RubyGems - awsecrets - Versions diffs - 1.13.0 → 1.14.0 - Mend

awsecrets 1.13.0 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8502b9ee75ac740ecdc77ba755789d48d53f85f4
-  data.tar.gz: b2c69e88b743afb44281aa3def9df1a134978ac8
+  metadata.gz: b57fc9a0340fffea08fbcfddff251f9ef297cbcc
+  data.tar.gz: 70a54f7ee11afd5c3cee22fe9def13e193228791
 SHA512:
-  metadata.gz: 6d5247906f68137ec2c7b8c4b811416335632bda0067b94f602c2d95b8fe7780ddfd6107416564694ce6c4128a136b9e2b670fe9d4e62ce92a93927990dfc87b
-  data.tar.gz: f4f346b1381789ea59f283dafee43e7d37fed1a11e7adcef3cc1af14ecb4ef0480e10de569efe03a68a2f5f27e532a03f42261bf77ed93324fa4f2d6c6c90558
+  metadata.gz: 00715cbafab1b0f33df6da7ad7ddd394eb0b5083666f8f164b1a585a715d229188853f1e48b98b5b4a64fe8703c4b4e8e56a3552577a73151e122eb74e23b8b8
+  data.tar.gz: 7fb15484326e4a5f48884eb12429db4b5d8f0ef55d944066b96d135c47340747c4db0a0f3c73081e29282e1455eab5f34db7d77fcda852c0c342ee6e9870f250

data/.gitignore CHANGED

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+*.sw*

data/.rubocop.yml CHANGED

@@ -11,10 +11,10 @@ Metrics/AbcSize:
   Max: 50
 Metrics/ClassLength:
-  Max: 120
+  Max: 125
 Metrics/ModuleLength:
-  Max: 120
+  Max: 125
 Metrics/CyclomaticComplexity:
   Max: 15

data/README.md CHANGED

@@ -62,7 +62,7 @@ $ ec2sample i-1aa1aaaa
 ### Use AssumeRole
-Support `role_arn` `role_session_name` `source_profile`.
+Support `role_arn` `role_session_name` `source_profile` `external_id`.
 #### 1. .aws/config and .aws/credentials
@@ -72,6 +72,7 @@ see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
 # .aws/config
 [profile assumed]
 role_arn = arn:aws:iam::123456780912:role/assumed-role
+external_id = myfoo_id
 source_profile = assume_test
 ```

data/Rakefile CHANGED

@@ -9,10 +9,13 @@ begin
 rescue LoadError
 end
+desc 'Default task: run spec'
+task default: 'spec'
+desc 'Run spec:all - spec:core and spec:rubocop'
 task spec: 'spec:all'
 namespace :spec do
-  task all: ['spec:core',
-             'spec:rubocop']
+  task all: ['spec:core', 'spec:rubocop']
   RSpec::Core::RakeTask.new(:core)
   RuboCop::RakeTask.new
 end

data/awsecrets.gemspec CHANGED

@@ -1,8 +1,6 @@
-# coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'awsecrets/version'
+require_relative 'lib/awsecrets/version'
 Gem::Specification.new do |spec|
   spec.name          = 'awsecrets'

data/bin/testcommand CHANGED

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
-require 'awsecrets'
+require_relative '../lib/awsecrets'
 Awsecrets.load
 ec2_client = Aws::EC2::Client.new

data/lib/awsecrets.rb CHANGED

@@ -1,4 +1,4 @@
-require 'awsecrets/version'
+require_relative 'awsecrets/version'
 require 'optparse'
 require 'aws-sdk'
 require 'aws_config'
@@ -7,12 +7,20 @@ require 'yaml'
 module Awsecrets
   def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
-    @profile = profile
-    @region = region
-    @secrets_path = secrets_path
+    @profile              = profile
+    @region               = region
+    @secrets_path         = secrets_path
     @disable_load_secrets = disable_load_secrets
     @disable_load_secrets = true if secrets_path == false
-    @credentials = @access_key_id = @secret_access_key = @session_token = @role_arn = @source_profile = nil
+    @credentials       = nil
+    @access_key_id     = nil
+    @secret_access_key = nil
+    @session_token     = nil
+    @role_arn          = nil
+    @external_id       = nil
+    @source_profile    = nil
+    @role_session_name = nil
     # 1. Command Line Options
     load_options if load_method_args
@@ -48,15 +56,15 @@ module Awsecrets
   end
   def self.load_env
-    @region ||= ENV['AWS_REGION']
-    @region ||= ENV['AWS_DEFAULT_REGION']
-    @profile ||= ENV['AWS_PROFILE']
+    @region       ||= ENV['AWS_REGION']
+    @region       ||= ENV['AWS_DEFAULT_REGION']
+    @profile      ||= ENV['AWS_PROFILE']
     @secrets_path ||= ENV['AWS_SECRETS_PATH']
     return if @access_key_id
     return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
-    @access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
+    @access_key_id     ||= ENV['AWS_ACCESS_KEY_ID']
     @secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
-    @session_token ||= ENV['AWS_SESSION_TOKEN']
+    @session_token     ||= ENV['AWS_SESSION_TOKEN']
   end
   def self.load_yaml
@@ -68,21 +76,24 @@ module Awsecrets
     return unless creds &&
                   creds.include?('aws_access_key_id') &&
                   creds.include?('aws_secret_access_key')
-    @access_key_id ||= creds['aws_access_key_id']
+    @access_key_id     ||= creds['aws_access_key_id']
     @secret_access_key ||= creds['aws_secret_access_key']
-    @session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
-    @role_arn ||= creds['role_arn'] if creds.include?('role_arn')
+    @session_token     ||= creds['aws_session_token'] if creds.include?('aws_session_token')
+    @role_arn          ||= creds['role_arn'] if creds.include?('role_arn')
+    @external_id       ||= creds['external_id'] if creds.include?('external_id')
     @role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
     return unless @role_arn
     @role_session_name ||= generate_session_name
-    @credentials ||= Aws::AssumeRoleCredentials.new(
+    @credentials ||= role_creds(
       client: Aws::STS::Client.new(
         region: @region,
         access_key_id: @access_key_id,
         secret_access_key: @secret_access_key
       ),
       role_arn: @role_arn,
-      role_session_name: @role_session_name
+      role_session_name: @role_session_name,
+      external_id: @external_id
     )
   end
@@ -93,9 +104,10 @@ module Awsecrets
                   AWSConfig['default']['region']
                 end
-    @role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
+    @role_arn          ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
     @role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
-    @source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
+    @external_id       ||= AWSConfig[@profile]['external_id'] if AWSConfig[@profile]
+    @source_profile    ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
   end
   def self.set_aws_config
@@ -110,13 +122,14 @@ module Awsecrets
                  AWSConfig['default']['region']
                end
-      @credentials ||= Aws::AssumeRoleCredentials.new(
+      @credentials ||= role_creds(
         client: Aws::STS::Client.new(
           region: region,
           credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name)
         ),
         role_arn: @role_arn,
-        role_session_name: @role_session_name
+        role_session_name: @role_session_name,
+        external_id: @external_id
       )
     end
@@ -137,4 +150,8 @@ module Awsecrets
     az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
     az[0...-1]
   end
+  def self.role_creds(args)
+    Aws::AssumeRoleCredentials.new(args)
+  end
 end

data/lib/awsecrets/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Awsecrets
-  VERSION = '1.13.0'
+  VERSION = '1.14.0'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awsecrets
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.0
 platform: ruby
 authors:
 - k1LoW
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-09-05 00:00:00.000000000 Z
+date: 2017-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk