awsecrets 1.14.0 → 1.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +7 -2
- data/.travis.yml +18 -7
- data/README.md +37 -12
- data/awsecrets.gemspec +5 -5
- data/lib/awsecrets.rb +17 -27
- data/lib/awsecrets/utils.rb +25 -0
- data/lib/awsecrets/version.rb +1 -1
- metadata +29 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 496d603f9e18bf3bb51bc071bc9375bc92acc9fb05e5cf441b7036238b4f0b69
|
4
|
+
data.tar.gz: f07676a4365be1db74052197372b0ba364505937467613a2f7893a9b4ce014fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1fa3d149aa0611705f2f6fbc64660a49d0177db8d07373b5e73896401ce733e6b4f9fb1793c4be786f990e225892b25c1a63388213f3993665aeda1fa745f9d8
|
7
|
+
data.tar.gz: 636a84bfa7fbf59ea18bb45d2fde35a5aab919e8ee8639967e311a76d56f857e4ea512acee93607e0acca33702ba3afa3909ccfe909c714a13f2f9470529afeb
|
data/.rubocop.yml
CHANGED
@@ -1,9 +1,13 @@
|
|
1
|
+
---
|
1
2
|
AllCops:
|
2
3
|
TargetRubyVersion: 2.1
|
3
4
|
|
4
5
|
Lint/HandleExceptions:
|
5
6
|
Enabled: false
|
6
7
|
|
8
|
+
Lint/MissingCopEnableDirective:
|
9
|
+
Enabled: false
|
10
|
+
|
7
11
|
Lint/UselessAssignment:
|
8
12
|
Enabled: false
|
9
13
|
|
@@ -11,10 +15,10 @@ Metrics/AbcSize:
|
|
11
15
|
Max: 50
|
12
16
|
|
13
17
|
Metrics/ClassLength:
|
14
|
-
Max:
|
18
|
+
Max: 130
|
15
19
|
|
16
20
|
Metrics/ModuleLength:
|
17
|
-
Max:
|
21
|
+
Max: 130
|
18
22
|
|
19
23
|
Metrics/CyclomaticComplexity:
|
20
24
|
Max: 15
|
@@ -66,3 +70,4 @@ Style/SymbolProc:
|
|
66
70
|
|
67
71
|
Style/BracesAroundHashParameters:
|
68
72
|
Enabled: false
|
73
|
+
|
data/.travis.yml
CHANGED
@@ -1,11 +1,22 @@
|
|
1
|
+
---
|
1
2
|
language: ruby
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
matrix:
|
4
|
+
include:
|
5
|
+
- rvm: 2.6.2
|
6
|
+
env: RUBYGEMS_VERSION=
|
7
|
+
- rvm: 2.5.3
|
8
|
+
env: RUBYGEMS_VERSION=
|
9
|
+
- rvm: 2.4.5
|
10
|
+
env: RUBYGEMS_VERSION=
|
11
|
+
- rvm: 2.3.8
|
12
|
+
env: RUBYGEMS_VERSION=
|
13
|
+
- rvm: 2.2.10
|
14
|
+
env: RUBYGEMS_VERSION=2.7.8
|
15
|
+
- rvm: 2.1.10
|
16
|
+
env: RUBYGEMS_VERSION=2.7.8
|
6
17
|
before_install:
|
7
|
-
- gem update
|
8
|
-
|
18
|
+
- gem update --system ${RUBYGEMS_VERSION}
|
19
|
+
- gem pristine bundler
|
20
|
+
|
9
21
|
script:
|
10
22
|
- bundle exec rake spec
|
11
|
-
|
data/README.md
CHANGED
@@ -31,7 +31,28 @@ Or install it yourself as:
|
|
31
31
|
|
32
32
|
## Usage example
|
33
33
|
|
34
|
-
|
34
|
+
### Generate exception with wrong configuration
|
35
|
+
|
36
|
+
For some use cases, awsecrets might raise an exception if (even after all
|
37
|
+
attempts to configure access to an AWS account) there is missing configuration
|
38
|
+
parameters.
|
39
|
+
|
40
|
+
In other cases, this might not be desired.
|
41
|
+
|
42
|
+
To have control on that, you can use the environment variable
|
43
|
+
`DISABLE_AWS_CLIENT_CHECK`: if you set it to the string `'true'`, it will not
|
44
|
+
attempt to early create an `Aws::EC2::Client` instance with the found
|
45
|
+
parameters.
|
46
|
+
|
47
|
+
By default, even if you don't set `DISABLE_AWS_CLIENT_CHECK` it will be treated
|
48
|
+
like `true`.
|
49
|
+
|
50
|
+
To enable this early checking, you **must** setup `DISABLE_AWS_CLIENT_CHECK`
|
51
|
+
with the string `'false'`.
|
52
|
+
|
53
|
+
### Basic example
|
54
|
+
|
55
|
+
Create a command line tool `ec2sample` like following code:
|
35
56
|
|
36
57
|
```ruby
|
37
58
|
#!/usr/bin/env ruby
|
@@ -41,17 +62,21 @@ ec2_client = Aws::EC2::Client.new
|
|
41
62
|
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first
|
42
63
|
```
|
43
64
|
|
44
|
-
|
65
|
+
Then execute it with command line parameters:
|
45
66
|
|
46
67
|
```sh
|
47
68
|
$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1
|
69
|
+
```
|
48
70
|
|
49
|
-
or
|
71
|
+
or with environment variables configuration:
|
50
72
|
|
73
|
+
```sh
|
51
74
|
$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa
|
75
|
+
```
|
52
76
|
|
53
|
-
or
|
77
|
+
or using an YAML file:
|
54
78
|
|
79
|
+
```sh
|
55
80
|
$ cat <<EOF > secrets.yml
|
56
81
|
region: ap-northeast-1
|
57
82
|
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
|
@@ -64,7 +89,7 @@ $ ec2sample i-1aa1aaaa
|
|
64
89
|
|
65
90
|
Support `role_arn` `role_session_name` `source_profile` `external_id`.
|
66
91
|
|
67
|
-
#### 1.
|
92
|
+
#### 1. `.aws/config` and `.aws/credentials`
|
68
93
|
|
69
94
|
see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
|
70
95
|
|
@@ -89,7 +114,7 @@ And execute
|
|
89
114
|
$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
|
90
115
|
```
|
91
116
|
|
92
|
-
#### 2. secrets.yml
|
117
|
+
#### 2. `secrets.yml`
|
93
118
|
|
94
119
|
```sh
|
95
120
|
$ cat <<EOF > secrets.yml
|
@@ -105,7 +130,7 @@ And execute
|
|
105
130
|
$ ec2sample i-1aa1aaaa
|
106
131
|
```
|
107
132
|
|
108
|
-
### Disable load YAML(secrets.yml)
|
133
|
+
### Disable load YAML (`secrets.yml`)
|
109
134
|
|
110
135
|
```ruby
|
111
136
|
Awsecrets.load(disable_load_secrets:true)
|
@@ -119,8 +144,8 @@ Awsecrets.load(secrets_path:false)
|
|
119
144
|
|
120
145
|
## Contributing
|
121
146
|
|
122
|
-
1. Fork it
|
123
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
124
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
125
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
126
|
-
5. Create a new Pull Request
|
147
|
+
1. [Fork it]( https://github.com/k1LoW/awsecrets/fork ) !
|
148
|
+
2. Create your feature branch (`git checkout -b my-new-feature`).
|
149
|
+
3. Commit your changes (`git commit -am 'Add some feature'`).
|
150
|
+
4. Push to the branch (`git push origin my-new-feature`).
|
151
|
+
5. Create a new Pull Request.
|
data/awsecrets.gemspec
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
lib = File.expand_path('
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
2
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
3
|
require_relative 'lib/awsecrets/version'
|
4
4
|
|
@@ -20,10 +20,10 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_runtime_dependency 'aws-sdk', '>= 2', '< 4'
|
22
22
|
spec.add_runtime_dependency 'aws_config', '~> 0.1.0'
|
23
|
-
spec.add_development_dependency 'bundler', '
|
24
|
-
spec.add_development_dependency 'rake', '~> 10.0'
|
25
|
-
spec.add_development_dependency 'rspec'
|
26
|
-
spec.add_development_dependency 'rubocop'
|
23
|
+
spec.add_development_dependency 'bundler', '>= 1.9', '< 3.0'
|
27
24
|
spec.add_development_dependency 'octorelease'
|
28
25
|
spec.add_development_dependency 'pry'
|
26
|
+
spec.add_development_dependency 'rake', '~> 10.0'
|
27
|
+
spec.add_development_dependency 'rspec'
|
28
|
+
spec.add_development_dependency 'rubocop', '0.57'
|
29
29
|
end
|
data/lib/awsecrets.rb
CHANGED
@@ -1,11 +1,13 @@
|
|
1
1
|
require_relative 'awsecrets/version'
|
2
|
+
require_relative 'awsecrets/utils'
|
2
3
|
require 'optparse'
|
3
4
|
require 'aws-sdk'
|
4
5
|
require 'aws_config'
|
5
|
-
require 'net/http'
|
6
6
|
require 'yaml'
|
7
7
|
|
8
8
|
module Awsecrets
|
9
|
+
include Misc
|
10
|
+
|
9
11
|
def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false)
|
10
12
|
@profile = profile
|
11
13
|
@region = region
|
@@ -13,14 +15,8 @@ module Awsecrets
|
|
13
15
|
@disable_load_secrets = disable_load_secrets
|
14
16
|
@disable_load_secrets = true if secrets_path == false
|
15
17
|
|
16
|
-
@credentials
|
17
|
-
@
|
18
|
-
@secret_access_key = nil
|
19
|
-
@session_token = nil
|
20
|
-
@role_arn = nil
|
21
|
-
@external_id = nil
|
22
|
-
@source_profile = nil
|
23
|
-
@role_session_name = nil
|
18
|
+
@credentials = @access_key_id = @secret_access_key = @session_token = nil
|
19
|
+
@role_arn = @external_id = @source_profile = @role_session_name = nil
|
24
20
|
|
25
21
|
# 1. Command Line Options
|
26
22
|
load_options if load_method_args
|
@@ -51,8 +47,9 @@ module Awsecrets
|
|
51
47
|
opt.parse!(ARGV)
|
52
48
|
rescue OptionParser::InvalidOption
|
53
49
|
end
|
54
|
-
return unless @profile
|
50
|
+
return true unless @profile
|
55
51
|
@region ||= AWSConfig[@profile]['region']
|
52
|
+
true
|
56
53
|
end
|
57
54
|
|
58
55
|
def self.load_env
|
@@ -60,20 +57,21 @@ module Awsecrets
|
|
60
57
|
@region ||= ENV['AWS_DEFAULT_REGION']
|
61
58
|
@profile ||= ENV['AWS_PROFILE']
|
62
59
|
@secrets_path ||= ENV['AWS_SECRETS_PATH']
|
63
|
-
return if @access_key_id
|
60
|
+
return true if @access_key_id
|
64
61
|
return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
|
65
62
|
@access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
|
66
63
|
@secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
|
67
64
|
@session_token ||= ENV['AWS_SESSION_TOKEN']
|
65
|
+
true
|
68
66
|
end
|
69
67
|
|
70
68
|
def self.load_yaml
|
71
|
-
return if @disable_load_secrets
|
69
|
+
return false if @disable_load_secrets
|
72
70
|
@secrets_path ||= 'secrets.yml'
|
73
71
|
creds = YAML.load_file(@secrets_path) if File.exist?(File.expand_path(@secrets_path))
|
74
72
|
@region ||= creds['region'] if creds && creds.include?('region')
|
75
|
-
return if @access_key_id
|
76
|
-
return unless creds &&
|
73
|
+
return true if @access_key_id
|
74
|
+
return true unless creds &&
|
77
75
|
creds.include?('aws_access_key_id') &&
|
78
76
|
creds.include?('aws_secret_access_key')
|
79
77
|
@access_key_id ||= creds['aws_access_key_id']
|
@@ -83,8 +81,8 @@ module Awsecrets
|
|
83
81
|
@external_id ||= creds['external_id'] if creds.include?('external_id')
|
84
82
|
@role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
|
85
83
|
|
86
|
-
return unless @role_arn
|
87
|
-
@role_session_name ||= generate_session_name
|
84
|
+
return true unless @role_arn
|
85
|
+
@role_session_name ||= Misc.generate_session_name
|
88
86
|
@credentials ||= role_creds(
|
89
87
|
client: Aws::STS::Client.new(
|
90
88
|
region: @region,
|
@@ -95,6 +93,7 @@ module Awsecrets
|
|
95
93
|
role_session_name: @role_session_name,
|
96
94
|
external_id: @external_id
|
97
95
|
)
|
96
|
+
true
|
98
97
|
end
|
99
98
|
|
100
99
|
def self.load_config
|
@@ -115,7 +114,7 @@ module Awsecrets
|
|
115
114
|
Aws.config[:region] = @region
|
116
115
|
|
117
116
|
if @role_arn && @source_profile
|
118
|
-
@role_session_name ||= generate_session_name
|
117
|
+
@role_session_name ||= Misc.generate_session_name
|
119
118
|
region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
|
120
119
|
AWSConfig[@source_profile.name]['region']
|
121
120
|
else
|
@@ -138,19 +137,10 @@ module Awsecrets
|
|
138
137
|
@credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token) if @access_key_id
|
139
138
|
@credentials ||= Aws::InstanceProfileCredentials.new
|
140
139
|
|
140
|
+
Misc.validate_client
|
141
141
|
Aws.config[:credentials] = @credentials
|
142
142
|
end
|
143
143
|
|
144
|
-
def self.generate_session_name
|
145
|
-
"awsecrets-session-#{Time.now.to_i}"
|
146
|
-
end
|
147
|
-
|
148
|
-
def self.current_region
|
149
|
-
metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
|
150
|
-
az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
|
151
|
-
az[0...-1]
|
152
|
-
end
|
153
|
-
|
154
144
|
def self.role_creds(args)
|
155
145
|
Aws::AssumeRoleCredentials.new(args)
|
156
146
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
|
3
|
+
module Misc
|
4
|
+
def self.validate_client
|
5
|
+
return unless ENV.key?('DISABLE_AWS_CLIENT_CHECK') && (ENV['DISABLE_AWS_CLIENT_CHECK'] == 'false')
|
6
|
+
|
7
|
+
begin
|
8
|
+
Aws::EC2::Client.new
|
9
|
+
rescue Aws::Errors::MissingRegionError
|
10
|
+
raise 'Missing region: use "region" command line option or export ENV[\'AWS_REGION\'] or awscli configure'
|
11
|
+
rescue StandardError => e
|
12
|
+
raise "Oops, there is something wrong with AWS client configuration => #{e}"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.generate_session_name
|
17
|
+
"awsecrets-session-#{Time.now.to_i}"
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.current_region
|
21
|
+
metadata_endpoint = 'http://169.254.169.254/latest/meta-data/'
|
22
|
+
az = Net::HTTP.get(URI.parse(metadata_endpoint + 'placement/availability-zone'))
|
23
|
+
az[0...-1]
|
24
|
+
end
|
25
|
+
end
|
data/lib/awsecrets/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awsecrets
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-10-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -48,32 +48,38 @@ dependencies:
|
|
48
48
|
name: bundler
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
|
-
- - "
|
51
|
+
- - ">="
|
52
52
|
- !ruby/object:Gem::Version
|
53
53
|
version: '1.9'
|
54
|
+
- - "<"
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '3.0'
|
54
57
|
type: :development
|
55
58
|
prerelease: false
|
56
59
|
version_requirements: !ruby/object:Gem::Requirement
|
57
60
|
requirements:
|
58
|
-
- - "
|
61
|
+
- - ">="
|
59
62
|
- !ruby/object:Gem::Version
|
60
63
|
version: '1.9'
|
64
|
+
- - "<"
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '3.0'
|
61
67
|
- !ruby/object:Gem::Dependency
|
62
|
-
name:
|
68
|
+
name: octorelease
|
63
69
|
requirement: !ruby/object:Gem::Requirement
|
64
70
|
requirements:
|
65
|
-
- - "
|
71
|
+
- - ">="
|
66
72
|
- !ruby/object:Gem::Version
|
67
|
-
version: '
|
73
|
+
version: '0'
|
68
74
|
type: :development
|
69
75
|
prerelease: false
|
70
76
|
version_requirements: !ruby/object:Gem::Requirement
|
71
77
|
requirements:
|
72
|
-
- - "
|
78
|
+
- - ">="
|
73
79
|
- !ruby/object:Gem::Version
|
74
|
-
version: '
|
80
|
+
version: '0'
|
75
81
|
- !ruby/object:Gem::Dependency
|
76
|
-
name:
|
82
|
+
name: pry
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|
78
84
|
requirements:
|
79
85
|
- - ">="
|
@@ -87,21 +93,21 @@ dependencies:
|
|
87
93
|
- !ruby/object:Gem::Version
|
88
94
|
version: '0'
|
89
95
|
- !ruby/object:Gem::Dependency
|
90
|
-
name:
|
96
|
+
name: rake
|
91
97
|
requirement: !ruby/object:Gem::Requirement
|
92
98
|
requirements:
|
93
|
-
- - "
|
99
|
+
- - "~>"
|
94
100
|
- !ruby/object:Gem::Version
|
95
|
-
version: '0'
|
101
|
+
version: '10.0'
|
96
102
|
type: :development
|
97
103
|
prerelease: false
|
98
104
|
version_requirements: !ruby/object:Gem::Requirement
|
99
105
|
requirements:
|
100
|
-
- - "
|
106
|
+
- - "~>"
|
101
107
|
- !ruby/object:Gem::Version
|
102
|
-
version: '0'
|
108
|
+
version: '10.0'
|
103
109
|
- !ruby/object:Gem::Dependency
|
104
|
-
name:
|
110
|
+
name: rspec
|
105
111
|
requirement: !ruby/object:Gem::Requirement
|
106
112
|
requirements:
|
107
113
|
- - ">="
|
@@ -115,19 +121,19 @@ dependencies:
|
|
115
121
|
- !ruby/object:Gem::Version
|
116
122
|
version: '0'
|
117
123
|
- !ruby/object:Gem::Dependency
|
118
|
-
name:
|
124
|
+
name: rubocop
|
119
125
|
requirement: !ruby/object:Gem::Requirement
|
120
126
|
requirements:
|
121
|
-
- -
|
127
|
+
- - '='
|
122
128
|
- !ruby/object:Gem::Version
|
123
|
-
version: '0'
|
129
|
+
version: '0.57'
|
124
130
|
type: :development
|
125
131
|
prerelease: false
|
126
132
|
version_requirements: !ruby/object:Gem::Requirement
|
127
133
|
requirements:
|
128
|
-
- -
|
134
|
+
- - '='
|
129
135
|
- !ruby/object:Gem::Version
|
130
|
-
version: '0'
|
136
|
+
version: '0.57'
|
131
137
|
description: AWS credentials loader
|
132
138
|
email:
|
133
139
|
- k1lowxb@gmail.com
|
@@ -148,6 +154,7 @@ files:
|
|
148
154
|
- bin/setup
|
149
155
|
- bin/testcommand
|
150
156
|
- lib/awsecrets.rb
|
157
|
+
- lib/awsecrets/utils.rb
|
151
158
|
- lib/awsecrets/version.rb
|
152
159
|
homepage: https://github.com/k1LoW/awsecrets
|
153
160
|
licenses:
|
@@ -168,8 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
168
175
|
- !ruby/object:Gem::Version
|
169
176
|
version: '0'
|
170
177
|
requirements: []
|
171
|
-
|
172
|
-
rubygems_version: 2.4.5.1
|
178
|
+
rubygems_version: 3.0.3
|
173
179
|
signing_key:
|
174
180
|
specification_version: 4
|
175
181
|
summary: AWS credentials loader
|