
|
80
90
|
region: @region,
|
81
91
|
access_key_id: @access_key_id,
|
82
92
|
secret_access_key: @secret_access_key
|
83
93
|
),
|
84
94
|
role_arn: @role_arn,
|
85
|
-
role_session_name: @role_session_name
|
95
|
+
role_session_name: @role_session_name,
|
96
|
+
external_id: @external_id
|
86
97
|
)
|
87
98
|
end
|
88
99
|
|
@@ -93,9 +104,10 @@ module Awsecrets
|
|
93
104
|
AWSConfig['default']['region']
|
94
105
|
end
|
95
106
|
|
96
|
-
@role_arn
|
107
|
+
@role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
|
97
108
|
@role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
|
98
|
-
@
|
109
|
+
@external_id ||= AWSConfig[@profile]['external_id'] if AWSConfig[@profile]
|
110
|
+
@source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
|
99
111
|
end
|
100
112
|
|
101
113
|
def self.set_aws_config
|
@@ -110,13 +122,14 @@ module Awsecrets
|
|
110
122
|
AWSConfig['default']['region']
|
111
123
|
end
|
112
124
|
|
113
|
-
@credentials ||=
|
125
|
+
@credentials ||= role_creds(
|
114
126
|
client: Aws::STS::Client.new(
|
115
127
|
region: region,
|
116
128
|
credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name)
|
117
129
|
),
|
118
130
|
role_arn: @role_arn,
|
119
|
-
role_session_name: @role_session_name
|
131
|
+
role_session_name: @role_session_name,
|
132
|
+
external_id: @external_id
|
120
133
|
)
|
121
134
|
end
|
122
135
|
|
@@ -137,4 +150,8 @@ module Awsecrets
|
|
137
150
|
az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
|
138
151
|
az[0...-1]
|
139
152
|
end
|
153
|
+
|
154
|
+
def self.role_creds(args)
|
155
|
+
Aws::AssumeRoleCredentials.new(args)
|
156
|
+
end
|
140
157
|
end
|
data/lib/awsecrets/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awsecrets
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-09-
|
11
|
+
date: 2017-09-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|