awsecrets 1.13.0 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8502b9ee75ac740ecdc77ba755789d48d53f85f4
-  data.tar.gz: b2c69e88b743afb44281aa3def9df1a134978ac8
+  metadata.gz: b57fc9a0340fffea08fbcfddff251f9ef297cbcc
+  data.tar.gz: 70a54f7ee11afd5c3cee22fe9def13e193228791
 SHA512:
-  metadata.gz: 6d5247906f68137ec2c7b8c4b811416335632bda0067b94f602c2d95b8fe7780ddfd6107416564694ce6c4128a136b9e2b670fe9d4e62ce92a93927990dfc87b
-  data.tar.gz: f4f346b1381789ea59f283dafee43e7d37fed1a11e7adcef3cc1af14ecb4ef0480e10de569efe03a68a2f5f27e532a03f42261bf77ed93324fa4f2d6c6c90558
+  metadata.gz: 00715cbafab1b0f33df6da7ad7ddd394eb0b5083666f8f164b1a585a715d229188853f1e48b98b5b4a64fe8703c4b4e8e56a3552577a73151e122eb74e23b8b8
+  data.tar.gz: 7fb15484326e4a5f48884eb12429db4b5d8f0ef55d944066b96d135c47340747c4db0a0f3c73081e29282e1455eab5f34db7d77fcda852c0c342ee6e9870f250

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+*.sw*

data/.rubocop.yml

@@ -11,10 +11,10 @@ Metrics/AbcSize:
   Max: 50
 
 Metrics/ClassLength:
-  Max: 120
+  Max: 125
 
 Metrics/ModuleLength:
-  Max: 120
+  Max: 125
 
 Metrics/CyclomaticComplexity:
   Max: 15

data/README.md

@@ -62,7 +62,7 @@ $ ec2sample i-1aa1aaaa
 
 ### Use AssumeRole
 
-Support `role_arn` `role_session_name` `source_profile`.
+Support `role_arn` `role_session_name` `source_profile` `external_id`.
 
 #### 1. .aws/config and .aws/credentials
 
@@ -72,6 +72,7 @@ see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
 # .aws/config
 [profile assumed]
 role_arn = arn:aws:iam::123456780912:role/assumed-role
+external_id = myfoo_id
 source_profile = assume_test
 ```
 

data/Rakefile

@@ -9,10 +9,13 @@ begin
 rescue LoadError
 end
 
+desc 'Default task: run spec'
+task default: 'spec'
+
+desc 'Run spec:all - spec:core and spec:rubocop'
 task spec: 'spec:all'
 namespace :spec do
-  task all: ['spec:core',
-             'spec:rubocop']
+  task all: ['spec:core', 'spec:rubocop']
   RSpec::Core::RakeTask.new(:core)
   RuboCop::RakeTask.new
 end

data/awsecrets.gemspec

@@ -1,8 +1,6 @@
-# coding: utf-8
-
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'awsecrets/version'
+require_relative 'lib/awsecrets/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'awsecrets'

data/bin/testcommand

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
-require 'awsecrets'
+require_relative '../lib/awsecrets'
 
 Awsecrets.load
 ec2_client = Aws::EC2::Client.new

data/lib/awsecrets.rb

@@ -1,4 +1,4 @@
-require 'awsecrets/version'
+require_relative 'awsecrets/version'
 require 'optparse'
 require 'aws-sdk'
 require 'aws_config'
@@ -7,12 +7,20 @@ require 'yaml'
 
 module Awsecrets
   def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
-    @profile = profile
-    @region = region
-    @secrets_path = secrets_path
+    @profile              = profile
+    @region               = region
+    @secrets_path         = secrets_path
     @disable_load_secrets = disable_load_secrets
     @disable_load_secrets = true if secrets_path == false
-    @credentials = @access_key_id = @secret_access_key = @session_token = @role_arn = @source_profile = nil
+
+    @credentials       = nil
+    @access_key_id     = nil
+    @secret_access_key = nil
+    @session_token     = nil
+    @role_arn          = nil
+    @external_id       = nil
+    @source_profile    = nil
+    @role_session_name = nil
 
     # 1. Command Line Options
     load_options if load_method_args
@@ -48,15 +56,15 @@ module Awsecrets
   end
 
   def self.load_env
-    @region ||= ENV['AWS_REGION']
-    @region ||= ENV['AWS_DEFAULT_REGION']
-    @profile ||= ENV['AWS_PROFILE']
+    @region       ||= ENV['AWS_REGION']
+    @region       ||= ENV['AWS_DEFAULT_REGION']
+    @profile      ||= ENV['AWS_PROFILE']
     @secrets_path ||= ENV['AWS_SECRETS_PATH']
     return if @access_key_id
     return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
-    @access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
+    @access_key_id     ||= ENV['AWS_ACCESS_KEY_ID']
     @secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
-    @session_token ||= ENV['AWS_SESSION_TOKEN']
+    @session_token     ||= ENV['AWS_SESSION_TOKEN']
   end
 
   def self.load_yaml
@@ -68,21 +76,24 @@ module Awsecrets
     return unless creds &&
                   creds.include?('aws_access_key_id') &&
                   creds.include?('aws_secret_access_key')
-    @access_key_id ||= creds['aws_access_key_id']
+    @access_key_id     ||= creds['aws_access_key_id']
     @secret_access_key ||= creds['aws_secret_access_key']
-    @session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
-    @role_arn ||= creds['role_arn'] if creds.include?('role_arn')
+    @session_token     ||= creds['aws_session_token'] if creds.include?('aws_session_token')
+    @role_arn          ||= creds['role_arn'] if creds.include?('role_arn')
+    @external_id       ||= creds['external_id'] if creds.include?('external_id')
     @role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
+
     return unless @role_arn
     @role_session_name ||= generate_session_name
-    @credentials ||= Aws::AssumeRoleCredentials.new(
+    @credentials ||= role_creds(
       client: Aws::STS::Client.new(
         region: @region,
         access_key_id: @access_key_id,
         secret_access_key: @secret_access_key
       ),
       role_arn: @role_arn,
-      role_session_name: @role_session_name
+      role_session_name: @role_session_name,
+      external_id: @external_id
     )
   end
 
@@ -93,9 +104,10 @@ module Awsecrets
                   AWSConfig['default']['region']
                 end
 
-    @role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
+    @role_arn          ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
     @role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
-    @source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
+    @external_id       ||= AWSConfig[@profile]['external_id'] if AWSConfig[@profile]
+    @source_profile    ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
   end
 
   def self.set_aws_config
@@ -110,13 +122,14 @@ module Awsecrets
                  AWSConfig['default']['region']
                end
 
-      @credentials ||= Aws::AssumeRoleCredentials.new(
+      @credentials ||= role_creds(
         client: Aws::STS::Client.new(
           region: region,
           credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name)
         ),
         role_arn: @role_arn,
-        role_session_name: @role_session_name
+        role_session_name: @role_session_name,
+        external_id: @external_id
       )
     end
 
@@ -137,4 +150,8 @@ module Awsecrets
     az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
     az[0...-1]
   end
+
+  def self.role_creds(args)
+    Aws::AssumeRoleCredentials.new(args)
+  end
 end

data/lib/awsecrets/version.rb

@@ -1,3 +1,3 @@
 module Awsecrets
-  VERSION = '1.13.0'
+  VERSION = '1.14.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awsecrets
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.0
 platform: ruby
 authors:
 - k1LoW
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-09-05 00:00:00.000000000 Z
+date: 2017-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk