awsecrets 1.14.0 → 1.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.rubocop.yml +7 -2
- data/.travis.yml +18 -7
- data/README.md +37 -12
- data/awsecrets.gemspec +5 -5
- data/lib/awsecrets.rb +17 -27
- data/lib/awsecrets/utils.rb +25 -0
- data/lib/awsecrets/version.rb +1 -1
- metadata +29 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 496d603f9e18bf3bb51bc071bc9375bc92acc9fb05e5cf441b7036238b4f0b69
|
4
|
+
data.tar.gz: f07676a4365be1db74052197372b0ba364505937467613a2f7893a9b4ce014fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1fa3d149aa0611705f2f6fbc64660a49d0177db8d07373b5e73896401ce733e6b4f9fb1793c4be786f990e225892b25c1a63388213f3993665aeda1fa745f9d8
|
7
|
+
data.tar.gz: 636a84bfa7fbf59ea18bb45d2fde35a5aab919e8ee8639967e311a76d56f857e4ea512acee93607e0acca33702ba3afa3909ccfe909c714a13f2f9470529afeb
|
data/.rubocop.yml
CHANGED
@@ -1,9 +1,13 @@
|
|
1
|
+
---
|
1
2
|
AllCops:
|
2
3
|
TargetRubyVersion: 2.1
|
3
4
|
|
4
5
|
Lint/HandleExceptions:
|
5
6
|
Enabled: false
|
6
7
|
|
8
|
+
Lint/MissingCopEnableDirective:
|
9
|
+
Enabled: false
|
10
|
+
|
7
11
|
Lint/UselessAssignment:
|
8
12
|
Enabled: false
|
9
13
|
|
@@ -11,10 +15,10 @@ Metrics/AbcSize:
|
|
11
15
|
Max: 50
|
12
16
|
|
13
17
|
Metrics/ClassLength:
|
14
|
-
Max:
|
18
|
+
Max: 130
|
15
19
|
|
16
20
|
Metrics/ModuleLength:
|
17
|
-
Max:
|
21
|
+
Max: 130
|
18
22
|
|
19
23
|
Metrics/CyclomaticComplexity:
|
20
24
|
Max: 15
|
@@ -66,3 +70,4 @@ Style/SymbolProc:
|
|
66
70
|
|
67
71
|
Style/BracesAroundHashParameters:
|
68
72
|
Enabled: false
|
73
|
+
|
data/.travis.yml
CHANGED
@@ -1,11 +1,22 @@
|
|
1
|
+
---
|
1
2
|
language: ruby
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
matrix:
|
4
|
+
include:
|
5
|
+
- rvm: 2.6.2
|
6
|
+
env: RUBYGEMS_VERSION=
|
7
|
+
- rvm: 2.5.3
|
8
|
+
env: RUBYGEMS_VERSION=
|
9
|
+
- rvm: 2.4.5
|
10
|
+
env: RUBYGEMS_VERSION=
|
11
|
+
- rvm: 2.3.8
|
12
|
+
env: RUBYGEMS_VERSION=
|
13
|
+
- rvm: 2.2.10
|
14
|
+
env: RUBYGEMS_VERSION=2.7.8
|
15
|
+
- rvm: 2.1.10
|
16
|
+
env: RUBYGEMS_VERSION=2.7.8
|
6
17
|
before_install:
|
7
|
-
- gem update
|
8
|
-
|
18
|
+
- gem update --system ${RUBYGEMS_VERSION}
|
19
|
+
- gem pristine bundler
|
20
|
+
|
9
21
|
script:
|
10
22
|
- bundle exec rake spec
|
11
|
-
|
data/README.md
CHANGED
@@ -31,7 +31,28 @@ Or install it yourself as:
|
|
31
31
|
|
32
32
|
## Usage example
|
33
33
|
|
34
|
-
|
34
|
+
### Generate exception with wrong configuration
|
35
|
+
|
36
|
+
For some use cases, awsecrets might raise an exception if (even after all
|
37
|
+
attempts to configure access to an AWS account) there is missing configuration
|
38
|
+
parameters.
|
39
|
+
|
40
|
+
In other cases, this might not be desired.
|
41
|
+
|
42
|
+
To have control on that, you can use the environment variable
|
43
|
+
`DISABLE_AWS_CLIENT_CHECK`: if you set it to the string `'true'`, it will not
|
44
|
+
attempt to early create an `Aws::EC2::Client` instance with the found
|
45
|
+
parameters.
|
46
|
+
|
47
|
+
By default, even if you don't set `DISABLE_AWS_CLIENT_CHECK` it will be treated
|
48
|
+
like `true`.
|
49
|
+
|
50
|
+
To enable this early checking, you **must** setup `DISABLE_AWS_CLIENT_CHECK`
|
51
|
+
with the string `'false'`.
|
52
|
+
|
53
|
+
### Basic example
|
54
|
+
|
55
|
+
Create a command line tool `ec2sample` like following code:
|
35
56
|
|
36
57
|
```ruby
|
37
58
|
#!/usr/bin/env ruby
|
@@ -41,17 +62,21 @@ ec2_client = Aws::EC2::Client.new
|
|
41
62
|
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first
|
42
63
|
```
|
43
64
|
|
44
|
-
|
65
|
+
Then execute it with command line parameters:
|
45
66
|
|
46
67
|
```sh
|
47
68
|
$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1
|
69
|
+
```
|
48
70
|
|
49
|
-
or
|
71
|
+
or with environment variables configuration:
|
50
72
|
|
73
|
+
```sh
|
51
74
|
$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa
|
75
|
+
```
|
52
76
|
|
53
|
-
or
|
77
|
+
or using an YAML file:
|
54
78
|
|
79
|
+
```sh
|
55
80
|
$ cat <<EOF > secrets.yml
|
56
81
|
region: ap-northeast-1
|
57
82
|
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
|
@@ -64,7 +89,7 @@ $ ec2sample i-1aa1aaaa
|
|
64
89
|
|
65
90
|
Support `role_arn` `role_session_name` `source_profile` `external_id`.
|
66
91
|
|
67
|
-
#### 1.
|
92
|
+
#### 1. `.aws/config` and `.aws/credentials`
|
68
93
|
|
69
94
|
see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
|
70
95
|
|
@@ -89,7 +114,7 @@ And execute
|
|
89
114
|
$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
|
90
115
|
```
|
91
116
|
|
92
|
-
#### 2. secrets.yml
|
117
|
+
#### 2. `secrets.yml`
|
93
118
|
|
94
119
|
```sh
|
95
120
|
$ cat <<EOF > secrets.yml
|
@@ -105,7 +130,7 @@ And execute
|
|
105
130
|
$ ec2sample i-1aa1aaaa
|
106
131
|
```
|
107
132
|
|
108
|
-
### Disable load YAML(secrets.yml)
|
133
|
+
### Disable load YAML (`secrets.yml`)
|
109
134
|
|
110
135
|
```ruby
|
111
136
|
Awsecrets.load(disable_load_secrets:true)
|
@@ -119,8 +144,8 @@ Awsecrets.load(secrets_path:false)
|
|
119
144
|
|
120
145
|
## Contributing
|
121
146
|
|
122
|
-
1. Fork it
|
123
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
124
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
125
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
126
|
-
5. Create a new Pull Request
|
147
|
+
1. [Fork it]( https://github.com/k1LoW/awsecrets/fork ) !
|
148
|
+
2. Create your feature branch (`git checkout -b my-new-feature`).
|
149
|
+
3. Commit your changes (`git commit -am 'Add some feature'`).
|
150
|
+
4. Push to the branch (`git push origin my-new-feature`).
|
151
|
+
5. Create a new Pull Request.
|
data/awsecrets.gemspec
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
lib = File.expand_path('
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
2
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
3
|
require_relative 'lib/awsecrets/version'
|
4
4
|
|
@@ -20,10 +20,10 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_runtime_dependency 'aws-sdk', '>= 2', '< 4'
|
22
22
|
spec.add_runtime_dependency 'aws_config', '~> 0.1.0'
|
23
|
-
spec.add_development_dependency 'bundler', '
|
24
|
-
spec.add_development_dependency 'rake', '~> 10.0'
|
25
|
-
spec.add_development_dependency 'rspec'
|
26
|
-
spec.add_development_dependency 'rubocop'
|
23
|
+
spec.add_development_dependency 'bundler', '>= 1.9', '< 3.0'
|
27
24
|
spec.add_development_dependency 'octorelease'
|
28
25
|
spec.add_development_dependency 'pry'
|
26
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
27
|
+
spec.add_development_dependency 'rspec'
|
28
|
+
spec.add_development_dependency 'rubocop', '0.57'
|
29
29
|
end
|
data/lib/awsecrets.rb
CHANGED
@@ -1,11 +1,13 @@
|
|
1
1
|
require_relative 'awsecrets/version'
|
2
|
+
require_relative 'awsecrets/utils'
|
2
3
|
require 'optparse'
|
3
4
|
require 'aws-sdk'
|
4
5
|
require 'aws_config'
|
5
|
-
require 'net/http'
|
6
6
|
require 'yaml'
|
7
7
|
|
8
8
|
module Awsecrets
|
9
|
+
include Misc
|
10
|
+
|
9
11
|
def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
|
10
12
|
@profile = profile
|
11
13
|
@region = region
|
@@ -13,14 +15,8 @@ module Awsecrets
|
|
13
15
|
@disable_load_secrets = disable_load_secrets
|
14
16
|
@disable_load_secrets = true if secrets_path == false
|
15
17
|
|
16
|
-
@credentials
|
17
|
-
@
|
18
|
-
@secret_access_key = nil
|
19
|
-
@session_token = nil
|
20
|
-
@role_arn = nil
|
21
|
-
@external_id = nil
|
22
|
-
@source_profile = nil
|
23
|
-
@role_session_name = nil
|
18
|
+
@credentials = @access_key_id = @secret_access_key = @session_token = nil
|
19
|
+
@role_arn = @external_id = @source_profile = @role_session_name = nil
|
24
20
|
|
25
21
|
# 1. Command Line Options
|
26
22
|
load_options if load_method_args
|
@@ -51,8 +47,9 @@ module Awsecrets
|
|
51
47
|
opt.parse!(ARGV)
|
52
48
|
rescue OptionParser::InvalidOption
|
53
49
|
end
|
54
|
-
return unless @profile
|
50
|
+
return true unless @profile
|
55
51
|
@region ||= AWSConfig[@profile]['region']
|
52
|
+
true
|
56
53
|
end
|
57
54
|
|
58
55
|
def self.load_env
|
@@ -60,20 +57,21 @@ module Awsecrets
|
|
60
57
|
@region ||= ENV['AWS_DEFAULT_REGION']
|
61
58
|
@profile ||= ENV['AWS_PROFILE']
|
62
59
|
@secrets_path ||= ENV['AWS_SECRETS_PATH']
|
63
|
-
return if @access_key_id
|
60
|
+
return true if @access_key_id
|
64
61
|
return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
|
65
62
|
@access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
|
66
63
|
@secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
|
67
64
|
@session_token ||= ENV['AWS_SESSION_TOKEN']
|
65
|
+
true
|
68
66
|
end
|
69
67
|
|
70
68
|
def self.load_yaml
|
71
|
-
return if @disable_load_secrets
|
69
|
+
return false if @disable_load_secrets
|
72
70
|
@secrets_path ||= 'secrets.yml'
|
73
71
|
creds = YAML.load_file(@secrets_path) if File.exist?(File.expand_path(@secrets_path))
|
74
72
|
@region ||= creds['region'] if creds && creds.include?('region')
|
75
|
-
return if @access_key_id
|
76
|
-
return unless creds &&
|
73
|
+
return true if @access_key_id
|
74
|
+
return true unless creds &&
|
77
75
|
creds.include?('aws_access_key_id') &&
|
78
76
|
creds.include?('aws_secret_access_key')
|
79
77
|
@access_key_id ||= creds['aws_access_key_id']
|
@@ -83,8 +81,8 @@ module Awsecrets
|
|
83
81
|
@external_id ||= creds['external_id'] if creds.include?('external_id')
|
84
82
|
@role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
|
85
83
|
|
86
|
-
return unless @role_arn
|
87
|
-
@role_session_name ||= generate_session_name
|
84
|
+
return true unless @role_arn
|
85
|
+
@role_session_name ||= Misc.generate_session_name
|
88
86
|
@credentials ||= role_creds(
|
89
87
|
client: Aws::STS::Client.new(
|
90
88
|
region: @region,
|
@@ -95,6 +93,7 @@ module Awsecrets
|
|
95
93
|
role_session_name: @role_session_name,
|
96
94
|
external_id: @external_id
|
97
95
|
)
|
96
|
+
true
|
98
97
|
end
|
99
98
|
|
100
99
|
def self.load_config
|
@@ -115,7 +114,7 @@ module Awsecrets
|
|
115
114
|
Aws.config[:region] = @region
|
116
115
|
|
117
116
|
if @role_arn && @source_profile
|
118
|
-
@role_session_name ||= generate_session_name
|
117
|
+
@role_session_name ||= Misc.generate_session_name
|
119
118
|
region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
|
120
119
|
AWSConfig[@source_profile.name]['region']
|
121
120
|
else
|
@@ -138,19 +137,10 @@ module Awsecrets
|
|
138
137
|
@credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token) if @access_key_id
|
139
138
|
@credentials ||= Aws::InstanceProfileCredentials.new
|
140
139
|
|
140
|
+
Misc.validate_client
|
141
141
|
Aws.config[:credentials] = @credentials
|
142
142
|
end
|
143
143
|
|
144
|
-
def self.generate_session_name
|
145
|
-
"awsecrets-session-#{Time.now.to_i}"
|
146
|
-
end
|
147
|
-
|
148
|
-
def self.current_region
|
149
|
-
metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
|
150
|
-
az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
|
151
|
-
az[0...-1]
|
152
|
-
end
|
153
|
-
|
154
144
|
def self.role_creds(args)
|
155
145
|
Aws::AssumeRoleCredentials.new(args)
|
156
146
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
|
3
|
+
module Misc
|
4
|
+
def self.validate_client
|
5
|
+
return unless ENV.key?('DISABLE_AWS_CLIENT_CHECK') && (ENV['DISABLE_AWS_CLIENT_CHECK'] == 'false')
|
6
|
+
|
7
|
+
begin
|
8
|
+
Aws::EC2::Client.new
|
9
|
+
rescue Aws::Errors::MissingRegionError
|
10
|
+
raise 'Missing region: use "region" command line option or export ENV[\'AWS_REGION\'] or awscli configure'
|
11
|
+
rescue StandardError => e
|
12
|
+
raise "Oops, there is something wrong with AWS client configuration => #{e}"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.generate_session_name
|
17
|
+
"awsecrets-session-#{Time.now.to_i}"
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.current_region
|
21
|
+
metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
|
22
|
+
az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
|
23
|
+
az[0...-1]
|
24
|
+
end
|
25
|
+
end
|
data/lib/awsecrets/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awsecrets
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-10-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -48,32 +48,38 @@ dependencies:
|
|
48
48
|
name: bundler
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
|
-
- - "
|
51
|
+
- - ">="
|
52
52
|
- !ruby/object:Gem::Version
|
53
53
|
version: '1.9'
|
54
|
+
- - "<"
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '3.0'
|
54
57
|
type: :development
|
55
58
|
prerelease: false
|
56
59
|
version_requirements: !ruby/object:Gem::Requirement
|
57
60
|
requirements:
|
58
|
-
- - "
|
61
|
+
- - ">="
|
59
62
|
- !ruby/object:Gem::Version
|
60
63
|
version: '1.9'
|
64
|
+
- - "<"
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '3.0'
|
61
67
|
- !ruby/object:Gem::Dependency
|
62
|
-
name:
|
68
|
+
name: octorelease
|
63
69
|
requirement: !ruby/object:Gem::Requirement
|
64
70
|
requirements:
|
65
|
-
- - "
|
71
|
+
- - ">="
|
66
72
|
- !ruby/object:Gem::Version
|
67
|
-
version: '
|
73
|
+
version: '0'
|
68
74
|
type: :development
|
69
75
|
prerelease: false
|
70
76
|
version_requirements: !ruby/object:Gem::Requirement
|
71
77
|
requirements:
|
72
|
-
- - "
|
78
|
+
- - ">="
|
73
79
|
- !ruby/object:Gem::Version
|
74
|
-
version: '
|
80
|
+
version: '0'
|
75
81
|
- !ruby/object:Gem::Dependency
|
76
|
-
name:
|
82
|
+
name: pry
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|
78
84
|
requirements:
|
79
85
|
- - ">="
|
@@ -87,21 +93,21 @@ dependencies:
|
|
87
93
|
- !ruby/object:Gem::Version
|
88
94
|
version: '0'
|
89
95
|
- !ruby/object:Gem::Dependency
|
90
|
-
name:
|
96
|
+
name: rake
|
91
97
|
requirement: !ruby/object:Gem::Requirement
|
92
98
|
requirements:
|
93
|
-
- - "
|
99
|
+
- - "~>"
|
94
100
|
- !ruby/object:Gem::Version
|
95
|
-
version: '0'
|
101
|
+
version: '10.0'
|
96
102
|
type: :development
|
97
103
|
prerelease: false
|
98
104
|
version_requirements: !ruby/object:Gem::Requirement
|
99
105
|
requirements:
|
100
|
-
- - "
|
106
|
+
- - "~>"
|
101
107
|
- !ruby/object:Gem::Version
|
102
|
-
version: '0'
|
108
|
+
version: '10.0'
|
103
109
|
- !ruby/object:Gem::Dependency
|
104
|
-
name:
|
110
|
+
name: rspec
|
105
111
|
requirement: !ruby/object:Gem::Requirement
|
106
112
|
requirements:
|
107
113
|
- - ">="
|
@@ -115,19 +121,19 @@ dependencies:
|
|
115
121
|
- !ruby/object:Gem::Version
|
116
122
|
version: '0'
|
117
123
|
- !ruby/object:Gem::Dependency
|
118
|
-
name:
|
124
|
+
name: rubocop
|
119
125
|
requirement: !ruby/object:Gem::Requirement
|
120
126
|
requirements:
|
121
|
-
- -
|
127
|
+
- - '='
|
122
128
|
- !ruby/object:Gem::Version
|
123
|
-
version: '0'
|
129
|
+
version: '0.57'
|
124
130
|
type: :development
|
125
131
|
prerelease: false
|
126
132
|
version_requirements: !ruby/object:Gem::Requirement
|
127
133
|
requirements:
|
128
|
-
- -
|
134
|
+
- - '='
|
129
135
|
- !ruby/object:Gem::Version
|
130
|
-
version: '0'
|
136
|
+
version: '0.57'
|
131
137
|
description: AWS credentials loader
|
132
138
|
email:
|
133
139
|
- k1lowxb@gmail.com
|
@@ -148,6 +154,7 @@ files:
|
|
148
154
|
- bin/setup
|
149
155
|
- bin/testcommand
|
150
156
|
- lib/awsecrets.rb
|
157
|
+
- lib/awsecrets/utils.rb
|
151
158
|
- lib/awsecrets/version.rb
|
152
159
|
homepage: https://github.com/k1LoW/awsecrets
|
153
160
|
licenses:
|
@@ -168,8 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
168
175
|
- !ruby/object:Gem::Version
|
169
176
|
version: '0'
|
170
177
|
requirements: []
|
171
|
-
|
172
|
-
rubygems_version: 2.4.5.1
|
178
|
+
rubygems_version: 3.0.3
|
173
179
|
signing_key:
|
174
180
|
specification_version: 4
|
175
181
|
summary: AWS credentials loader
|