awskeyring 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8657e757b5569d9712953debdfb94b87cb120a72
4
- data.tar.gz: 1cbaee2befed2828a571cdea1e8e3ec2e0b02248
3
+ metadata.gz: 872f5a554d55d638f03155e0b3411bf3d96fb719
4
+ data.tar.gz: 4cb3938b6a21b369372b933f541432861b7ee790
5
5
  SHA512:
6
- metadata.gz: c7199c75966a60aba45f9c49cef0c9f11fd6fb7b5ba9f42f7740fc1df346fbad277c5d14051e6764afc9282e5bfd35273191aa4d0c305c109fa9513d757dfd0b
7
- data.tar.gz: 8a842afe5dc7d834dc64c38e78fddf69c64661dd88a1c41dadcdebb48c335c3605184cac55f588fb07b062f01b768fdbbdd8fdeec2b573e42150a016bbb1e9b4
6
+ metadata.gz: def1b159bc413bc54dcb75161cb211e65d2eec1cecefe40bf7d5811eaa101594f05d8be24a50e18cab0c7751a1691fcebc1b6d979c8ec14f1b7ac79e9befceb9
7
+ data.tar.gz: 1daafcf9f1c1451d08000645626675c0c4e7ea399bb1a7a0939872412857d75efd71a775426e22f4482c32f937ec937e8b8cf9fef33566c92ea360f8afc9bb25
data/.travis.yml CHANGED
@@ -3,6 +3,7 @@ language: ruby
3
3
  os: osx
4
4
  rvm:
5
5
  - 2.3.3
6
+ - 2.3.7
6
7
  before_install: gem install bundler
7
8
  notifications:
8
9
  slack:
data/CHANGELOG.md CHANGED
@@ -1,5 +1,21 @@
1
1
  # Change Log
2
2
 
3
+ ## [v0.3.1](https://github.com/vibrato/awskeyring/tree/v0.3.1) (2018-07-25)
4
+ [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.0...v0.3.1)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - Warn about key-age [\#24](https://github.com/vibrato/awskeyring/pull/24) ([tristanmorgan](https://github.com/tristanmorgan))
9
+
10
+ **Fixed bugs:**
11
+
12
+ - Error adding account when region is not specified [\#21](https://github.com/vibrato/awskeyring/issues/21)
13
+ - Check more locations for current region. [\#23](https://github.com/vibrato/awskeyring/pull/23) ([tristanmorgan](https://github.com/tristanmorgan))
14
+
15
+ **Merged pull requests:**
16
+
17
+ - Set a default region on cred verify. [\#22](https://github.com/vibrato/awskeyring/pull/22) ([tristanmorgan](https://github.com/tristanmorgan))
18
+
3
19
  ## [v0.3.0](https://github.com/vibrato/awskeyring/tree/v0.3.0) (2018-04-12)
4
20
  [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.2.0...v0.3.0)
5
21
 
@@ -19,6 +19,8 @@ module Awskeyring
19
19
 
20
20
  TWELVE_HOUR = (60 * 60 * 12)
21
21
  ONE_HOUR = (60 * 60 * 1)
22
+ # Days in seconds
23
+ ONE_DAY = (24 * 60 * 60)
22
24
 
23
25
  # Retrieves a temporary session token from AWS
24
26
  #
@@ -36,11 +38,13 @@ module Awskeyring
36
38
  # token The aws_session_token
37
39
  # expiry expiry time
38
40
  def self.get_token(params = {}) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
41
+ ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
39
42
  sts = Aws::STS::Client.new(access_key_id: params[:key], secret_access_key: params[:secret])
40
43
 
44
+ params[:mfa] = nil unless params[:code]
41
45
  begin
42
46
  response =
43
- if params[:code] && params[:role_arn]
47
+ if params[:role_arn]
44
48
  sts.assume_role(
45
49
  duration_seconds: params[:duration].to_i,
46
50
  role_arn: params[:role_arn],
@@ -48,12 +52,6 @@ module Awskeyring
48
52
  serial_number: params[:mfa],
49
53
  token_code: params[:code]
50
54
  )
51
- elsif params[:role_arn]
52
- sts.assume_role(
53
- duration_seconds: params[:duration].to_i,
54
- role_arn: params[:role_arn],
55
- role_session_name: params[:user]
56
- )
57
55
  elsif params[:code]
58
56
  sts.get_session_token(
59
57
  duration_seconds: params[:duration].to_i,
@@ -105,6 +103,7 @@ module Awskeyring
105
103
  # @param [String] token The aws_session_token
106
104
  def self.verify_cred(key:, secret:)
107
105
  begin
106
+ ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
108
107
  sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret)
109
108
  sts.get_caller_identity
110
109
  rescue Aws::Errors::ServiceError => err
@@ -133,6 +132,7 @@ module Awskeyring
133
132
  sessionToken: token
134
133
  }.to_json
135
134
  else
135
+ ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
136
136
  sts = Aws::STS::Client.new(access_key_id: key,
137
137
  secret_access_key: secret)
138
138
 
@@ -158,6 +158,15 @@ module Awskeyring
158
158
  signin_url + '?Action=login' + signin_token_param + destination_param
159
159
  end
160
160
 
161
+ # Get the current region
162
+ #
163
+ # @return [String] current configured region
164
+ def self.region
165
+ keys = %w[AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION]
166
+ region = ENV.values_at(*keys).compact.first
167
+ region || Aws.shared_config.region(profile: 'default')
168
+ end
169
+
161
170
  # Rotates the AWS access keys
162
171
  #
163
172
  # @param [String] key The aws_access_key_id
@@ -1,4 +1,4 @@
1
1
  module Awskeyring
2
2
  # The Gems version number
3
- VERSION = '0.3.0'.freeze
3
+ VERSION = '0.3.1'.freeze
4
4
  end
data/lib/awskeyring.rb CHANGED
@@ -14,6 +14,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
14
14
  SESSION_KEY_PREFIX = 'session-key '.freeze
15
15
  # Prefix for Session Tokens
16
16
  SESSION_TOKEN_PREFIX = 'session-token '.freeze
17
+ # Default warning of key age in days.
18
+ DEFAULT_KEY_AGE = 90
17
19
 
18
20
  # Retrieve the preferences
19
21
  #
@@ -32,7 +34,10 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
32
34
  keychain.lock_interval = 300
33
35
  keychain.lock_on_sleep = true
34
36
 
35
- prefs = { awskeyring: awskeyring }
37
+ prefs = {
38
+ awskeyring: awskeyring,
39
+ keyage: DEFAULT_KEY_AGE
40
+ }
36
41
  File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
37
42
  end
38
43
 
@@ -168,7 +173,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
168
173
  key: cred.attributes[:account],
169
174
  secret: cred.password,
170
175
  token: token,
171
- expiry: expiry
176
+ expiry: expiry,
177
+ updated: cred.attributes[:updated_at]
172
178
  }
173
179
  end
174
180
 
@@ -180,7 +186,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
180
186
  account: account,
181
187
  key: cred.attributes[:account],
182
188
  secret: cred.password,
183
- mfa: cred.attributes[:comment]
189
+ mfa: cred.attributes[:comment],
190
+ updated: cred.attributes[:updated_at]
184
191
  }
185
192
  end
186
193
 
@@ -68,6 +68,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
68
68
  existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
69
69
  )
70
70
  cred = Awskeyring.get_valid_creds(account: account)
71
+ age_check(account, cred[:updated])
71
72
  put_env_string(
72
73
  account: cred[:account],
73
74
  key: cred[:key],
@@ -83,12 +84,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
83
84
  existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
84
85
  )
85
86
  cred = Awskeyring.get_valid_creds(account: account)
87
+ age_check(account, cred[:updated])
86
88
  expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
87
89
  puts Awskeyring::Awsapi.get_cred_json(
88
90
  key: cred[:key],
89
91
  secret: cred[:secret],
90
92
  token: cred[:token],
91
- expiry: expiry || Time.new + 3600
93
+ expiry: expiry || Time.new + Awskeyring::Awsapi::ONE_HOUR
92
94
  )
93
95
  end
94
96
 
@@ -96,6 +98,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
96
98
  # execute an external command with env set
97
99
  def exec(account, *command)
98
100
  cred = Awskeyring.get_valid_creds(account: account)
101
+ age_check(account, cred[:updated])
99
102
  env_vars = env_vars(
100
103
  account: cred[:account],
101
104
  key: cred[:key],
@@ -247,6 +250,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
247
250
  duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
248
251
 
249
252
  item_hash = Awskeyring.get_account_hash(account: account)
253
+ age_check(account, item_hash[:updated])
250
254
  role_arn = Awskeyring.get_role_arn(role_name: role) if role
251
255
 
252
256
  begin
@@ -286,6 +290,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
286
290
  existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
287
291
  )
288
292
  cred = Awskeyring.get_valid_creds(account: account)
293
+ age_check(account, cred[:updated])
289
294
 
290
295
  path = options[:path] || 'console'
291
296
 
@@ -329,6 +334,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
329
334
 
330
335
  private
331
336
 
337
+ def age_check(account, updated)
338
+ maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
339
+ age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
340
+ warn "# Creds for account #{account} are #{age} days old." unless age < maxage
341
+ end
342
+
332
343
  def print_auto_resp(curr, len)
333
344
  case len
334
345
  when 0
@@ -348,7 +359,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
348
359
 
349
360
  def env_vars(account:, key:, secret:, token:)
350
361
  env_var = {}
351
- env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless ENV['AWS_DEFAULT_REGION']
362
+ env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless Awskeyring::Awsapi.region
352
363
  env_var['AWS_ACCOUNT_NAME'] = account
353
364
  env_var['AWS_ACCESS_KEY_ID'] = key
354
365
  env_var['AWS_ACCESS_KEY'] = key
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: awskeyring
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tristan Morgan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-04-12 00:00:00.000000000 Z
11
+ date: 2018-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-iam
@@ -181,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
181
181
  version: '0'
182
182
  requirements: []
183
183
  rubyforge_project:
184
- rubygems_version: 2.6.12
184
+ rubygems_version: 2.5.2.3
185
185
  signing_key:
186
186
  specification_version: 4
187
187
  summary: Manages AWS credentials in the macOS keychain