awskeyring 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +4 -0
- data/exe/awskeyring +6 -1
- data/i18n/en.yml +1 -1
- data/lib/awskeyring/awsapi.rb +13 -7
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +32 -12
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b18067d6aad4daed7c723e3b67cdd3983d66ae67
|
|
4
|
+
data.tar.gz: 4975855826aadafe2631abcd7fa98658f15b0e18
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c50766e6d2fe027102d49c8cf71b1974806f2a248e28083927f0fd4a709179a33649d1432fd14f96c18d2df9c4c05b3188e114fc6feaa34b85d32ca6bc3d8a57
|
|
7
|
+
data.tar.gz: 650c4c01e6202148a7ab063cc017739596bda2bffa9bc0b605a383d7fa211159abef6c61101d464d64d9878ea0abc69f24f59937af04bee8d7b438d23bfc1b06
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.5.1](https://github.com/vibrato/awskeyring/tree/v0.5.1) (2018-09-13)
|
|
4
|
+
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.5.0...v0.5.1)
|
|
5
|
+
|
|
6
|
+
**Implemented enhancements:**
|
|
7
|
+
|
|
8
|
+
- Autocomplete flags too. [\#29](https://github.com/vibrato/awskeyring/pull/29) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
9
|
+
|
|
3
10
|
## [v0.5.0](https://github.com/vibrato/awskeyring/tree/v0.5.0) (2018-09-10)
|
|
4
11
|
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.4.0...v0.5.0)
|
|
5
12
|
|
data/README.md
CHANGED
|
@@ -87,6 +87,10 @@ After checking out the repo, run `bundle update` to install dependencies. Then,
|
|
|
87
87
|
|
|
88
88
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
|
89
89
|
|
|
90
|
+
## Security
|
|
91
|
+
|
|
92
|
+
If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at [tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
|
|
93
|
+
|
|
90
94
|
## Contributing
|
|
91
95
|
|
|
92
96
|
Bug reports and pull requests are welcome on GitHub at https://github.com/vibrato/awskeyring. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
data/exe/awskeyring
CHANGED
data/i18n/en.yml
CHANGED
|
@@ -40,10 +40,10 @@ en:
|
|
|
40
40
|
duration: 'Session DURATION in seconds.'
|
|
41
41
|
key: 'AWS account key id.'
|
|
42
42
|
keychain: 'Name of KEYCHAIN to initialise.'
|
|
43
|
-
local: 'Only validate locally.'
|
|
44
43
|
mfa: 'AWS virtual mfa arn.'
|
|
45
44
|
noopen: 'Do not open the url.'
|
|
46
45
|
notoken: 'Do not use saved token.'
|
|
46
|
+
noremote: 'Do not validate with remote api.'
|
|
47
47
|
path: 'The service PATH to open.'
|
|
48
48
|
role: 'The ROLE to assume.'
|
|
49
49
|
secret: 'AWS account secret.'
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -17,6 +17,9 @@ module Awskeyring
|
|
|
17
17
|
}]
|
|
18
18
|
}.to_json.freeze
|
|
19
19
|
|
|
20
|
+
# AWS Signin url
|
|
21
|
+
AWS_SIGNIN_URL = 'https://signin.aws.amazon.com/federation'.freeze
|
|
22
|
+
|
|
20
23
|
# Twelve hours in seconds
|
|
21
24
|
TWELVE_HOUR = (60 * 60 * 12)
|
|
22
25
|
# One hour in seconds
|
|
@@ -122,9 +125,8 @@ module Awskeyring
|
|
|
122
125
|
# @param [String] user The local username
|
|
123
126
|
# @param [String] path within the Console to access
|
|
124
127
|
# @return [String] login_url to access
|
|
125
|
-
def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable
|
|
128
|
+
def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable Metrics/MethodLength
|
|
126
129
|
console_url = "https://console.aws.amazon.com/#{path}/home"
|
|
127
|
-
signin_url = 'https://signin.aws.amazon.com/federation'
|
|
128
130
|
|
|
129
131
|
if token
|
|
130
132
|
session_json = {
|
|
@@ -147,16 +149,20 @@ module Awskeyring
|
|
|
147
149
|
}.to_json
|
|
148
150
|
end
|
|
149
151
|
|
|
150
|
-
|
|
152
|
+
destination_param = '&Destination=' + CGI.escape(console_url)
|
|
153
|
+
|
|
154
|
+
AWS_SIGNIN_URL + '?Action=login' + token_param(session_json: session_json) + destination_param
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
# Get the signin token param
|
|
158
|
+
private_class_method def self.token_param(session_json:)
|
|
159
|
+
get_signin_token_url = AWS_SIGNIN_URL + '?Action=getSigninToken' \
|
|
151
160
|
'&Session=' + CGI.escape(session_json)
|
|
152
161
|
|
|
153
162
|
returned_content = Net::HTTP.get(URI.parse(get_signin_token_url))
|
|
154
163
|
|
|
155
164
|
signin_token = JSON.parse(returned_content)['SigninToken']
|
|
156
|
-
|
|
157
|
-
destination_param = '&Destination=' + CGI.escape(console_url)
|
|
158
|
-
|
|
159
|
-
signin_url + '?Action=login' + signin_token_param + destination_param
|
|
165
|
+
'&SigninToken=' + CGI.escape(signin_token)
|
|
160
166
|
end
|
|
161
167
|
|
|
162
168
|
# Get the current region
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -13,6 +13,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
13
13
|
I18n.backend.load_translations
|
|
14
14
|
|
|
15
15
|
map %w[--version -v] => :__version
|
|
16
|
+
map %w[--help -h] => :help
|
|
16
17
|
map ['init'] => :initialise
|
|
17
18
|
map ['con'] => :console
|
|
18
19
|
map ['ls'] => :list
|
|
@@ -114,7 +115,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
114
115
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
|
115
116
|
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
|
116
117
|
method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
|
|
117
|
-
method_option
|
|
118
|
+
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
|
118
119
|
# Add an Account
|
|
119
120
|
def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
|
120
121
|
account = ask_check(
|
|
@@ -131,7 +132,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
131
132
|
existing: options[:mfa], message: I18n.t('message.mfa'),
|
|
132
133
|
optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
|
|
133
134
|
)
|
|
134
|
-
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[
|
|
135
|
+
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
|
|
135
136
|
Awskeyring.add_account(
|
|
136
137
|
account: account,
|
|
137
138
|
key: key,
|
|
@@ -144,7 +145,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
144
145
|
desc 'update ACCOUNT', I18n.t('update.desc')
|
|
145
146
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
|
146
147
|
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
|
147
|
-
method_option
|
|
148
|
+
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
|
148
149
|
# Update an Account
|
|
149
150
|
def update(account = nil) # rubocop:disable Metrics/MethodLength
|
|
150
151
|
account = ask_check(
|
|
@@ -157,7 +158,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
157
158
|
existing: options[:secret], message: I18n.t('message.secret'),
|
|
158
159
|
secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
|
|
159
160
|
)
|
|
160
|
-
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[
|
|
161
|
+
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
|
|
161
162
|
Awskeyring.update_account(
|
|
162
163
|
account: account,
|
|
163
164
|
key: key,
|
|
@@ -349,7 +350,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
349
350
|
warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
|
|
350
351
|
exit 1
|
|
351
352
|
end
|
|
353
|
+
|
|
354
|
+
curr, comp_len, sub_cmd = comp_type(comp_line: comp_line, curr: curr, prev: prev)
|
|
355
|
+
print_auto_resp(curr, comp_len, sub_cmd)
|
|
356
|
+
end
|
|
357
|
+
|
|
358
|
+
private
|
|
359
|
+
|
|
360
|
+
def comp_type(comp_line:, curr:, prev:)
|
|
352
361
|
comp_len = comp_line.split.index(prev)
|
|
362
|
+
sub_cmd = comp_line.split[1] if comp_len > 0
|
|
363
|
+
|
|
364
|
+
comp_len = 3 if curr.start_with?('-') && !sub_cmd.nil?
|
|
353
365
|
|
|
354
366
|
case prev
|
|
355
367
|
when 'help'
|
|
@@ -358,11 +370,9 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
358
370
|
comp_len = 2
|
|
359
371
|
end
|
|
360
372
|
|
|
361
|
-
|
|
373
|
+
[curr, comp_len, sub_cmd]
|
|
362
374
|
end
|
|
363
375
|
|
|
364
|
-
private
|
|
365
|
-
|
|
366
376
|
def age_check_and_get(account:, no_token:)
|
|
367
377
|
cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
|
|
368
378
|
|
|
@@ -373,21 +383,31 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
373
383
|
cred
|
|
374
384
|
end
|
|
375
385
|
|
|
376
|
-
def print_auto_resp(curr, len)
|
|
386
|
+
def print_auto_resp(curr, len, sub_cmd)
|
|
387
|
+
list = []
|
|
377
388
|
case len
|
|
378
389
|
when 0
|
|
379
|
-
|
|
390
|
+
list = list_commands
|
|
380
391
|
when 1
|
|
381
|
-
|
|
392
|
+
list = Awskeyring.list_account_names
|
|
382
393
|
when 2
|
|
383
|
-
|
|
394
|
+
list = Awskeyring.list_role_names
|
|
395
|
+
when 3
|
|
396
|
+
list = list_arguments(command: sub_cmd)
|
|
384
397
|
else
|
|
385
398
|
exit 1
|
|
386
399
|
end
|
|
400
|
+
puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
|
|
387
401
|
end
|
|
388
402
|
|
|
389
403
|
def list_commands
|
|
390
|
-
self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject { |elem| elem == 'awskeyring' }
|
|
404
|
+
self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject! { |elem| elem == 'awskeyring' }
|
|
405
|
+
end
|
|
406
|
+
|
|
407
|
+
def list_arguments(command:)
|
|
408
|
+
command = list_commands.find { |elem| elem.start_with?(command) }
|
|
409
|
+
self.class.all_commands[command].options.values.map(&:aliases).flatten! +
|
|
410
|
+
self.class.all_commands[command].options.values.map(&:switch_name)
|
|
391
411
|
end
|
|
392
412
|
|
|
393
413
|
def env_vars(account:, key:, secret:, token:)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|