awskeyring 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +4 -0
- data/exe/awskeyring +6 -1
- data/i18n/en.yml +1 -1
- data/lib/awskeyring/awsapi.rb +13 -7
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +32 -12
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b18067d6aad4daed7c723e3b67cdd3983d66ae67
|
|
4
|
+
data.tar.gz: 4975855826aadafe2631abcd7fa98658f15b0e18
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c50766e6d2fe027102d49c8cf71b1974806f2a248e28083927f0fd4a709179a33649d1432fd14f96c18d2df9c4c05b3188e114fc6feaa34b85d32ca6bc3d8a57
|
|
7
|
+
data.tar.gz: 650c4c01e6202148a7ab063cc017739596bda2bffa9bc0b605a383d7fa211159abef6c61101d464d64d9878ea0abc69f24f59937af04bee8d7b438d23bfc1b06
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.5.1](https://github.com/vibrato/awskeyring/tree/v0.5.1) (2018-09-13)
|
|
4
|
+
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.5.0...v0.5.1)
|
|
5
|
+
|
|
6
|
+
**Implemented enhancements:**
|
|
7
|
+
|
|
8
|
+
- Autocomplete flags too. [\#29](https://github.com/vibrato/awskeyring/pull/29) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
9
|
+
|
|
3
10
|
## [v0.5.0](https://github.com/vibrato/awskeyring/tree/v0.5.0) (2018-09-10)
|
|
4
11
|
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.4.0...v0.5.0)
|
|
5
12
|
|
data/README.md
CHANGED
|
@@ -87,6 +87,10 @@ After checking out the repo, run `bundle update` to install dependencies. Then,
|
|
|
87
87
|
|
|
88
88
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
|
89
89
|
|
|
90
|
+
## Security
|
|
91
|
+
|
|
92
|
+
If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at [tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
|
|
93
|
+
|
|
90
94
|
## Contributing
|
|
91
95
|
|
|
92
96
|
Bug reports and pull requests are welcome on GitHub at https://github.com/vibrato/awskeyring. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
data/exe/awskeyring
CHANGED
data/i18n/en.yml
CHANGED
|
@@ -40,10 +40,10 @@ en:
|
|
|
40
40
|
duration: 'Session DURATION in seconds.'
|
|
41
41
|
key: 'AWS account key id.'
|
|
42
42
|
keychain: 'Name of KEYCHAIN to initialise.'
|
|
43
|
-
local: 'Only validate locally.'
|
|
44
43
|
mfa: 'AWS virtual mfa arn.'
|
|
45
44
|
noopen: 'Do not open the url.'
|
|
46
45
|
notoken: 'Do not use saved token.'
|
|
46
|
+
noremote: 'Do not validate with remote api.'
|
|
47
47
|
path: 'The service PATH to open.'
|
|
48
48
|
role: 'The ROLE to assume.'
|
|
49
49
|
secret: 'AWS account secret.'
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -17,6 +17,9 @@ module Awskeyring
|
|
|
17
17
|
}]
|
|
18
18
|
}.to_json.freeze
|
|
19
19
|
|
|
20
|
+
# AWS Signin url
|
|
21
|
+
AWS_SIGNIN_URL = 'https://signin.aws.amazon.com/federation'.freeze
|
|
22
|
+
|
|
20
23
|
# Twelve hours in seconds
|
|
21
24
|
TWELVE_HOUR = (60 * 60 * 12)
|
|
22
25
|
# One hour in seconds
|
|
@@ -122,9 +125,8 @@ module Awskeyring
|
|
|
122
125
|
# @param [String] user The local username
|
|
123
126
|
# @param [String] path within the Console to access
|
|
124
127
|
# @return [String] login_url to access
|
|
125
|
-
def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable
|
|
128
|
+
def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable Metrics/MethodLength
|
|
126
129
|
console_url = "https://console.aws.amazon.com/#{path}/home"
|
|
127
|
-
signin_url = 'https://signin.aws.amazon.com/federation'
|
|
128
130
|
|
|
129
131
|
if token
|
|
130
132
|
session_json = {
|
|
@@ -147,16 +149,20 @@ module Awskeyring
|
|
|
147
149
|
}.to_json
|
|
148
150
|
end
|
|
149
151
|
|
|
150
|
-
|
|
152
|
+
destination_param = '&Destination=' + CGI.escape(console_url)
|
|
153
|
+
|
|
154
|
+
AWS_SIGNIN_URL + '?Action=login' + token_param(session_json: session_json) + destination_param
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
# Get the signin token param
|
|
158
|
+
private_class_method def self.token_param(session_json:)
|
|
159
|
+
get_signin_token_url = AWS_SIGNIN_URL + '?Action=getSigninToken' \
|
|
151
160
|
'&Session=' + CGI.escape(session_json)
|
|
152
161
|
|
|
153
162
|
returned_content = Net::HTTP.get(URI.parse(get_signin_token_url))
|
|
154
163
|
|
|
155
164
|
signin_token = JSON.parse(returned_content)['SigninToken']
|
|
156
|
-
|
|
157
|
-
destination_param = '&Destination=' + CGI.escape(console_url)
|
|
158
|
-
|
|
159
|
-
signin_url + '?Action=login' + signin_token_param + destination_param
|
|
165
|
+
'&SigninToken=' + CGI.escape(signin_token)
|
|
160
166
|
end
|
|
161
167
|
|
|
162
168
|
# Get the current region
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -13,6 +13,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
13
13
|
I18n.backend.load_translations
|
|
14
14
|
|
|
15
15
|
map %w[--version -v] => :__version
|
|
16
|
+
map %w[--help -h] => :help
|
|
16
17
|
map ['init'] => :initialise
|
|
17
18
|
map ['con'] => :console
|
|
18
19
|
map ['ls'] => :list
|
|
@@ -114,7 +115,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
114
115
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
|
115
116
|
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
|
116
117
|
method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
|
|
117
|
-
method_option
|
|
118
|
+
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
|
118
119
|
# Add an Account
|
|
119
120
|
def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
|
120
121
|
account = ask_check(
|
|
@@ -131,7 +132,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
131
132
|
existing: options[:mfa], message: I18n.t('message.mfa'),
|
|
132
133
|
optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
|
|
133
134
|
)
|
|
134
|
-
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[
|
|
135
|
+
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
|
|
135
136
|
Awskeyring.add_account(
|
|
136
137
|
account: account,
|
|
137
138
|
key: key,
|
|
@@ -144,7 +145,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
144
145
|
desc 'update ACCOUNT', I18n.t('update.desc')
|
|
145
146
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
|
146
147
|
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
|
147
|
-
method_option
|
|
148
|
+
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
|
148
149
|
# Update an Account
|
|
149
150
|
def update(account = nil) # rubocop:disable Metrics/MethodLength
|
|
150
151
|
account = ask_check(
|
|
@@ -157,7 +158,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
157
158
|
existing: options[:secret], message: I18n.t('message.secret'),
|
|
158
159
|
secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
|
|
159
160
|
)
|
|
160
|
-
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[
|
|
161
|
+
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
|
|
161
162
|
Awskeyring.update_account(
|
|
162
163
|
account: account,
|
|
163
164
|
key: key,
|
|
@@ -349,7 +350,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
349
350
|
warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
|
|
350
351
|
exit 1
|
|
351
352
|
end
|
|
353
|
+
|
|
354
|
+
curr, comp_len, sub_cmd = comp_type(comp_line: comp_line, curr: curr, prev: prev)
|
|
355
|
+
print_auto_resp(curr, comp_len, sub_cmd)
|
|
356
|
+
end
|
|
357
|
+
|
|
358
|
+
private
|
|
359
|
+
|
|
360
|
+
def comp_type(comp_line:, curr:, prev:)
|
|
352
361
|
comp_len = comp_line.split.index(prev)
|
|
362
|
+
sub_cmd = comp_line.split[1] if comp_len > 0
|
|
363
|
+
|
|
364
|
+
comp_len = 3 if curr.start_with?('-') && !sub_cmd.nil?
|
|
353
365
|
|
|
354
366
|
case prev
|
|
355
367
|
when 'help'
|
|
@@ -358,11 +370,9 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
358
370
|
comp_len = 2
|
|
359
371
|
end
|
|
360
372
|
|
|
361
|
-
|
|
373
|
+
[curr, comp_len, sub_cmd]
|
|
362
374
|
end
|
|
363
375
|
|
|
364
|
-
private
|
|
365
|
-
|
|
366
376
|
def age_check_and_get(account:, no_token:)
|
|
367
377
|
cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
|
|
368
378
|
|
|
@@ -373,21 +383,31 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
373
383
|
cred
|
|
374
384
|
end
|
|
375
385
|
|
|
376
|
-
def print_auto_resp(curr, len)
|
|
386
|
+
def print_auto_resp(curr, len, sub_cmd)
|
|
387
|
+
list = []
|
|
377
388
|
case len
|
|
378
389
|
when 0
|
|
379
|
-
|
|
390
|
+
list = list_commands
|
|
380
391
|
when 1
|
|
381
|
-
|
|
392
|
+
list = Awskeyring.list_account_names
|
|
382
393
|
when 2
|
|
383
|
-
|
|
394
|
+
list = Awskeyring.list_role_names
|
|
395
|
+
when 3
|
|
396
|
+
list = list_arguments(command: sub_cmd)
|
|
384
397
|
else
|
|
385
398
|
exit 1
|
|
386
399
|
end
|
|
400
|
+
puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
|
|
387
401
|
end
|
|
388
402
|
|
|
389
403
|
def list_commands
|
|
390
|
-
self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject { |elem| elem == 'awskeyring' }
|
|
404
|
+
self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject! { |elem| elem == 'awskeyring' }
|
|
405
|
+
end
|
|
406
|
+
|
|
407
|
+
def list_arguments(command:)
|
|
408
|
+
command = list_commands.find { |elem| elem.start_with?(command) }
|
|
409
|
+
self.class.all_commands[command].options.values.map(&:aliases).flatten! +
|
|
410
|
+
self.class.all_commands[command].options.values.map(&:switch_name)
|
|
391
411
|
end
|
|
392
412
|
|
|
393
413
|
def env_vars(account:, key:, secret:, token:)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|