awskeyring 0.5.2 → 0.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/awskeyring.rb +55 -3
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +5 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c52288c55a349f5e4bea3c89a39752efe70fe778
|
|
4
|
+
data.tar.gz: 05e3ca54d599fc277f5b24bda0d133c76495a0c7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2704ef84b7221d35d351784fca20f4297257d9a5a6a5f70c829135163704f4ff08baa9e289f73650d7ed5da301a5bf4413617835feb5d21093987cdfc3a2174
|
|
7
|
+
data.tar.gz: 2d84f66fa5caa38b241c08d2541722ecbfcfec0c20adc2d3612d960ce5aecaca598c3e05d43d711bc37b7e54025ad5e48541c0993c4033ff95a67e35111e79b7
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.5.3](https://github.com/vibrato/awskeyring/tree/v0.5.3) (2018-10-04)
|
|
4
|
+
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.5.2...v0.5.3)
|
|
5
|
+
|
|
6
|
+
**Implemented enhancements:**
|
|
7
|
+
|
|
8
|
+
- Console favourites [\#31](https://github.com/vibrato/awskeyring/pull/31) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
9
|
+
|
|
3
10
|
## [v0.5.2](https://github.com/vibrato/awskeyring/tree/v0.5.2) (2018-09-18)
|
|
4
11
|
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.5.1...v0.5.2)
|
|
5
12
|
|
data/lib/awskeyring.rb
CHANGED
|
@@ -14,8 +14,12 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
14
14
|
SESSION_KEY_PREFIX = 'session-key '.freeze
|
|
15
15
|
# Prefix for Session Tokens
|
|
16
16
|
SESSION_TOKEN_PREFIX = 'session-token '.freeze
|
|
17
|
+
# Default keychain Lock period
|
|
18
|
+
FIVE_MINUTES = 300
|
|
17
19
|
# Default warning of key age in days.
|
|
18
20
|
DEFAULT_KEY_AGE = 90
|
|
21
|
+
# Default Console Paths
|
|
22
|
+
DEFAULT_CONSOLE_LIST = %w[cloudformation ec2/v2 iam rds route53 s3 sns sqs vpc].freeze
|
|
19
23
|
|
|
20
24
|
# Retrieve the preferences
|
|
21
25
|
#
|
|
@@ -29,14 +33,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
29
33
|
end
|
|
30
34
|
|
|
31
35
|
# Create a new Keychain
|
|
36
|
+
#
|
|
37
|
+
# @param [String] awskeyring The keychain name to create
|
|
32
38
|
def self.init_keychain(awskeyring:)
|
|
33
39
|
keychain = Keychain.create(awskeyring)
|
|
34
|
-
keychain.lock_interval =
|
|
40
|
+
keychain.lock_interval = FIVE_MINUTES
|
|
35
41
|
keychain.lock_on_sleep = true
|
|
36
42
|
|
|
37
43
|
prefs = {
|
|
38
44
|
awskeyring: awskeyring,
|
|
39
|
-
keyage: DEFAULT_KEY_AGE
|
|
45
|
+
keyage: DEFAULT_KEY_AGE,
|
|
46
|
+
console: DEFAULT_CONSOLE_LIST
|
|
40
47
|
}
|
|
41
48
|
File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
|
|
42
49
|
end
|
|
@@ -51,7 +58,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
51
58
|
end
|
|
52
59
|
|
|
53
60
|
keychain = Keychain.open(prefs['awskeyring'])
|
|
54
|
-
warn I18n.t('message.timeout') if keychain && keychain.lock_interval >
|
|
61
|
+
warn I18n.t('message.timeout') if keychain && keychain.lock_interval > FIVE_MINUTES
|
|
55
62
|
|
|
56
63
|
keychain
|
|
57
64
|
end
|
|
@@ -78,6 +85,11 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
78
85
|
end
|
|
79
86
|
|
|
80
87
|
# Add an account item
|
|
88
|
+
#
|
|
89
|
+
# @param [String] account The account name to create
|
|
90
|
+
# @param [String] key The aws_access_key_id
|
|
91
|
+
# @param [String] secret The aws_secret_key
|
|
92
|
+
# @param [String] mfa The arn of the MFA device
|
|
81
93
|
def self.add_account(account:, key:, secret:, mfa:)
|
|
82
94
|
all_items.create(
|
|
83
95
|
label: ACCOUNT_PREFIX + account,
|
|
@@ -88,6 +100,10 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
88
100
|
end
|
|
89
101
|
|
|
90
102
|
# update and account item
|
|
103
|
+
#
|
|
104
|
+
# @param [String] account The account to update
|
|
105
|
+
# @param [String] key The aws_access_key_id
|
|
106
|
+
# @param [String] secret The aws_secret_key
|
|
91
107
|
def self.update_account(account:, key:, secret:)
|
|
92
108
|
item = get_item(account: account)
|
|
93
109
|
item.attributes[:account] = key
|
|
@@ -96,6 +112,10 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
96
112
|
end
|
|
97
113
|
|
|
98
114
|
# Add a Role item
|
|
115
|
+
#
|
|
116
|
+
# @param [String] role The role name to add
|
|
117
|
+
# @param [String] arn The arn of the role
|
|
118
|
+
# @param [String] account The account associate (optional)
|
|
99
119
|
def self.add_role(role:, arn:, account:)
|
|
100
120
|
all_items.create(
|
|
101
121
|
label: ROLE_PREFIX + role,
|
|
@@ -106,6 +126,14 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
106
126
|
end
|
|
107
127
|
|
|
108
128
|
# add a session token pair of items
|
|
129
|
+
#
|
|
130
|
+
# @param [Hash] params including
|
|
131
|
+
# account The name of the accont
|
|
132
|
+
# key The aws_access_key_id
|
|
133
|
+
# secret The aws_secret_access_key
|
|
134
|
+
# token The aws_sesson_token
|
|
135
|
+
# expiry time of expiry
|
|
136
|
+
# role The role used
|
|
109
137
|
def self.add_token(params = {})
|
|
110
138
|
all_items.create(label: SESSION_KEY_PREFIX + params[:account],
|
|
111
139
|
account: params[:key],
|
|
@@ -144,6 +172,16 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
144
172
|
list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..-1] }
|
|
145
173
|
end
|
|
146
174
|
|
|
175
|
+
# Return a list of console paths
|
|
176
|
+
def self.list_console_path
|
|
177
|
+
prefs.key?('console') ? prefs['console'] : DEFAULT_CONSOLE_LIST
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
# Return Key age warning number
|
|
181
|
+
def self.key_age
|
|
182
|
+
prefs.key?('keyage') ? prefs['keyage'] : DEFAULT_KEY_AGE
|
|
183
|
+
end
|
|
184
|
+
|
|
147
185
|
# Return a session token if available or a static key
|
|
148
186
|
private_class_method def self.get_valid_item_pair(account:, no_token: false)
|
|
149
187
|
session_key, session_token = get_token_pair(account: account)
|
|
@@ -163,6 +201,9 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
163
201
|
end
|
|
164
202
|
|
|
165
203
|
# Return valid creds for account
|
|
204
|
+
#
|
|
205
|
+
# @param [String] account The account to retrieve
|
|
206
|
+
# @param [Boolean] no_token Flag to skip tokens
|
|
166
207
|
def self.get_valid_creds(account:, no_token: false)
|
|
167
208
|
cred, temp_cred = get_valid_item_pair(account: account, no_token: no_token)
|
|
168
209
|
token = temp_cred.password unless temp_cred.nil?
|
|
@@ -179,6 +220,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
179
220
|
end
|
|
180
221
|
|
|
181
222
|
# get the ARN for a role
|
|
223
|
+
#
|
|
224
|
+
# @param [String] role_name The role name to retrieve
|
|
182
225
|
def self.get_role_arn(role_name:)
|
|
183
226
|
role_item = get_role(role_name: role_name)
|
|
184
227
|
role_item.attributes[:account] if role_item
|
|
@@ -205,12 +248,18 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
205
248
|
end
|
|
206
249
|
|
|
207
250
|
# Delete a session token
|
|
251
|
+
#
|
|
252
|
+
# @param [String] account The account to delete a token for
|
|
253
|
+
# @param [String] message The message to display
|
|
208
254
|
def self.delete_token(account:, message:)
|
|
209
255
|
session_key, session_token = get_token_pair(account: account)
|
|
210
256
|
delete_pair(key: session_key, token: session_token, message: message)
|
|
211
257
|
end
|
|
212
258
|
|
|
213
259
|
# Delete an Account
|
|
260
|
+
#
|
|
261
|
+
# @param [String] account The account to delete
|
|
262
|
+
# @param [String] message The message to display
|
|
214
263
|
def self.delete_account(account:, message:)
|
|
215
264
|
delete_token(account: account, message: I18n.t('message.delexpired'))
|
|
216
265
|
cred = get_item(account: account)
|
|
@@ -221,6 +270,9 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
221
270
|
end
|
|
222
271
|
|
|
223
272
|
# Delete a role
|
|
273
|
+
#
|
|
274
|
+
# @param [String] role_name The role to delete
|
|
275
|
+
# @param [String] message The message to display
|
|
224
276
|
def self.delete_role(role_name:, message:)
|
|
225
277
|
role = get_role(role_name: role_name)
|
|
226
278
|
return unless role
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -360,7 +360,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
360
360
|
def age_check_and_get(account:, no_token:)
|
|
361
361
|
cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
|
|
362
362
|
|
|
363
|
-
maxage = Awskeyring.
|
|
363
|
+
maxage = Awskeyring.key_age
|
|
364
364
|
age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
|
|
365
365
|
warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
|
|
366
366
|
|
|
@@ -378,6 +378,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
378
378
|
comp_len = 0
|
|
379
379
|
when 'remove-role', '-r', 'rmr'
|
|
380
380
|
comp_len = 2
|
|
381
|
+
when '--path', '-p'
|
|
382
|
+
comp_len = 4
|
|
381
383
|
end
|
|
382
384
|
|
|
383
385
|
[curr, comp_len, sub_cmd]
|
|
@@ -404,6 +406,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
404
406
|
list = Awskeyring.list_role_names
|
|
405
407
|
when 3
|
|
406
408
|
list = list_arguments(command: sub_cmd)
|
|
409
|
+
when 4
|
|
410
|
+
list = Awskeyring.list_console_path
|
|
407
411
|
else
|
|
408
412
|
exit 1
|
|
409
413
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|