RubyGems - awskeyring - Versions diffs - 0.3.0 → 0.3.1 - Mend

awskeyring 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8657e757b5569d9712953debdfb94b87cb120a72
-  data.tar.gz: 1cbaee2befed2828a571cdea1e8e3ec2e0b02248
+  metadata.gz: 872f5a554d55d638f03155e0b3411bf3d96fb719
+  data.tar.gz: 4cb3938b6a21b369372b933f541432861b7ee790
 SHA512:
-  metadata.gz: c7199c75966a60aba45f9c49cef0c9f11fd6fb7b5ba9f42f7740fc1df346fbad277c5d14051e6764afc9282e5bfd35273191aa4d0c305c109fa9513d757dfd0b
-  data.tar.gz: 8a842afe5dc7d834dc64c38e78fddf69c64661dd88a1c41dadcdebb48c335c3605184cac55f588fb07b062f01b768fdbbdd8fdeec2b573e42150a016bbb1e9b4
+  metadata.gz: def1b159bc413bc54dcb75161cb211e65d2eec1cecefe40bf7d5811eaa101594f05d8be24a50e18cab0c7751a1691fcebc1b6d979c8ec14f1b7ac79e9befceb9
+  data.tar.gz: 1daafcf9f1c1451d08000645626675c0c4e7ea399bb1a7a0939872412857d75efd71a775426e22f4482c32f937ec937e8b8cf9fef33566c92ea360f8afc9bb25

data/.travis.yml CHANGED Viewed

@@ -3,6 +3,7 @@ language: ruby
 os: osx
 rvm:
   - 2.3.3
+  - 2.3.7
 before_install: gem install bundler
 notifications:
   slack:

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 # Change Log
+## [v0.3.1](https://github.com/vibrato/awskeyring/tree/v0.3.1) (2018-07-25)
+[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.0...v0.3.1)
+**Implemented enhancements:**
+- Warn about key-age [\#24](https://github.com/vibrato/awskeyring/pull/24) ([tristanmorgan](https://github.com/tristanmorgan))
+**Fixed bugs:**
+- Error adding account when region is not specified [\#21](https://github.com/vibrato/awskeyring/issues/21)
+- Check more locations for current region. [\#23](https://github.com/vibrato/awskeyring/pull/23) ([tristanmorgan](https://github.com/tristanmorgan))
+**Merged pull requests:**
+- Set a default region on cred verify. [\#22](https://github.com/vibrato/awskeyring/pull/22) ([tristanmorgan](https://github.com/tristanmorgan))
 ## [v0.3.0](https://github.com/vibrato/awskeyring/tree/v0.3.0) (2018-04-12)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.2.0...v0.3.0)

data/lib/awskeyring/awsapi.rb CHANGED Viewed

@@ -19,6 +19,8 @@ module Awskeyring
     TWELVE_HOUR = (60 * 60 * 12)
     ONE_HOUR = (60 * 60 * 1)
+    # Days in seconds
+    ONE_DAY = (24 * 60 * 60)
     # Retrieves a temporary session token from AWS
     #
@@ -36,11 +38,13 @@ module Awskeyring
     #    token The aws_session_token
     #    expiry expiry time
     def self.get_token(params = {}) # rubocop:disable  Metrics/AbcSize, Metrics/MethodLength
+      ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
       sts = Aws::STS::Client.new(access_key_id: params[:key], secret_access_key: params[:secret])
+      params[:mfa] = nil unless params[:code]
       begin
         response =
-          if params[:code] && params[:role_arn]
+          if params[:role_arn]
             sts.assume_role(
               duration_seconds: params[:duration].to_i,
               role_arn: params[:role_arn],
@@ -48,12 +52,6 @@ module Awskeyring
               serial_number: params[:mfa],
               token_code: params[:code]
             )
-          elsif params[:role_arn]
-            sts.assume_role(
-              duration_seconds: params[:duration].to_i,
-              role_arn: params[:role_arn],
-              role_session_name: params[:user]
-            )
           elsif params[:code]
             sts.get_session_token(
               duration_seconds: params[:duration].to_i,
@@ -105,6 +103,7 @@ module Awskeyring
     # @param [String] token The aws_session_token
     def self.verify_cred(key:, secret:)
       begin
+        ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
         sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret)
         sts.get_caller_identity
       rescue Aws::Errors::ServiceError => err
@@ -133,6 +132,7 @@ module Awskeyring
           sessionToken: token
         }.to_json
       else
+        ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
         sts = Aws::STS::Client.new(access_key_id: key,
                                    secret_access_key: secret)
@@ -158,6 +158,15 @@ module Awskeyring
       signin_url + '?Action=login' + signin_token_param + destination_param
     end
+    # Get the current region
+    #
+    # @return [String] current configured region
+    def self.region
+      keys = %w[AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION]
+      region = ENV.values_at(*keys).compact.first
+      region || Aws.shared_config.region(profile: 'default')
+    end
     # Rotates the AWS access keys
     #
     # @param [String] key The aws_access_key_id

data/lib/awskeyring/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Awskeyring
   # The Gems version number
-  VERSION = '0.3.0'.freeze
+  VERSION = '0.3.1'.freeze
 end

data/lib/awskeyring.rb CHANGED Viewed

@@ -14,6 +14,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   SESSION_KEY_PREFIX = 'session-key '.freeze
   # Prefix for Session Tokens
   SESSION_TOKEN_PREFIX = 'session-token '.freeze
+  # Default warning of key age in days.
+  DEFAULT_KEY_AGE = 90
   # Retrieve the preferences
   #
@@ -32,7 +34,10 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     keychain.lock_interval = 300
     keychain.lock_on_sleep = true
-    prefs = { awskeyring: awskeyring }
+    prefs = {
+      awskeyring: awskeyring,
+      keyage: DEFAULT_KEY_AGE
+    }
     File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
   end
@@ -168,7 +173,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
       key: cred.attributes[:account],
       secret: cred.password,
       token: token,
-      expiry: expiry
+      expiry: expiry,
+      updated: cred.attributes[:updated_at]
     }
   end
@@ -180,7 +186,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
       account: account,
       key: cred.attributes[:account],
       secret: cred.password,
-      mfa: cred.attributes[:comment]
+      mfa: cred.attributes[:comment],
+      updated: cred.attributes[:updated_at]
     }
   end

data/lib/awskeyring_command.rb CHANGED Viewed

@@ -68,6 +68,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
     )
     cred = Awskeyring.get_valid_creds(account: account)
+    age_check(account, cred[:updated])
     put_env_string(
       account: cred[:account],
       key: cred[:key],
@@ -83,12 +84,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
     )
     cred = Awskeyring.get_valid_creds(account: account)
+    age_check(account, cred[:updated])
     expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
     puts Awskeyring::Awsapi.get_cred_json(
       key: cred[:key],
       secret: cred[:secret],
       token: cred[:token],
-      expiry: expiry || Time.new + 3600
+      expiry: expiry || Time.new + Awskeyring::Awsapi::ONE_HOUR
     )
   end
@@ -96,6 +98,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # execute an external command with env set
   def exec(account, *command)
     cred = Awskeyring.get_valid_creds(account: account)
+    age_check(account, cred[:updated])
     env_vars = env_vars(
       account: cred[:account],
       key: cred[:key],
@@ -247,6 +250,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
     item_hash = Awskeyring.get_account_hash(account: account)
+    age_check(account, item_hash[:updated])
     role_arn = Awskeyring.get_role_arn(role_name: role) if role
     begin
@@ -286,6 +290,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
     )
     cred = Awskeyring.get_valid_creds(account: account)
+    age_check(account, cred[:updated])
     path = options[:path] || 'console'
@@ -329,6 +334,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   private
+  def age_check(account, updated)
+    maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
+    age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
+    warn "# Creds for account #{account} are #{age} days old." unless age < maxage
+  end
   def print_auto_resp(curr, len)
     case len
     when 0
@@ -348,7 +359,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   def env_vars(account:, key:, secret:, token:)
     env_var = {}
-    env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless ENV['AWS_DEFAULT_REGION']
+    env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless Awskeyring::Awsapi.region
     env_var['AWS_ACCOUNT_NAME'] = account
     env_var['AWS_ACCESS_KEY_ID'] = key
     env_var['AWS_ACCESS_KEY'] = key

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-04-12 00:00:00.000000000 Z
+date: 2018-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -181,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.12
+rubygems_version: 2.5.2.3
 signing_key:
 specification_version: 4
 summary: Manages AWS credentials in the macOS keychain