awskeyring 1.3.2 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 665195367b45827f29c9a4815a6cf8f17fa414f31c9756a24bb2aefba704333e
-  data.tar.gz: 5a820147d8e6ab38df951b293bf0fb342a5a3eba2068607997adf69f152ceac2
+  metadata.gz: c2690c242849838e2056d06295c4909c77c197e3b5457495970b9c1fde0c7c07
+  data.tar.gz: 47f5bcc564492730aa851a0d27998dd6d2c3c47bc4b8cb736759895c3f2eda2a
 SHA512:
-  metadata.gz: 49358a374bef7dffd71f9e30687856f80eb2a60e142770083ea1c8f3830593a06a61cff8bf2d69ddd19ae1c1147e891b15cac0df8203bc7727d6d39202866971
-  data.tar.gz: 898e363ac9613e735168870b65b7896ce44073bade612d4e9eb27176a3d3a2d0b895707516b68568c6b5cc5f82e394a208bf2412af941b3dc9b6e41245d725f9
+  metadata.gz: 55442049ab8dc9139d950e13a3a5e317bff29ccf310643d110c6c6f0a8672a605655b3c0481b254b5a48809dec9ca7b2edc4a8c96459f30e615c9965b59ba1fa
+  data.tar.gz: 950c7267da2f0df886b28d2472d0b88f664f240b6f8df8b3eb708c56884bce8951b5b8b372fe2719585a7450436bc7c84aaaf057d8f146e40e53bba8fbde428f

data/CHANGELOG.md

@@ -1,5 +1,52 @@
 # Changelog
 
+## [v1.7.0](https://github.com/servian/awskeyring/tree/v1.7.0) (2020-11-18)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.6.0...v1.7.0)
+
+**Implemented enhancements:**
+
+- Allow specifying a browser other than the default [\#71](https://github.com/servian/awskeyring/issues/71)
+- Autocomplete for Browsers [\#73](https://github.com/servian/awskeyring/pull/73) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v1.6.0](https://github.com/servian/awskeyring/tree/v1.6.0) (2020-08-11)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.5.0...v1.6.0)
+
+**Implemented enhancements:**
+
+- Warn about missing accounts/roles [\#69](https://github.com/servian/awskeyring/pull/69) ([tristanmorgan](https://github.com/tristanmorgan))
+- RuboCop and Spec update [\#68](https://github.com/servian/awskeyring/pull/68) ([tristanmorgan](https://github.com/tristanmorgan))
+- Add SimpleCov reports. [\#67](https://github.com/servian/awskeyring/pull/67) ([tristanmorgan](https://github.com/tristanmorgan))
+
+**Merged pull requests:**
+
+- Updates for added RuboCop checks. [\#70](https://github.com/servian/awskeyring/pull/70) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v1.5.0](https://github.com/servian/awskeyring/tree/v1.5.0) (2020-07-08)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.4.0...v1.5.0)
+
+**Implemented enhancements:**
+
+- No-Bundle env changes for exec. [\#66](https://github.com/servian/awskeyring/pull/66) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v1.4.0](https://github.com/servian/awskeyring/tree/v1.4.0) (2020-06-19)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.3...v1.4.0)
+
+**Implemented enhancements:**
+
+- Import Keys and Tokens from shared credentials files. [\#65](https://github.com/servian/awskeyring/pull/65) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v1.3.3](https://github.com/servian/awskeyring/tree/v1.3.3) (2020-06-04)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.2...v1.3.3)
+
+**Implemented enhancements:**
+
+- Change email references from Vibrato to Servian [\#64](https://github.com/servian/awskeyring/pull/64) ([tristanmorgan](https://github.com/tristanmorgan))
+
 ## [v1.3.2](https://github.com/servian/awskeyring/tree/v1.3.2) (2020-04-27)
 
 [Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.1...v1.3.2)

data/CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at [tristan@vibrato.com.au]. All
+reported by contacting the project team at [tristan.morgan@servian.com](mailto:tristan.morgan@servian.com). All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
@@ -68,6 +68,6 @@ members of the project's leadership.
 ## Attribution
 
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+available [here](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html)
 
 [homepage]: https://www.contributor-covenant.org

data/Gemfile

@@ -15,5 +15,6 @@ group :development do
   gem 'rubocop-rake'
   gem 'rubocop-rspec'
   gem 'rubocop-rubycw'
+  gem 'simplecov'
   gem 'yard'
 end

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2017 Tristan Morgan
+Copyright (c) 2017-2020 Tristan Morgan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -65,6 +65,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
       awskeyring env ACCOUNT                 # Outputs bourne shell environment exports for an ACCOUNT
       awskeyring exec ACCOUNT command...     # Execute a COMMAND with the environment set for an ACCOUNT
       awskeyring help [COMMAND]              # Describe available commands or one specific command
+      awskeyring import ACCOUNT              # Import an ACCOUNT to the keyring from ~/.aws/credentials
       awskeyring initialise                  # Initialises a new KEYCHAIN
       awskeyring json ACCOUNT                # Outputs AWS CLI compatible JSON for an ACCOUNT
       awskeyring list                        # Prints a list of accounts in the keyring
@@ -99,7 +100,7 @@ To install this gem onto your local machine, run `bundle exec rake install`.
 ## Security
 
 If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at
-[tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted
+[tristan.morgan@servian.com](mailto:tristan.morgan@servian.com). Awskeyring is a Ruby script and as such Ruby is whitelisted
 to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
 
 ## Contributing
@@ -112,6 +113,7 @@ the [Contributor Covenant](https://contributor-covenant.org) code of conduct.
 
 * Tristan [tristanmorgan](https://github.com/tristanmorgan)
 * Adam Sir [AzySir](https://github.com/AzySir)
+* Vito Giarrusso [thtliife](https://github.com/thtliife)
 
 ## License
 

data/Rakefile

@@ -15,17 +15,25 @@ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
 end
 
 RuboCop::RakeTask.new do |rubocop|
-  rubocop.options = ['-D']
+  rubocop.options = %w[-D --enable-pending-cops]
   rubocop.requires << 'rubocop-performance'
   rubocop.requires << 'rubocop-rake'
   rubocop.requires << 'rubocop-rspec'
   rubocop.requires << 'rubocop-rubycw'
 end
 
-RSpec::Core::RakeTask.new(:spec)
+desc 'Run RSpec code examples'
+task :spec do
+  puts 'Running RSpec...'
+  require 'rspec/core'
+  runner = RSpec::Core::Runner
+  xcode = runner.run(%w[--pattern spec/**{,/*/**}/*_spec.rb --order rand --format documentation --color])
+  abort 'RSpec failed' if xcode.positive?
+end
 
 desc 'Check filemode bits'
 task :filemode do
+  puts 'Running FileMode...'
   files = Set.new(`git ls-files -z`.split("\x0"))
   dirs = Set.new(files.map { |file| File.dirname(file) })
   failure = []
@@ -40,7 +48,7 @@ end
 
 desc 'generate manpage'
 task :ronn do
-  puts 'Writing manpage'
+  puts 'Running Ronn...'
   roff_text = Ronn::Document.new('man/awskeyring.5.ronn').to_roff
   File.write('man/awskeyring.5', roff_text)
   puts "done\n\n"

data/SECURITY.md

@@ -0,0 +1,4 @@
+# Security Policy
+
+If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at
+[tristan.morgan@servian.com](mailto:tristan.morgan@servian.com).

data/awskeyring.gemspec

@@ -8,18 +8,28 @@ Gem::Specification.new do |spec|
   spec.name          = 'awskeyring'
   spec.version       = Awskeyring::VERSION
   spec.authors       = ['Tristan Morgan']
-  spec.email         = ['tristan@vibrato.com.au']
+  spec.email         = 'tristan.morgan@servian.com'
 
   spec.summary       = 'Manages AWS credentials in the macOS keychain'
   spec.description   = 'Manages AWS credentials in the macOS keychain'
   spec.homepage      = Awskeyring::HOMEPAGE
-  spec.license       = 'MIT'
+  spec.licenses      = ['MIT']
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^spec/|^\..*|^.*\.png}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
+  spec.required_ruby_version = '>= 2.6.0'
+
+  spec.metadata = {
+    'bug_tracker_uri' => "#{Awskeyring::HOMEPAGE}/issues",
+    'changelog_uri' => "#{Awskeyring::HOMEPAGE}/blob/master/CHANGELOG.md",
+    'documentation_uri' => "https://rubydoc.info/gems/#{spec.name}/#{Awskeyring::VERSION}",
+    'source_code_uri' => "#{Awskeyring::HOMEPAGE}/tree/v#{Awskeyring::VERSION}",
+    'wiki_uri' => "#{Awskeyring::HOMEPAGE}/wiki"
+  }
+
   spec.add_dependency('aws-sdk-iam')
   spec.add_dependency('i18n')
   spec.add_dependency('ruby-keychain')

data/i18n/en.yml

@@ -14,6 +14,8 @@ en:
     desc: Outputs bourne shell environment exports for an ACCOUNT
   exec:
     desc: Execute a COMMAND with the environment set for an ACCOUNT
+  import:
+    desc: Import an ACCOUNT to the keyring from ~/.aws/credentials
   initialise:
     desc: Initialises a new KEYCHAIN
   json:
@@ -42,10 +44,12 @@ en:
     key: 'AWS account key id.'
     keychain: 'Name of KEYCHAIN to initialise.'
     mfa: 'AWS virtual mfa arn.'
+    nobundle: 'Unset Bundler environment variables.'
     noopen: 'Do not open the url.'
     notoken: 'Do not use saved token.'
     noremote: 'Do not validate with remote api.'
     path: 'The service PATH to open.'
+    browser: 'Specify an alternative browser.'
     role: 'The ROLE to assume.'
     secret: 'AWS account secret.'
     unset: 'Unset environment variables.'
@@ -72,6 +76,8 @@ en:
     delexpired: '# Removing expired session credentials'
     exec: '# COMMAND not provided'
     missing: '# Config missing, run `%{bin} initialise` to recreate.'
+    missing_account: '# No accounts added, run `%{bin} add` to add.'
+    missing_role: '# No roles added, run `%{bin} add-role` to add.'
     rotate: '# You have two access keys for account %{account}'
     temporary: '# Using temporary session credentials.'
     timeout: '# It is STRONGLY recommended to set your keychain to lock in 5 minutes or less.'

data/lib/awskeyring.rb

@@ -27,6 +27,8 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   DEFAULT_KEY_AGE = 90
   # Default Console Paths
   DEFAULT_CONSOLE_LIST = %w[cloudformation ec2/v2 iam rds route53 s3 sns sqs vpc].freeze
+  # Default Browsers
+  DEFAULT_BROWSER_LIST = %w[Brave FireFox Opera Safari Vivaldi].freeze
 
   # Retrieve the preferences
   #
@@ -72,18 +74,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
 
   # Return a list of all acount items
   private_class_method def self.list_items
-    items = all_items.all.sort do |elem_a, elem_b|
-      elem_a.attributes[:label] <=> elem_b.attributes[:label]
-    end
-    items.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
   end
 
   # Return a list of all role items
   private_class_method def self.list_roles
-    items = all_items.all.sort do |elem_a, elem_b|
-      elem_a.attributes[:label] <=> elem_b.attributes[:label]
-    end
-    items.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
+  end
+
+  # Return a list of all acount items
+  private_class_method def self.list_tokens
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(SESSION_KEY_PREFIX) }
   end
 
   # Return all keychain items
@@ -175,17 +176,26 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
 
   # Return a list account item names
   def self.list_account_names
-    list_items.map { |elem| elem.attributes[:label][(ACCOUNT_PREFIX.length)..-1] }
+    items = list_items.map { |elem| elem.attributes[:label][(ACCOUNT_PREFIX.length)..] }
+
+    tokens = list_tokens.map { |elem| elem.attributes[:label][(SESSION_KEY_PREFIX.length)..] }
+
+    (items + tokens).uniq.sort
   end
 
   # Return a list role item names
   def self.list_role_names
-    list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..-1] }
+    list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..] }.sort
+  end
+
+  # Return a list token item names
+  def self.list_token_names
+    list_tokens.map { |elem| elem.attributes[:label][(SESSION_KEY_PREFIX.length)..] }.sort
   end
 
   # Return a list role item names and arns
   def self.list_role_names_plus
-    list_roles.map { |elem| "#{elem.attributes[:label][(ROLE_PREFIX.length)..-1]}\t#{elem.attributes[:account]}" }
+    list_roles.map { |elem| "#{elem.attributes[:label][(ROLE_PREFIX.length)..]}\t#{elem.attributes[:account]}" }
   end
 
   # Return a list of console paths
@@ -193,6 +203,11 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     prefs.key?('console') ? prefs['console'] : DEFAULT_CONSOLE_LIST
   end
 
+  # Return a list of browserss
+  def self.list_browsers
+    prefs.key?('browser') ? prefs['browser'] : DEFAULT_BROWSER_LIST
+  end
+
   # Return Key age warning number
   def self.key_age
     prefs.key?('keyage') ? prefs['keyage'] : DEFAULT_KEY_AGE
@@ -246,7 +261,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete session token items if expired
   private_class_method def self.delete_expired(key:, token:)
     expires_at = Time.at(token.attributes[:account].to_i)
-    if expires_at < Time.now
+    if expires_at < Time.new
       delete_pair(key: key, token: token, message: I18n.t('message.delexpired'))
       key = nil
       token = nil
@@ -347,6 +362,16 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     role_name
   end
 
+  # Validate token exists
+  #
+  # @param [String] token_name the associated account name.
+  def self.token_exists(token_name)
+    Awskeyring::Validate.account_name(token_name)
+    raise 'Token does not exist' unless list_token_names.include?(token_name)
+
+    token_name
+  end
+
   # Validate role arn not exists
   #
   # @param [String] role_arn the associated role arn.

data/lib/awskeyring/awsapi.rb

@@ -141,10 +141,11 @@ module Awskeyring
     #
     # @param [String] key The aws_access_key_id
     # @param [String] secret The aws_secret_access_key
-    def self.verify_cred(key:, secret:)
+    # @param [String] token The aws_session_token
+    def self.verify_cred(key:, secret:, token:)
       begin
         ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
-        sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret)
+        sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret, session_token: token)
         sts.get_caller_identity
       rescue Aws::Errors::ServiceError => e
         warn e.to_s
@@ -153,6 +154,26 @@ module Awskeyring
       true
     end
 
+    # Retrieve credentials from the AWS Credentials file
+    #
+    # @param [String] account the profile name wanted
+    # @return [Hash] with the new credentials
+    #    key The aws_access_key_id
+    #    secret The aws_secret_access_key
+    #    token The aws_session_token
+    #    expiry expiry time
+    def self.get_credentials_from_file(account:)
+      creds = Aws::SharedCredentials.new(profile_name: account)
+      {
+        account: account,
+        key: creds.credentials.access_key_id,
+        secret: creds.credentials.secret_access_key,
+        token: creds.credentials.session_token,
+        expiry: Time.new + TWELVE_HOUR,
+        role: nil
+      }
+    end
+
     # Retrieves an AWS Console login url
     #
     # @param [String] key The aws_access_key_id
@@ -177,9 +198,9 @@ module Awskeyring
         sessionToken: token
       }.to_json
 
-      destination_param = '&Destination=' + CGI.escape(console_url)
+      destination_param = "&Destination=#{CGI.escape(console_url)}"
 
-      AWS_SIGNIN_URL + '?Action=login' + token_param(session_json: session_json) + destination_param
+      "#{AWS_SIGNIN_URL}?Action=login#{token_param(session_json: session_json)}#{destination_param}"
     end
 
     # Get the signin token param
@@ -193,7 +214,7 @@ module Awskeyring
       returned_content = request.get(uri).body
 
       signin_token = JSON.parse(returned_content)['SigninToken']
-      '&SigninToken=' + CGI.escape(signin_token)
+      "&SigninToken=#{CGI.escape(signin_token)}"
     end
 
     # Get the current region

data/lib/awskeyring/input.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'io/console'
-
 # Awskeyring Module,
 module Awskeyring
   # Input methods for Awskeyring
@@ -15,18 +13,20 @@ module Awskeyring
     end
 
     private_class_method def self.hide_input # rubocop:disable Metrics/MethodLength
+      require 'io/console'
       password = +''
       loop do
         character = $stdin.getch
         break unless character
 
-        if ["\n", "\r"].include? character
+        case character
+        when "\n", "\r"
           puts ''
           break
-        elsif ["\b", "\u007f"].include? character
+        when "\b", "\u007f"
           password.chop!
           print "\b\e[P"
-        elsif character == "\u0003"
+        when "\u0003"
           exit 1
         else
           print '*'

data/lib/awskeyring/validate.rb

@@ -36,7 +36,7 @@ module Awskeyring
     #
     # @param [String] mfa_arn The users MFA arn
     def self.mfa_arn(mfa_arn)
-      raise 'Invalid MFA ARN' unless %r(\Aarn:aws:iam::[0-9]{12}:mfa\/\S*\z).match?(mfa_arn)
+      raise 'Invalid MFA ARN' unless %r(\Aarn:aws:iam::[0-9]{12}:mfa/\S*\z).match?(mfa_arn)
 
       mfa_arn
     end
@@ -54,7 +54,7 @@ module Awskeyring
     #
     # @param [String] role_arn The role arn
     def self.role_arn(role_arn)
-      raise 'Invalid Role ARN' unless %r(\Aarn:aws:iam::[0-9]{12}:role\/\S*\z).match?(role_arn)
+      raise 'Invalid Role ARN' unless %r(\Aarn:aws:iam::[0-9]{12}:role/\S*\z).match?(role_arn)
 
       role_arn
     end

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.3.2'
+  VERSION = '1.7.0'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring_command.rb

@@ -72,6 +72,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   desc 'list', I18n.t('list.desc')
   # list the accounts
   def list
+    if Awskeyring.list_account_names.empty?
+      warn I18n.t('message.missing_account', bin: File.basename($PROGRAM_NAME))
+      exit 1
+    end
     puts Awskeyring.list_account_names.join("\n")
   end
 
@@ -80,6 +84,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option 'detail', type: :boolean, aliases: '-d', desc: I18n.t('method_option.detail'), default: false
   # List roles
   def list_role
+    if Awskeyring.list_role_names.empty?
+      warn I18n.t('message.missing_role', bin: File.basename($PROGRAM_NAME))
+      exit 1
+    end
     if options['detail']
       puts Awskeyring.list_role_names_plus.join("\n")
     else
@@ -122,8 +130,45 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
+  desc 'import ACCOUNT', I18n.t('import.desc')
+  method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
+  # Import an Account
+  def import(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+    account = ask_check(
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
+    )
+    new_creds = Awskeyring::Awsapi.get_credentials_from_file(account: account)
+    unless options['no-remote']
+      Awskeyring::Awsapi.verify_cred(
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        token: new_creds[:token]
+      )
+    end
+    if new_creds[:token].nil?
+      Awskeyring.add_account(
+        account: new_creds[:account],
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        mfa: ''
+      )
+      puts I18n.t('message.addaccount', account: account)
+    else
+      Awskeyring.add_token(
+        account: new_creds[:account],
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        token: new_creds[:token],
+        expiry: new_creds[:expiry].to_i.to_s,
+        role: nil
+      )
+      puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
+    end
+  end
+
   desc 'exec ACCOUNT command...', I18n.t('exec.desc')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
+  method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
   # execute an external command with env set
   def exec(account, *command)
     if command.empty?
@@ -132,6 +177,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
     cred = age_check_and_get(account: account, no_token: options['no-token'])
     env_vars = Awskeyring::Awsapi.get_env_array(cred)
+    unbundle if options['no-bundle']
     begin
       pid = Process.spawn(env_vars, command.join(' '))
       Process.wait pid
@@ -163,7 +209,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: options[:mfa], message: I18n.t('message.mfa'),
       flags: 'optional', validator: Awskeyring::Validate.method(:mfa_arn)
     )
-    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret, token: nil) unless options['no-remote']
     Awskeyring.add_account(
       account: account,
       key: key,
@@ -235,8 +281,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # remove a session token
   def remove_token(account = nil)
     account = ask_check(
-      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
-      limited_to: Awskeyring.list_account_names
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
+      limited_to: Awskeyring.list_token_names
     )
     Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
   end
@@ -341,6 +387,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   desc 'console ACCOUNT', I18n.t('console.desc')
   method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
+  method_option :browser, type: :string, aliases: '-b', desc: I18n.t('method_option.browser')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
   # Open the AWS Console
@@ -371,7 +418,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     if options['no-open']
       puts login_url
     else
-      pid = Process.spawn("open \"#{login_url}\"")
+      spawn_cmd = options[:browser] ? "open -a \"#{options[:browser]}\" \"#{login_url}\"" : "open \"#{login_url}\""
+      pid = Process.spawn(spawn_cmd)
       Process.wait pid
     end
   end
@@ -414,7 +462,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     when 'remove-role', '-r', 'rmr'
       comp_len = 2
     when '--path', '-p'
-      comp_len = 4
+      comp_len = 40
+    when 'remove-token', 'rmt'
+      comp_len = 50
+    when '--browser', '-b'
+      comp_len = 60
     end
 
     [curr, comp_len, sub_cmd]
@@ -430,7 +482,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     self.class.map[sub_cmd].to_s
   end
 
-  def print_auto_resp(curr, len, sub_cmd)
+  def print_auto_resp(curr, len, sub_cmd) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
     list = []
     case len
     when 0
@@ -439,10 +491,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       list = Awskeyring.list_account_names
     when 2
       list = Awskeyring.list_role_names
-    when 3
+    when 3..10
       list = list_arguments(command: sub_cmd)
-    when 4
+    when 40
       list = Awskeyring.list_console_path
+    when 50
+      list = Awskeyring.list_token_names
+    when 60
+      list = Awskeyring.list_browsers
     else
       exit 1
     end
@@ -497,13 +553,26 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   def ask(message:, secure: false, optional: false, limited_to: nil)
     if secure
-      Awskeyring::Input.read_secret(message.rjust(20) + ': ')
+      Awskeyring::Input.read_secret("#{message.rjust(20)}: ")
     elsif optional
-      Thor::LineEditor.readline((message + ' (optional)').rjust(20) + ': ')
+      Thor::LineEditor.readline("#{"#{message} (optional)".rjust(20)}: ")
     elsif limited_to
-      Thor::LineEditor.readline(message.rjust(20) + ': ', limited_to: limited_to)
+      Thor::LineEditor.readline("#{message.rjust(20)}: ", limited_to: limited_to)
     else
-      Thor::LineEditor.readline(message.rjust(20) + ': ')
+      Thor::LineEditor.readline("#{message.rjust(20)}: ")
+    end
+  end
+
+  def unbundle
+    to_delete = ENV.keys.select { |elem| elem.start_with?('BUNDLER_ORIG_') }
+    bundled_env = to_delete.map { |elem| elem[('BUNDLER_ORIG_'.length)..] }
+    to_delete << 'BUNDLE_GEMFILE'
+    bundled_env.each do |env_name|
+      ENV[env_name] = ENV["BUNDLER_ORIG_#{env_name}"]
+      to_delete << env_name if ENV["BUNDLER_ORIG_#{env_name}"].start_with? 'BUNDLER_'
+    end
+    to_delete.each do |env_name|
+      ENV.delete(env_name)
     end
   end
 end

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "March 2020" "" ""
+.TH "AWSKEYRING" "5" "November 2020" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -24,36 +24,90 @@ The commands are as follows:
 .IP
 Prints the version
 .
+.br
+.
+.IP
+\-r, \-\-no\-remote: Do not validate with remote api\.
+.
 .TP
 add ACCOUNT:
 .
 .IP
 Adds an ACCOUNT to the keyring
 .
+.br
+.
+.IP
+\-k, \-\-key=KEY: AWS account key id\.
+.
+.br
+\-s, \-\-secret=SECRET: AWS account secret\.
+.
+.br
+\-m, \-\-mfa=MFA: AWS virtual mfa arn\.
+.
+.br
+\-r, \-\-no\-remote: Do not validate with remote api\.
+.
 .TP
 add\-role ROLE:
 .
 .IP
 Adds a ROLE to the keyring
 .
+.br
+.
+.IP
+\-a, \-\-arn=ARN: AWS role arn\.
+.
 .TP
-console ACCOUNT:
+awskeyring console ACCOUNT:
 .
 .IP
 Open the AWS Console for the ACCOUNT
 .
+.br
+.
+.IP
+\-p, \-\-path=PATH: The service PATH to open\.
+.
+.br
+\-b, \-\-browser=BROWSER: Specify an alternative browser\.
+.
+.br
+\-n, \-\-no\-token: Do not use saved token\.
+.
+.br
+\-o, \-\-no\-open: Do not open the url\.
+.
 .TP
 env ACCOUNT:
 .
 .IP
 Outputs bourne shell environment exports for an ACCOUNT
 .
+.br
+.
+.IP
+\-n, \-\-no\-token: Do not use saved token\.
+.
+.br
+\-u, \-\-unset, \-\-no\-unset: Unset environment variables\.
+.
 .TP
 exec ACCOUNT command\.\.\.:
 .
 .IP
 Execute a COMMAND with the environment set for an ACCOUNT
 .
+.br
+.
+.IP
+\-n, \-\-no\-token: Do not use saved token\.
+.
+.br
+\-b, \-\-no\-bundle: Unset Bundler environment variables\.
+.
 .TP
 help [COMMAND]:
 .
@@ -61,17 +115,38 @@ help [COMMAND]:
 Describe available commands or one specific command
 .
 .TP
+import:
+.
+.IP
+Import an ACCOUNT to the keyring from ~/\.aws/credentials
+.
+.br
+.
+.IP
+\-r, \-\-no\-remote: Do not validate with remote api\.
+.
+.TP
 initialise:
 .
 .IP
 Initialises a new KEYCHAIN
 .
+.br
+.
+.IP
+\-n, \-\-keychain=KEYCHAIN: Name of KEYCHAIN to initialise\.
+.
 .TP
 json ACCOUNT:
 .
 .IP
 Outputs AWS CLI compatible JSON for an ACCOUNT
 .
+.br
+.
+.IP
+\-n, \-\-no\-token: Do not use saved token\.
+.
 .TP
 list:
 .
@@ -84,6 +159,11 @@ list\-role:
 .IP
 Prints a list of roles in the keyring
 .
+.br
+.
+.IP
+\-d, \-\-detail, \-\-no\-detail: Show more detail\.
+.
 .TP
 remove ACCOUNT:
 .
@@ -114,12 +194,34 @@ token ACCOUNT [ROLE] [MFA]:
 .IP
 Create an STS Token from a ROLE or an MFA code
 .
+.br
+.
+.IP
+\-r, \-\-role=ROLE: The ROLE to assume\.
+.
+.br
+\-c, \-\-code=CODE: Virtual mfa CODE\.
+.
+.br
+\-d, \-\-duration=DURATION: Session DURATION in seconds\.
+.
 .TP
 update ACCOUNT:
 .
 .IP
 Updates an ACCOUNT in the keyring
 .
+.br
+.
+.IP
+\-k, \-\-key=KEY: AWS account key id\.
+.
+.br
+\-s, \-\-secret=SECRET: AWS account secret\.
+.
+.br
+\-r, \-\-no\-remote: Do not validate with remote api\.
+.
 .SH "ENVIRONMENT"
 The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us\-east\-1 when not\.
 .
@@ -169,10 +271,10 @@ awskeyring env personal\-aws
 The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
 .
 .SH "SECURITY"
-If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan@vibrato\.com\.au\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.
+If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan\.morgan@servian\.com\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.
 .
 .SH "AUTHOR"
-Tristan Morgan \fItristan@vibrato\.com\.au\fR is the maintainer of Awskeyring\.
+Tristan Morgan \fItristan\.morgan@servian\.com\fR is the maintainer of Awskeyring\.
 .
 .SH "CONTRIBUTORS"
 .
@@ -182,6 +284,9 @@ Tristan tristanmorgan \fIhttps://github\.com/tristanmorgan\fR
 .IP "\(bu" 4
 Adam Sir AzySir \fIhttps://github\.com/AzySir\fR
 .
+.IP "\(bu" 4
+Vito Giarrusso thtliife \fIhttps://github\.com/thtliife\fR
+.
 .IP "" 0
 .
 .SH "LICENSE"

data/man/awskeyring.5.ronn

@@ -16,39 +16,69 @@ The commands are as follows:
 
 * --version, -v:
 
-    Prints the version
+    Prints the version<br>
+
+    -r, --no-remote: Do not validate with remote api.
 
 * add ACCOUNT:
 
-    Adds an ACCOUNT to the keyring
+    Adds an ACCOUNT to the keyring<br>
+
+    -k, --key=KEY: AWS account key id.<br>
+    -s, --secret=SECRET: AWS account secret.<br>
+    -m, --mfa=MFA: AWS virtual mfa arn.<br>
+    -r, --no-remote: Do not validate with remote api.
 
 * add-role ROLE:
 
-    Adds a ROLE to the keyring
+    Adds a ROLE to the keyring<br>
+    
+    -a, --arn=ARN: AWS role arn.
 
-* console ACCOUNT:
+* awskeyring console ACCOUNT:
 
-    Open the AWS Console for the ACCOUNT
+    Open the AWS Console for the ACCOUNT<br>
+
+    -p, --path=PATH: The service PATH to open.<br>
+    -b, --browser=BROWSER: Specify an alternative browser.<br>
+    -n, --no-token: Do not use saved token.<br>
+    -o, --no-open: Do not open the url.
 
 * env ACCOUNT:
 
-    Outputs bourne shell environment exports for an ACCOUNT
+    Outputs bourne shell environment exports for an ACCOUNT<br>
+
+    -n, --no-token: Do not use saved token.<br>
+    -u, --unset, --no-unset: Unset environment variables.
 
 * exec ACCOUNT command...:
 
-    Execute a COMMAND with the environment set for an ACCOUNT
+    Execute a COMMAND with the environment set for an ACCOUNT<br>
+
+    -n, --no-token: Do not use saved token.<br>
+    -b, --no-bundle: Unset Bundler environment variables.
 
 * help [COMMAND]:
 
     Describe available commands or one specific command
 
+* import:
+
+    Import an ACCOUNT to the keyring from ~/.aws/credentials<br>
+
+    -r, --no-remote: Do not validate with remote api.
+
 * initialise:
 
-    Initialises a new KEYCHAIN
+    Initialises a new KEYCHAIN<br>
+
+    -n, --keychain=KEYCHAIN: Name of KEYCHAIN to initialise.
 
 * json ACCOUNT:
 
-    Outputs AWS CLI compatible JSON for an ACCOUNT
+    Outputs AWS CLI compatible JSON for an ACCOUNT<br>
+
+    -n, --no-token: Do not use saved token.
 
 * list:
 
@@ -56,7 +86,9 @@ The commands are as follows:
 
 * list-role:
 
-    Prints a list of roles in the keyring
+    Prints a list of roles in the keyring<br>
+
+    -d, --detail, --no-detail: Show more detail.
 
 * remove ACCOUNT:
 
@@ -76,11 +108,19 @@ The commands are as follows:
 
 * token ACCOUNT [ROLE] [MFA]:
 
-    Create an STS Token from a ROLE or an MFA code
+    Create an STS Token from a ROLE or an MFA code<br>
+
+    -r, --role=ROLE: The ROLE to assume.<br>
+    -c, --code=CODE: Virtual mfa CODE.<br>
+    -d, --duration=DURATION: Session DURATION in seconds.
 
 * update ACCOUNT:
 
-    Updates an ACCOUNT in the keyring
+    Updates an ACCOUNT in the keyring<br>
+
+    -k, --key=KEY: AWS account key id.<br>
+    -s, --secret=SECRET: AWS account secret.<br>
+    -r, --no-remote: Do not validate with remote api.
 
 ## ENVIRONMENT
 
@@ -117,17 +157,18 @@ like [HashiCorp Vault](https://vaultproject.io/).
 ## SECURITY
 
 If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at
-[tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to
+[tristan.morgan@servian.com](mailto:tristan.morgan@servian.com). Awskeyring is a Ruby script and as such Ruby is whitelisted to
 access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
 
 ## AUTHOR
 
-Tristan Morgan <tristan@vibrato.com.au> is the maintainer of Awskeyring.
+Tristan Morgan <tristan.morgan@servian.com> is the maintainer of Awskeyring.
 
 ## CONTRIBUTORS
 
 * Tristan [tristanmorgan](https://github.com/tristanmorgan)
 * Adam Sir [AzySir](https://github.com/AzySir)
+* Vito Giarrusso [thtliife](https://github.com/thtliife)
 
 ## LICENSE
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.7.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-27 00:00:00.000000000 Z
+date: 2020-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -67,8 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 description: Manages AWS credentials in the macOS keychain
-email:
-- tristan@vibrato.com.au
+email: tristan.morgan@servian.com
 executables:
 - awskeyring
 extensions: []
@@ -81,6 +80,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - awskeyring.gemspec
 - exe/awskeyring
 - i18n/en.yml
@@ -95,7 +95,12 @@ files:
 homepage: https://github.com/servian/awskeyring
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/servian/awskeyring/issues
+  changelog_uri: https://github.com/servian/awskeyring/blob/master/CHANGELOG.md
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.7.0
+  source_code_uri: https://github.com/servian/awskeyring/tree/v1.7.0
+  wiki_uri: https://github.com/servian/awskeyring/wiki
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -104,7 +109,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="