awsecrets 1.7.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +47 -0
- data/lib/awsecrets/version.rb +1 -1
- data/lib/awsecrets.rb +72 -41
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6c73c452155ea2f6e57b640272aed574718c74bc
|
4
|
+
data.tar.gz: 08928ae9c4c13605eb2834d0f57146062cf6e6ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b36140f7f891eb7d4578fb434cd44c43de090305621668eb9eabf2b811d85f4fe2708c3536926ae62c1d6210898be35f35489bb5c7c663518a6a1ee02a5e2015
|
7
|
+
data.tar.gz: 1ea947503859e54e0c7bfe3b4214164b4768cedbb0e8b992762cc793a558a5c3d703280a41c396dd8d4a5532ee79f036d04d3ee85ad3ceb3ab0f025ed8e662db
|
data/README.md
CHANGED
@@ -59,6 +59,53 @@ EOF
|
|
59
59
|
$ ec2sample i-1aa1aaaa
|
60
60
|
```
|
61
61
|
|
62
|
+
### Use AssumeRole
|
63
|
+
|
64
|
+
Support `role_arn` `role_session_name` `source_profile`.
|
65
|
+
|
66
|
+
#### 1. .aws/config and .aws/credentials
|
67
|
+
|
68
|
+
see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
|
69
|
+
|
70
|
+
```
|
71
|
+
# .aws/config
|
72
|
+
[profile assumed]
|
73
|
+
role_arn = arn:aws:iam::123456780912:role/assumed-role
|
74
|
+
role_session_name = awsecrets-assume-role
|
75
|
+
source_profile = assume_test
|
76
|
+
```
|
77
|
+
|
78
|
+
```
|
79
|
+
# .aws/credentials
|
80
|
+
[assume_test]
|
81
|
+
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
|
82
|
+
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
83
|
+
```
|
84
|
+
|
85
|
+
And execute
|
86
|
+
|
87
|
+
```sh
|
88
|
+
$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
|
89
|
+
```
|
90
|
+
|
91
|
+
#### 2. secrets.yml
|
92
|
+
|
93
|
+
```sh
|
94
|
+
$ cat <<EOF > secrets.yml
|
95
|
+
region: ap-northeast-1
|
96
|
+
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
|
97
|
+
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
98
|
+
role_arn = arn:aws:iam::123456780912:role/assumed-role
|
99
|
+
role_session_name = awsecrets-assume-role
|
100
|
+
```
|
101
|
+
|
102
|
+
And execute
|
103
|
+
|
104
|
+
```sh
|
105
|
+
$ ec2sample i-1aa1aaaa
|
106
|
+
```
|
107
|
+
|
108
|
+
|
62
109
|
## Contributing
|
63
110
|
|
64
111
|
1. Fork it ( https://github.com/k1LoW/awsecrets/fork )
|
data/lib/awsecrets/version.rb
CHANGED
data/lib/awsecrets.rb
CHANGED
@@ -7,9 +7,9 @@ require 'yaml'
|
|
7
7
|
module Awsecrets
|
8
8
|
def self.load(profile: nil, region: nil, secrets_path: 'secrets.yml')
|
9
9
|
@profile = profile
|
10
|
-
@secrets_path = secrets_path
|
11
10
|
@region = region
|
12
|
-
@
|
11
|
+
@secrets_path = secrets_path
|
12
|
+
@credentials = @access_key_id = @secret_access_key = @session_token = @role_arn = @source_profile = nil
|
13
13
|
|
14
14
|
# 1. Command Line Options
|
15
15
|
load_options if load_method_args
|
@@ -22,74 +22,105 @@ module Awsecrets
|
|
22
22
|
# 5. The CLI configuration file
|
23
23
|
load_config
|
24
24
|
|
25
|
-
|
26
|
-
Aws.config[:credentials] = @credentials
|
25
|
+
set_aws_config
|
27
26
|
end
|
28
27
|
|
29
28
|
def self.load_method_args
|
30
29
|
return false unless @profile
|
31
|
-
@region
|
32
|
-
@credentials = Aws::SharedCredentials.new(profile_name: @profile)
|
30
|
+
@region ||= AWSConfig[@profile]['region'] if AWSConfig[@profile]['region']
|
33
31
|
true
|
34
32
|
end
|
35
33
|
|
36
34
|
def self.load_options
|
37
35
|
opt = OptionParser.new
|
38
|
-
opt.on('--profile PROFILE') { |v| @profile
|
39
|
-
opt.on('--region REGION') { |v| @region
|
40
|
-
opt.on('--secrets_path SECRETS_PATH') { |v| @secrets_path
|
36
|
+
opt.on('--profile PROFILE') { |v| @profile ||= v }
|
37
|
+
opt.on('--region REGION') { |v| @region ||= v }
|
38
|
+
opt.on('--secrets_path SECRETS_PATH') { |v| @secrets_path ||= v }
|
41
39
|
begin
|
42
40
|
opt.parse!(ARGV)
|
43
41
|
rescue OptionParser::InvalidOption
|
44
42
|
end
|
45
43
|
return unless @profile
|
46
|
-
@region
|
47
|
-
@credentials = Aws::SharedCredentials.new(profile_name: @profile)
|
44
|
+
@region ||= AWSConfig[@profile]['region']
|
48
45
|
end
|
49
46
|
|
50
47
|
def self.load_env
|
51
|
-
@region
|
52
|
-
@region
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
@
|
59
|
-
ENV['AWS_ACCESS_KEY_ID'],
|
60
|
-
ENV['AWS_SECRET_ACCESS_KEY'],
|
61
|
-
ENV['AWS_SESSION_TOKEN'] # Not necessary
|
62
|
-
)
|
48
|
+
@region ||= ENV['AWS_REGION']
|
49
|
+
@region ||= ENV['AWS_DEFAULT_REGION']
|
50
|
+
@profile ||= ENV['AWS_PROFILE']
|
51
|
+
return if @access_key_id
|
52
|
+
return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
|
53
|
+
@access_key_id ||= ENV['AWS_ACCESS_KEY_ID']
|
54
|
+
@secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY']
|
55
|
+
@session_token ||= ENV['AWS_SESSION_TOKEN']
|
63
56
|
end
|
64
57
|
|
65
58
|
def self.load_yaml
|
66
59
|
creds = YAML.load_file(@secrets_path) if File.exist?(@secrets_path)
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
return unless @credentials.nil? && creds &&
|
60
|
+
@region ||= creds['region'] if creds && creds.include?('region')
|
61
|
+
return if @access_key_id
|
62
|
+
return unless creds &&
|
71
63
|
creds.include?('aws_access_key_id') &&
|
72
64
|
creds.include?('aws_secret_access_key')
|
73
|
-
|
74
|
-
|
75
|
-
@
|
76
|
-
|
77
|
-
|
78
|
-
|
65
|
+
@access_key_id ||= creds['aws_access_key_id']
|
66
|
+
@secret_access_key ||= creds['aws_secret_access_key']
|
67
|
+
@session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token')
|
68
|
+
@role_arn ||= creds['role_arn'] if creds.include?('role_arn')
|
69
|
+
@role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name')
|
70
|
+
return unless @role_arn && @role_session_name
|
71
|
+
@credentials ||= Aws::AssumeRoleCredentials.new(
|
72
|
+
client: Aws::STS::Client.new(
|
73
|
+
region: @region,
|
74
|
+
credentials: Aws::SharedCredentials.new(
|
75
|
+
region: @region,
|
76
|
+
access_key_id: @access_key_id,
|
77
|
+
secret_access_key: @secret_access_key
|
78
|
+
)
|
79
|
+
),
|
80
|
+
role_arn: @role_arn,
|
81
|
+
role_session_name: @role_session_name
|
79
82
|
)
|
80
83
|
end
|
81
84
|
|
82
85
|
def self.load_creds
|
83
|
-
return unless @credentials.nil?
|
84
|
-
@credentials = Aws::SharedCredentials.new(profile_name: nil)
|
85
86
|
end
|
86
87
|
|
87
88
|
def self.load_config
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
89
|
+
@region ||= if AWSConfig[@profile] && AWSConfig[@profile]['region']
|
90
|
+
AWSConfig[@profile]['region']
|
91
|
+
else
|
92
|
+
AWSConfig['default']['region']
|
93
|
+
end
|
94
|
+
|
95
|
+
@role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile]
|
96
|
+
@role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile]
|
97
|
+
@source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile]
|
98
|
+
end
|
99
|
+
|
100
|
+
def self.set_aws_config
|
101
|
+
Aws.config[:region] = @region
|
102
|
+
|
103
|
+
if @role_arn && @role_session_name && @source_profile
|
104
|
+
region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region']
|
105
|
+
AWSConfig[@source_profile.name]['region']
|
106
|
+
else
|
107
|
+
AWSConfig['default']['region']
|
108
|
+
end
|
109
|
+
|
110
|
+
@credentials ||= Aws::AssumeRoleCredentials.new(
|
111
|
+
client: Aws::STS::Client.new(
|
112
|
+
region: region,
|
113
|
+
credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name)
|
114
|
+
),
|
115
|
+
role_arn: @role_arn,
|
116
|
+
role_session_name: @role_session_name
|
117
|
+
)
|
118
|
+
end
|
119
|
+
|
120
|
+
@credentials ||= Aws::SharedCredentials.new(profile_name: @profile) if @profile
|
121
|
+
@credentials ||= Aws::SharedCredentials.new(profile_name: 'default') unless @access_key_id
|
122
|
+
@credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token)
|
123
|
+
|
124
|
+
Aws.config[:credentials] = @credentials
|
94
125
|
end
|
95
126
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awsecrets
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- k1LoW
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-01-
|
11
|
+
date: 2017-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|