awskeyring 1.11.0 → 1.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc910795f877ae9b6a82106d0abb6aa98a1ac41e3b23e995effe1ea5dc8e8ffd
-  data.tar.gz: 8e6651afc8b0320b9ed9e3d7b32274d6cf473ef36f7d8bf393f4e0115072aed4
+  metadata.gz: 155240a1418a0de58a8d3bd88fe97d607cb5f68ea6655f4b3e82ad6628683dad
+  data.tar.gz: 99224076df4e631f41e7aef1f0b8a713ff458887943303dbfd691af4e5ddd875
 SHA512:
-  metadata.gz: 56112939c5730e6e72812b0e85845018ae762dddc1e8df8c9308c72a8458c010ce6898c1cd957d91f22a2dc3bffcc5504d933c03e711073adea294e218043e9a
-  data.tar.gz: 60b525d9b832477409eaaa8b59ef4cb34d8ffac239b9ab26011214a8a8e182d1cc9a304ab35ca3ca4b7b128377c019eb6337bac468ed899bfd067fdac677ada0
+  metadata.gz: c8cfc74bf58e2886e28c3ab58f3d04955a57dbbcc4bffe9f450a472651df70f2ab3e1585dc21b1118a1f14e5ae8a1703076f56ff5215f19d623c3420c1883b65
+  data.tar.gz: 6c0c9f2f7b5916067b016bac45a3088d349298aff18e6b90e554e7ce2791476d8a5865800e0bbe334d2b07146f8a14b6cd68312a82af43ad6aedc5ffde585106

data/README.md

@@ -2,7 +2,7 @@
 
 ![Awskeyring](https://raw.githubusercontent.com/tristanmorgan/awskeyring/main/awskeyring-144.png)
 
-* [![Build Status](https://app.travis-ci.com/tristanmorgan/awskeyring.svg?branch=main)](https://app.travis-ci.com/github/tristanmorgan/awskeyring)
+* ![Build Passing](https://github.com/tristanmorgan/awskeyring/actions/workflows/ruby.yml/badge.svg)
 * [![Gem Version](https://img.shields.io/gem/v/awskeyring)](https://badge.fury.io/rb/awskeyring)
 * [![license MIT](https://img.shields.io/badge/license-MIT-brightgreen.svg)](https://opensource.org/licenses/MIT)
 * [![All Downloads](https://img.shields.io/gem/dt/awskeyring)](https://rubygems.org/gems/awskeyring)

data/exe/awskeyring

@@ -11,6 +11,6 @@ end
 begin
   AwskeyringCommand.start
 rescue Keychain::UserCancelledError => e
-  warn e.to_s
+  warn e
   exit 1
 end

data/i18n/en.yml

@@ -5,6 +5,7 @@ en:
   add_role_desc: Adds a ROLE to the keyring
   awskeyring_desc: Autocompletion for bourne shells
   console_desc: Open the AWS Console for the ACCOUNT
+  decode_desc: Decode an account id from a KEY
   default_desc: Run default help or initialise if needed.
   env_desc: Outputs bourne shell environment exports for an ACCOUNT
   exec_desc: Execute a COMMAND with the environment set for an ACCOUNT

data/lib/awskeyring/awsapi.rb

@@ -25,6 +25,7 @@ module Awskeyring
     # AWS Env vars
     AWS_ENV_VARS = %w[
       AWS_ACCOUNT_NAME
+      AWS_ACCOUNT_ID
       AWS_ACCESS_KEY_ID
       AWS_ACCESS_KEY
       AWS_CREDENTIAL_EXPIRATION
@@ -85,7 +86,7 @@ module Awskeyring
             )
           end
       rescue Aws::STS::Errors::AccessDenied => e
-        warn e.to_s
+        warn e
         exit 1
       end
 
@@ -123,14 +124,16 @@ module Awskeyring
     #    [String] secret The aws_secret_access_key
     #    [String] token The aws_session_token
     # @return [Hash] env_var hash
-    def self.get_env_array(params = {})
+    def self.get_env_array(params = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
       env_var = {}
       env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
 
       params[:expiration] = Time.at(params[:expiry]).iso8601 unless params[:expiry].nil?
+      params[:account_name] = params.delete(:account)
+      params[:account_id] = get_account_id(key: params[:key]) unless params[:key].nil?
 
-      params.each_key do |param_name|
-        AWS_ENV_VARS.each do |var_name|
+      AWS_ENV_VARS.each do |var_name|
+        params.each_key do |param_name|
           if var_name.include?(param_name.to_s.upcase) && !params[param_name].nil?
             env_var[var_name] = params[param_name]
           end
@@ -151,7 +154,7 @@ module Awskeyring
         sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret, session_token: token)
         sts.get_caller_identity
       rescue Aws::Errors::ServiceError => e
-        warn e.to_s
+        warn e
         exit 1
       end
       true
@@ -229,6 +232,30 @@ module Awskeyring
       region || Aws.shared_config.region(profile: 'default')
     end
 
+    # Get the account number from an access key
+    #
+    # @param [String] key The aws_access_key_id
+    # @return [String] Account number
+    def self.get_account_id(key:)
+      padded_no = key[3..12]
+      mask = (2 << 39) - 1
+      decimal = (decode(padded_no) >> 4) & mask
+      decimal.to_s.rjust(12, '0')
+    end
+
+    # base32 decode function
+    # returns 0 on failure
+    private_class_method def self.decode(str)
+      aws_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
+      bytes = str.bytes
+      bytes.inject do |m, o|
+        i = aws_table.index(o.chr)
+        return 0 if i.nil?
+
+        (m << 5) + i
+      end
+    end
+
     # Rotates the AWS access keys
     #
     # @param [String] key The aws_access_key_id

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.11.0'
+  VERSION = '1.12.1'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/tristanmorgan/awskeyring'
 

data/lib/awskeyring.rb

@@ -4,6 +4,7 @@ require 'i18n'
 require 'json'
 require 'keychain'
 require 'awskeyring/validate'
+require 'awskeyring/awsapi'
 
 # Awskeyring Module,
 # gives you an interface to access keychains and items.
@@ -195,6 +196,19 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     (items + tokens).uniq.sort
   end
 
+  # Return a list account item names plus account ids
+  def self.list_account_names_plus # rubocop:disable Metrics/AbcSize
+    list_items.concat(list_tokens).map do |elem|
+      account_id = Awskeyring::Awsapi.get_account_id(key: elem.attributes[:account])
+      account_name = if elem.attributes[:label].start_with?(ACCOUNT_PREFIX)
+                       elem.attributes[:label][(ACCOUNT_PREFIX.length)..]
+                     else
+                       elem.attributes[:label][(SESSION_KEY_PREFIX.length)..]
+                     end
+      "#{account_name}\t#{account_id}"
+    end.uniq.sort
+  end
+
   # Return a list role item names
   def self.list_role_names
     list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..] }.sort

data/lib/awskeyring_command.rb

@@ -77,13 +77,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   desc 'list', I18n.t('list_desc')
+  method_option :detail, type: :boolean, aliases: '-d', desc: I18n.t('method_option.detail'), default: false
   # list the accounts
   def list
     if Awskeyring.list_account_names.empty?
       warn I18n.t('message.missing_account', bin: File.basename($PROGRAM_NAME))
       exit 1
     end
-    puts Awskeyring.list_account_names.join("\n")
+    if options[:detail]
+      puts Awskeyring.list_account_names_plus.join("\n")
+    else
+      puts Awskeyring.list_account_names.join("\n")
+    end
   end
 
   desc 'list-role', I18n.t('list_role_desc')
@@ -181,8 +186,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
-  def exec(account, *command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
-    if command.empty?
+  def exec(account, *exec) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+    if exec.empty?
       warn I18n.t('message.exec')
       exit 1
     end
@@ -194,11 +199,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     env_vars = Awskeyring::Awsapi.get_env_array(cred)
     unbundle if options['no-bundle']
     begin
-      pid = Process.spawn(env_vars, command.join(' '))
+      pid = Process.spawn(env_vars, exec.join(' '))
       Process.wait pid
       exit 1 if Process.last_status.exitstatus.positive?
     rescue Errno::ENOENT => e
-      warn e.to_s
+      warn e
       exit 1
     end
   end
@@ -330,7 +335,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
         key_message: I18n.t('message.rotate', account: account)
       )
     rescue Aws::Errors::ServiceError => e
-      warn e.to_s
+      warn e
       exit 1
     end
 
@@ -426,6 +431,16 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
+  desc 'decode KEY', I18n.t('decode_desc'), hide: true
+  # decode account numbers
+  def decode(key = nil)
+    key = ask_check(
+      existing: key, message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
+    )
+
+    puts Awskeyring::Awsapi.get_account_id(key: key)
+  end
+
   desc "#{File.basename($PROGRAM_NAME)} CURR PREV", I18n.t('awskeyring_desc'), hide: true
   map File.basename($PROGRAM_NAME) => :autocomplete
   # autocomplete
@@ -441,7 +456,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
     comp_lines = comp_line[0..(comp_point_str.to_i)].split
 
-    comp_type, sub_cmd = comp_type(comp_lines: comp_lines, prev: prev)
+    comp_type, sub_cmd = comp_type(comp_lines: comp_lines, prev: prev, curr: curr)
     list = fetch_auto_resp(comp_type, sub_cmd)
     puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
   end
@@ -458,7 +473,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   # determine the type of completion needed
-  def comp_type(comp_lines:, prev:)
+  def comp_type(comp_lines:, prev:, curr:)
     sub_cmd = sub_command(comp_lines)
     comp_idx = comp_lines.rindex(prev)
 
@@ -469,19 +484,19 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       comp_type = :browser_type
     else
       comp_type = :command
-      comp_type = param_type(comp_idx, sub_cmd) unless sub_cmd.empty?
+      comp_type = param_type(comp_idx, sub_cmd, curr) unless sub_cmd.empty?
     end
 
     [comp_type, sub_cmd]
   end
 
   # check params for named params or fall back to flags
-  def param_type(comp_idx, sub_cmd)
-    types = %i[opt req]
+  def param_type(comp_idx, sub_cmd, curr)
+    types = %i[opt req rest]
     param_list = method(sub_cmd).parameters.select { |elem| types.include? elem[0] }
     if comp_idx.zero?
       :command
-    elsif comp_idx > param_list.length
+    elsif comp_idx > param_list.length || curr.start_with?('-')
       :flag
     else
       param_list[comp_idx - 1][1]
@@ -500,7 +515,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   # given a type return the right list for completions
-  def fetch_auto_resp(comp_type, sub_cmd)
+  def fetch_auto_resp(comp_type, sub_cmd) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
     case comp_type
     when :command
       list_commands
@@ -514,6 +529,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       Awskeyring.list_token_names
     when :browser_type
       Awskeyring.list_browsers
+    when :exec
+      list_exec
     else
       list_arguments(command: sub_cmd)
     end
@@ -522,7 +539,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # list command names
   def list_commands
     commands = self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
-    commands.reject! { |elem| %w[autocomplete default].include?(elem) }
+    commands.reject! { |elem| %w[autocomplete default decode].include?(elem) }
+  end
+
+  # list executables
+  def list_exec
+    list = []
+    ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+      list.concat(Dir.children(File.expand_path(path)))
+    rescue Errno::ENOENT
+      next
+    end
+    list.flatten
   end
 
   # list flags for a command

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "February 2023" "" ""
+.TH "AWSKEYRING" "5" "June 2024" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -159,6 +159,9 @@ list:
 .IP
 Prints a list of accounts in the keyring
 .
+.IP
+\-d, \-\-detail, \-\-no\-detail: Show more detail\.
+.
 .TP
 list\-role:
 .

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.11.0
+  version: 1.12.1
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-02-21 00:00:00.000000000 Z
+date: 2024-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -92,9 +92,9 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/tristanmorgan/awskeyring/issues
   changelog_uri: https://github.com/tristanmorgan/awskeyring/blob/main/CHANGELOG.md
-  documentation_uri: https://rubydoc.info/gems/awskeyring/1.11.0
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.12.1
   rubygems_mfa_required: 'true'
-  source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.11.0
+  source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.12.1
   wiki_uri: https://github.com/tristanmorgan/awskeyring/wiki
 post_install_message: 
 rdoc_options: []