awsecrets 1.14.0 → 1.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +7 -2
  3. data/.travis.yml +18 -7
  4. data/README.md +37 -12
  5. data/awsecrets.gemspec +5 -5
  6. data/lib/awsecrets.rb +17 -27
  7. data/lib/awsecrets/utils.rb +25 -0
  8. data/lib/awsecrets/version.rb +1 -1
  9. metadata +29 -23
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: b57fc9a0340fffea08fbcfddff251f9ef297cbcc
4
- data.tar.gz: 70a54f7ee11afd5c3cee22fe9def13e193228791
2
+ SHA256:
3
+ metadata.gz: 496d603f9e18bf3bb51bc071bc9375bc92acc9fb05e5cf441b7036238b4f0b69
4
+ data.tar.gz: f07676a4365be1db74052197372b0ba364505937467613a2f7893a9b4ce014fd
5
5
  SHA512:
6
- metadata.gz: 00715cbafab1b0f33df6da7ad7ddd394eb0b5083666f8f164b1a585a715d229188853f1e48b98b5b4a64fe8703c4b4e8e56a3552577a73151e122eb74e23b8b8
7
- data.tar.gz: 7fb15484326e4a5f48884eb12429db4b5d8f0ef55d944066b96d135c47340747c4db0a0f3c73081e29282e1455eab5f34db7d77fcda852c0c342ee6e9870f250
6
+ metadata.gz: 1fa3d149aa0611705f2f6fbc64660a49d0177db8d07373b5e73896401ce733e6b4f9fb1793c4be786f990e225892b25c1a63388213f3993665aeda1fa745f9d8
7
+ data.tar.gz: 636a84bfa7fbf59ea18bb45d2fde35a5aab919e8ee8639967e311a76d56f857e4ea512acee93607e0acca33702ba3afa3909ccfe909c714a13f2f9470529afeb
data/.rubocop.yml CHANGED
@@ -1,9 +1,13 @@
1
+ ---
1
2
  AllCops:
2
3
  TargetRubyVersion: 2.1
3
4
 
4
5
  Lint/HandleExceptions:
5
6
  Enabled: false
6
7
 
8
+ Lint/MissingCopEnableDirective:
9
+ Enabled: false
10
+
7
11
  Lint/UselessAssignment:
8
12
  Enabled: false
9
13
 
@@ -11,10 +15,10 @@ Metrics/AbcSize:
11
15
  Max: 50
12
16
 
13
17
  Metrics/ClassLength:
14
- Max: 125
18
+ Max: 130
15
19
 
16
20
  Metrics/ModuleLength:
17
- Max: 125
21
+ Max: 130
18
22
 
19
23
  Metrics/CyclomaticComplexity:
20
24
  Max: 15
@@ -66,3 +70,4 @@ Style/SymbolProc:
66
70
 
67
71
  Style/BracesAroundHashParameters:
68
72
  Enabled: false
73
+
data/.travis.yml CHANGED
@@ -1,11 +1,22 @@
1
+ ---
1
2
  language: ruby
2
- rvm:
3
- - 2.3.4
4
- - 2.2.7
5
-
3
+ matrix:
4
+ include:
5
+ - rvm: 2.6.2
6
+ env: RUBYGEMS_VERSION=
7
+ - rvm: 2.5.3
8
+ env: RUBYGEMS_VERSION=
9
+ - rvm: 2.4.5
10
+ env: RUBYGEMS_VERSION=
11
+ - rvm: 2.3.8
12
+ env: RUBYGEMS_VERSION=
13
+ - rvm: 2.2.10
14
+ env: RUBYGEMS_VERSION=2.7.8
15
+ - rvm: 2.1.10
16
+ env: RUBYGEMS_VERSION=2.7.8
6
17
  before_install:
7
- - gem update bundler
8
-
18
+ - gem update --system ${RUBYGEMS_VERSION}
19
+ - gem pristine bundler
20
+
9
21
  script:
10
22
  - bundle exec rake spec
11
-
data/README.md CHANGED
@@ -31,7 +31,28 @@ Or install it yourself as:
31
31
 
32
32
  ## Usage example
33
33
 
34
- Create command line tool `ec2sample` like following code
34
+ ### Generate exception with wrong configuration
35
+
36
+ For some use cases, awsecrets might raise an exception if (even after all
37
+ attempts to configure access to an AWS account) there is missing configuration
38
+ parameters.
39
+
40
+ In other cases, this might not be desired.
41
+
42
+ To have control on that, you can use the environment variable
43
+ `DISABLE_AWS_CLIENT_CHECK`: if you set it to the string `'true'`, it will not
44
+ attempt to early create an `Aws::EC2::Client` instance with the found
45
+ parameters.
46
+
47
+ By default, even if you don't set `DISABLE_AWS_CLIENT_CHECK` it will be treated
48
+ like `true`.
49
+
50
+ To enable this early checking, you **must** setup `DISABLE_AWS_CLIENT_CHECK`
51
+ with the string `'false'`.
52
+
53
+ ### Basic example
54
+
55
+ Create a command line tool `ec2sample` like following code:
35
56
 
36
57
  ```ruby
37
58
  #!/usr/bin/env ruby
@@ -41,17 +62,21 @@ ec2_client = Aws::EC2::Client.new
41
62
  puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first
42
63
  ```
43
64
 
44
- And execute
65
+ Then execute it with command line parameters:
45
66
 
46
67
  ```sh
47
68
  $ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1
69
+ ```
48
70
 
49
- or
71
+ or with environment variables configuration:
50
72
 
73
+ ```sh
51
74
  $ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa
75
+ ```
52
76
 
53
- or
77
+ or using an YAML file:
54
78
 
79
+ ```sh
55
80
  $ cat <<EOF > secrets.yml
56
81
  region: ap-northeast-1
57
82
  aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
@@ -64,7 +89,7 @@ $ ec2sample i-1aa1aaaa
64
89
 
65
90
  Support `role_arn` `role_session_name` `source_profile` `external_id`.
66
91
 
67
- #### 1. .aws/config and .aws/credentials
92
+ #### 1. `.aws/config` and `.aws/credentials`
68
93
 
69
94
  see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
70
95
 
@@ -89,7 +114,7 @@ And execute
89
114
  $ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
90
115
  ```
91
116
 
92
- #### 2. secrets.yml
117
+ #### 2. `secrets.yml`
93
118
 
94
119
  ```sh
95
120
  $ cat <<EOF > secrets.yml
@@ -105,7 +130,7 @@ And execute
105
130
  $ ec2sample i-1aa1aaaa
106
131
  ```
107
132
 
108
- ### Disable load YAML(secrets.yml)
133
+ ### Disable load YAML (`secrets.yml`)
109
134
 
110
135
  ```ruby
111
136
  Awsecrets.load(disable_load_secrets:true)
@@ -119,8 +144,8 @@ Awsecrets.load(secrets_path:false)
119
144
 
120
145
  ## Contributing
121
146
 
122
- 1. Fork it ( https://github.com/k1LoW/awsecrets/fork )
123
- 2. Create your feature branch (`git checkout -b my-new-feature`)
124
- 3. Commit your changes (`git commit -am 'Add some feature'`)
125
- 4. Push to the branch (`git push origin my-new-feature`)
126
- 5. Create a new Pull Request
147
+ 1. [Fork it]( https://github.com/k1LoW/awsecrets/fork ) !
148
+ 2. Create your feature branch (`git checkout -b my-new-feature`).
149
+ 3. Commit your changes (`git commit -am 'Add some feature'`).
150
+ 4. Push to the branch (`git push origin my-new-feature`).
151
+ 5. Create a new Pull Request.
data/awsecrets.gemspec CHANGED
@@ -1,4 +1,4 @@
1
- lib = File.expand_path('../lib', __FILE__)
1
+ lib = File.expand_path('lib', __dir__)
2
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
  require_relative 'lib/awsecrets/version'
4
4
 
@@ -20,10 +20,10 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_runtime_dependency 'aws-sdk', '>= 2', '< 4'
22
22
  spec.add_runtime_dependency 'aws_config', '~> 0.1.0'
23
- spec.add_development_dependency 'bundler', '~> 1.9'
24
- spec.add_development_dependency 'rake', '~> 10.0'
25
- spec.add_development_dependency 'rspec'
26
- spec.add_development_dependency 'rubocop'
23
+ spec.add_development_dependency 'bundler', '>= 1.9', '< 3.0'
27
24
  spec.add_development_dependency 'octorelease'
28
25
  spec.add_development_dependency 'pry'
26
+ spec.add_development_dependency 'rake', '~> 10.0'
27
+ spec.add_development_dependency 'rspec'
28
+ spec.add_development_dependency 'rubocop', '0.57'
29
29
  end
data/lib/awsecrets.rb CHANGED
@@ -1,11 +1,13 @@
1
1
  require_relative 'awsecrets/version'
2
+ require_relative 'awsecrets/utils'
2
3
  require 'optparse'
3
4
  require 'aws-sdk'
4
5
  require 'aws_config'
5
- require 'net/http'
6
6
  require 'yaml'
7
7
 
8
8
  module Awsecrets
9
+ include Misc
10
+
9
11
  def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
10
12
  @profile = profile
11
13
  @region = region
@@ -13,14 +15,8 @@ module Awsecrets
13
15
  @disable_load_secrets = disable_load_secrets
14
16
  @disable_load_secrets = true if secrets_path == false
15
17
 
16
- @credentials = nil
17
- @access_key_id = nil
18
- @secret_access_key = nil
19
- @session_token = nil
20
- @role_arn = nil
21
- @external_id = nil
22
- @source_profile = nil
23
- @role_session_name = nil
18
+ @credentials = @access_key_id = @secret_access_key = @session_token = nil
19
+ @role_arn = @external_id = @source_profile = @role_session_name = nil
24
20
 
25
21
  # 1. Command Line Options
26
22
  load_options if load_method_args
@@ -51,8 +47,9 @@ module Awsecrets
51
47
  opt.parse!(ARGV)
52
48
  rescue OptionParser::InvalidOption
53
49
  end
54
- return unless @profile
50
+ return true unless @profile
55
51
  @region ||= AWSConfig[@profile]['region']
52
+ true
56
53
  end
57
54
 
58
55
  def self.load_env
@@ -60,20 +57,21 @@ module Awsecrets
60
57
  @region ||= ENV['AWS_DEFAULT_REGION']
61
58
  @profile ||= ENV['AWS_PROFILE']
62
59
  @secrets_path ||= ENV['AWS_SECRETS_PATH']
63
- return if @access_key_id
60
+ return true if @access_key_id
64
61
  return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
65
62
  @access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
66
63
  @secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
67
64
  @session_token ||= ENV['AWS_SESSION_TOKEN']
65
+ true
68
66
  end
69
67
 
70
68
  def self.load_yaml
71
- return if @disable_load_secrets
69
+ return false if @disable_load_secrets
72
70
  @secrets_path ||= 'secrets.yml'
73
71
  creds = YAML.load_file(@secrets_path) if File.exist?(File.expand_path(@secrets_path))
74
72
  @region ||= creds['region'] if creds && creds.include?('region')
75
- return if @access_key_id
76
- return unless creds &&
73
+ return true if @access_key_id
74
+ return true unless creds &&
77
75
  creds.include?('aws_access_key_id') &&
78
76
  creds.include?('aws_secret_access_key')
79
77
  @access_key_id ||= creds['aws_access_key_id']
@@ -83,8 +81,8 @@ module Awsecrets
83
81
  @external_id ||= creds['external_id'] if creds.include?('external_id')
84
82
  @role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
85
83
 
86
- return unless @role_arn
87
- @role_session_name ||= generate_session_name
84
+ return true unless @role_arn
85
+ @role_session_name ||= Misc.generate_session_name
88
86
  @credentials ||= role_creds(
89
87
  client: Aws::STS::Client.new(
90
88
  region: @region,
@@ -95,6 +93,7 @@ module Awsecrets
95
93
  role_session_name: @role_session_name,
96
94
  external_id: @external_id
97
95
  )
96
+ true
98
97
  end
99
98
 
100
99
  def self.load_config
@@ -115,7 +114,7 @@ module Awsecrets
115
114
  Aws.config[:region] = @region
116
115
 
117
116
  if @role_arn && @source_profile
118
- @role_session_name ||= generate_session_name
117
+ @role_session_name ||= Misc.generate_session_name
119
118
  region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
120
119
  AWSConfig[@source_profile.name]['region']
121
120
  else
@@ -138,19 +137,10 @@ module Awsecrets
138
137
  @credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token) if @access_key_id
139
138
  @credentials ||= Aws::InstanceProfileCredentials.new
140
139
 
140
+ Misc.validate_client
141
141
  Aws.config[:credentials] = @credentials
142
142
  end
143
143
 
144
- def self.generate_session_name
145
- "awsecrets-session-#{Time.now.to_i}"
146
- end
147
-
148
- def self.current_region
149
- metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
150
- az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
151
- az[0...-1]
152
- end
153
-
154
144
  def self.role_creds(args)
155
145
  Aws::AssumeRoleCredentials.new(args)
156
146
  end
data/lib/awsecrets/utils.rb ADDED
@@ -0,0 +1,25 @@
1
+ require 'net/http'
2
+
3
+ module Misc
4
+ def self.validate_client
5
+ return unless ENV.key?('DISABLE_AWS_CLIENT_CHECK') && (ENV['DISABLE_AWS_CLIENT_CHECK'] == 'false')
6
+
7
+ begin
8
+ Aws::EC2::Client.new
9
+ rescue Aws::Errors::MissingRegionError
10
+ raise 'Missing region: use "region" command line option or export ENV[\'AWS_REGION\'] or awscli configure'
11
+ rescue StandardError => e
12
+ raise "Oops, there is something wrong with AWS client configuration => #{e}"
13
+ end
14
+ end
15
+
16
+ def self.generate_session_name
17
+ "awsecrets-session-#{Time.now.to_i}"
18
+ end
19
+
20
+ def self.current_region
21
+ metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
22
+ az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
23
+ az[0...-1]
24
+ end
25
+ end
data/lib/awsecrets/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Awsecrets
2
- VERSION = '1.14.0'
2
+ VERSION = '1.15.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awsecrets
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.14.0
4
+ version: 1.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - k1LoW
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-09-22 00:00:00.000000000 Z
11
+ date: 2020-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk
@@ -48,32 +48,38 @@ dependencies:
48
48
  name: bundler
49
49
  requirement: !ruby/object:Gem::Requirement
50
50
  requirements:
51
- - - "~>"
51
+ - - ">="
52
52
  - !ruby/object:Gem::Version
53
53
  version: '1.9'
54
+ - - "<"
55
+ - !ruby/object:Gem::Version
56
+ version: '3.0'
54
57
  type: :development
55
58
  prerelease: false
56
59
  version_requirements: !ruby/object:Gem::Requirement
57
60
  requirements:
58
- - - "~>"
61
+ - - ">="
59
62
  - !ruby/object:Gem::Version
60
63
  version: '1.9'
64
+ - - "<"
65
+ - !ruby/object:Gem::Version
66
+ version: '3.0'
61
67
  - !ruby/object:Gem::Dependency
62
- name: rake
68
+ name: octorelease
63
69
  requirement: !ruby/object:Gem::Requirement
64
70
  requirements:
65
- - - "~>"
71
+ - - ">="
66
72
  - !ruby/object:Gem::Version
67
- version: '10.0'
73
+ version: '0'
68
74
  type: :development
69
75
  prerelease: false
70
76
  version_requirements: !ruby/object:Gem::Requirement
71
77
  requirements:
72
- - - "~>"
78
+ - - ">="
73
79
  - !ruby/object:Gem::Version
74
- version: '10.0'
80
+ version: '0'
75
81
  - !ruby/object:Gem::Dependency
76
- name: rspec
82
+ name: pry
77
83
  requirement: !ruby/object:Gem::Requirement
78
84
  requirements:
79
85
  - - ">="
@@ -87,21 +93,21 @@ dependencies:
87
93
  - !ruby/object:Gem::Version
88
94
  version: '0'
89
95
  - !ruby/object:Gem::Dependency
90
- name: rubocop
96
+ name: rake
91
97
  requirement: !ruby/object:Gem::Requirement
92
98
  requirements:
93
- - - ">="
99
+ - - "~>"
94
100
  - !ruby/object:Gem::Version
95
- version: '0'
101
+ version: '10.0'
96
102
  type: :development
97
103
  prerelease: false
98
104
  version_requirements: !ruby/object:Gem::Requirement
99
105
  requirements:
100
- - - ">="
106
+ - - "~>"
101
107
  - !ruby/object:Gem::Version
102
- version: '0'
108
+ version: '10.0'
103
109
  - !ruby/object:Gem::Dependency
104
- name: octorelease
110
+ name: rspec
105
111
  requirement: !ruby/object:Gem::Requirement
106
112
  requirements:
107
113
  - - ">="
@@ -115,19 +121,19 @@ dependencies:
115
121
  - !ruby/object:Gem::Version
116
122
  version: '0'
117
123
  - !ruby/object:Gem::Dependency
118
- name: pry
124
+ name: rubocop
119
125
  requirement: !ruby/object:Gem::Requirement
120
126
  requirements:
121
- - - ">="
127
+ - - '='
122
128
  - !ruby/object:Gem::Version
123
- version: '0'
129
+ version: '0.57'
124
130
  type: :development
125
131
  prerelease: false
126
132
  version_requirements: !ruby/object:Gem::Requirement
127
133
  requirements:
128
- - - ">="
134
+ - - '='
129
135
  - !ruby/object:Gem::Version
130
- version: '0'
136
+ version: '0.57'
131
137
  description: AWS credentials loader
132
138
  email:
133
139
  - k1lowxb@gmail.com
@@ -148,6 +154,7 @@ files:
148
154
  - bin/setup
149
155
  - bin/testcommand
150
156
  - lib/awsecrets.rb
157
+ - lib/awsecrets/utils.rb
151
158
  - lib/awsecrets/version.rb
152
159
  homepage: https://github.com/k1LoW/awsecrets
153
160
  licenses:
@@ -168,8 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
168
175
  - !ruby/object:Gem::Version
169
176
  version: '0'
170
177
  requirements: []
171
- rubyforge_project:
172
- rubygems_version: 2.4.5.1
178
+ rubygems_version: 3.0.3
173
179
  signing_key:
174
180
  specification_version: 4
175
181
  summary: AWS credentials loader