awskeyring 1.3.3 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3207b3732716f614eecc291edeaa629ebac97934e590cf7b6bf97d385cd593e5
-  data.tar.gz: 37c0275281e5f4b2e42e8319be344aba943f4fbf81fa64e687d8cbda8e8f827f
+  metadata.gz: ae2606582cb2a9c079bf4ebcb6223570148954cf66fe9938c9b4d969c1312da6
+  data.tar.gz: d6b24f01901e6c3161e1874f9bd9d018f9b62e734d7d73f5ffaed78f0125ecb1
 SHA512:
-  metadata.gz: 158d8f44b19e2b40a4873ecfa84f22ac2751a8470409f45ec733d614e617a00b7ad7b52786c5d3ffa1d98149120603f04e6db21c5a279fecaee55e679e10718d
-  data.tar.gz: 0c9d3561a5c6ef181527e8ab52e858e17c5dd722403aec9df246606099c4b9bc66eb54dbacc98a770534012faf8fa52f3ebbab7c97a7fbaacd0673f5aac3f2f2
+  metadata.gz: d7704820e908585b67575c319e03493512917a9e5ea5db9620040402c49fbcd6466448e108949bcf32ea2d2f782e2ee8bf7e3e1bdd4e4138cb6d462c2c603635
+  data.tar.gz: 667e7d6d0417cda0a79c1d81680469f1ba2c7a03630bd8e7269e03f137ad669155126a927eb39542b1e9e0b07ee0f408678bb603bc77900cc7db9ff60e702c6b

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [v1.4.0](https://github.com/servian/awskeyring/tree/v1.4.0) (2020-06-19)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.3...v1.4.0)
+
+**Implemented enhancements:**
+
+- Import Keys and Tokens from shared credentials files. [\#65](https://github.com/servian/awskeyring/pull/65) ([tristanmorgan](https://github.com/tristanmorgan))
+
 ## [v1.3.3](https://github.com/servian/awskeyring/tree/v1.3.3) (2020-06-04)
 
 [Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.2...v1.3.3)

data/README.md

@@ -65,6 +65,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
       awskeyring env ACCOUNT                 # Outputs bourne shell environment exports for an ACCOUNT
       awskeyring exec ACCOUNT command...     # Execute a COMMAND with the environment set for an ACCOUNT
       awskeyring help [COMMAND]              # Describe available commands or one specific command
+      awskeyring import ACCOUNT              # Import an ACCOUNT to the keyring from ~/.aws/credentials
       awskeyring initialise                  # Initialises a new KEYCHAIN
       awskeyring json ACCOUNT                # Outputs AWS CLI compatible JSON for an ACCOUNT
       awskeyring list                        # Prints a list of accounts in the keyring

data/Rakefile

@@ -22,12 +22,18 @@ RuboCop::RakeTask.new do |rubocop|
   rubocop.requires << 'rubocop-rubycw'
 end
 
-RSpec::Core::RakeTask.new(:spec) do |rspec|
-  rspec.rspec_opts = %w[--order rand --format documentation --color]
+desc 'Run RSpec code examples'
+task :spec do
+  puts 'Running RSpec...'
+  require 'rspec/core'
+  runner = RSpec::Core::Runner
+  xcode = runner.run(%w[--pattern spec/**{,/*/**}/*_spec.rb --order rand --format documentation --color])
+  abort 'RSpec failed' if xcode.positive?
 end
 
 desc 'Check filemode bits'
 task :filemode do
+  puts 'Running FileMode...'
   files = Set.new(`git ls-files -z`.split("\x0"))
   dirs = Set.new(files.map { |file| File.dirname(file) })
   failure = []
@@ -42,7 +48,7 @@ end
 
 desc 'generate manpage'
 task :ronn do
-  puts 'Writing manpage'
+  puts 'Running Ronn...'
   roff_text = Ronn::Document.new('man/awskeyring.5.ronn').to_roff
   File.write('man/awskeyring.5', roff_text)
   puts "done\n\n"

data/i18n/en.yml

@@ -14,6 +14,8 @@ en:
     desc: Outputs bourne shell environment exports for an ACCOUNT
   exec:
     desc: Execute a COMMAND with the environment set for an ACCOUNT
+  import:
+    desc: Import an ACCOUNT to the keyring from ~/.aws/credentials
   initialise:
     desc: Initialises a new KEYCHAIN
   json:

data/lib/awskeyring.rb

@@ -72,18 +72,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
 
   # Return a list of all acount items
   private_class_method def self.list_items
-    items = all_items.all.sort do |elem_a, elem_b|
-      elem_a.attributes[:label] <=> elem_b.attributes[:label]
-    end
-    items.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
   end
 
   # Return a list of all role items
   private_class_method def self.list_roles
-    items = all_items.all.sort do |elem_a, elem_b|
-      elem_a.attributes[:label] <=> elem_b.attributes[:label]
-    end
-    items.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
+  end
+
+  # Return a list of all acount items
+  private_class_method def self.list_tokens
+    all_items.all.select { |elem| elem.attributes[:label].start_with?(SESSION_KEY_PREFIX) }
   end
 
   # Return all keychain items
@@ -175,12 +174,21 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
 
   # Return a list account item names
   def self.list_account_names
-    list_items.map { |elem| elem.attributes[:label][(ACCOUNT_PREFIX.length)..-1] }
+    items = list_items.map { |elem| elem.attributes[:label][(ACCOUNT_PREFIX.length)..-1] }
+
+    tokens = list_tokens.map { |elem| elem.attributes[:label][(SESSION_KEY_PREFIX.length)..-1] }
+
+    (items + tokens).uniq.sort
   end
 
   # Return a list role item names
   def self.list_role_names
-    list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..-1] }
+    list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..-1] }.sort
+  end
+
+  # Return a list token item names
+  def self.list_token_names
+    list_tokens.map { |elem| elem.attributes[:label][(SESSION_KEY_PREFIX.length)..-1] }.sort
   end
 
   # Return a list role item names and arns
@@ -246,7 +254,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete session token items if expired
   private_class_method def self.delete_expired(key:, token:)
     expires_at = Time.at(token.attributes[:account].to_i)
-    if expires_at < Time.now
+    if expires_at < Time.new
       delete_pair(key: key, token: token, message: I18n.t('message.delexpired'))
       key = nil
       token = nil
@@ -347,6 +355,16 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     role_name
   end
 
+  # Validate token exists
+  #
+  # @param [String] token_name the associated account name.
+  def self.token_exists(token_name)
+    Awskeyring::Validate.account_name(token_name)
+    raise 'Token does not exist' unless list_token_names.include?(token_name)
+
+    token_name
+  end
+
   # Validate role arn not exists
   #
   # @param [String] role_arn the associated role arn.

data/lib/awskeyring/awsapi.rb

@@ -141,10 +141,11 @@ module Awskeyring
     #
     # @param [String] key The aws_access_key_id
     # @param [String] secret The aws_secret_access_key
-    def self.verify_cred(key:, secret:)
+    # @param [String] token The aws_session_token
+    def self.verify_cred(key:, secret:, token:)
       begin
         ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
-        sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret)
+        sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret, session_token: token)
         sts.get_caller_identity
       rescue Aws::Errors::ServiceError => e
         warn e.to_s
@@ -153,6 +154,26 @@ module Awskeyring
       true
     end
 
+    # Retrieve credentials from the AWS Credentials file
+    #
+    # @param [String] account the profile name wanted
+    # @return [Hash] with the new credentials
+    #    key The aws_access_key_id
+    #    secret The aws_secret_access_key
+    #    token The aws_session_token
+    #    expiry expiry time
+    def self.get_credentials_from_file(account:)
+      creds = Aws::SharedCredentials.new(profile_name: account)
+      {
+        account: account,
+        key: creds.credentials.access_key_id,
+        secret: creds.credentials.secret_access_key,
+        token: creds.credentials.session_token,
+        expiry: Time.new + TWELVE_HOUR,
+        role: nil
+      }
+    end
+
     # Retrieves an AWS Console login url
     #
     # @param [String] key The aws_access_key_id

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.3.3'
+  VERSION = '1.4.0'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring_command.rb

@@ -122,6 +122,42 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
+  desc 'import ACCOUNT', I18n.t('import.desc')
+  method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
+  # Import an Account
+  def import(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+    account = ask_check(
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
+    )
+    new_creds = Awskeyring::Awsapi.get_credentials_from_file(account: account)
+    unless options['no-remote']
+      Awskeyring::Awsapi.verify_cred(
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        token: new_creds[:token]
+      )
+    end
+    if new_creds[:token].nil?
+      Awskeyring.add_account(
+        account: new_creds[:account],
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        mfa: ''
+      )
+      puts I18n.t('message.addaccount', account: account)
+    else
+      Awskeyring.add_token(
+        account: new_creds[:account],
+        key: new_creds[:key],
+        secret: new_creds[:secret],
+        token: new_creds[:token],
+        expiry: new_creds[:expiry].to_i.to_s,
+        role: nil
+      )
+      puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
+    end
+  end
+
   desc 'exec ACCOUNT command...', I18n.t('exec.desc')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
@@ -163,7 +199,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: options[:mfa], message: I18n.t('message.mfa'),
       flags: 'optional', validator: Awskeyring::Validate.method(:mfa_arn)
     )
-    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret, token: nil) unless options['no-remote']
     Awskeyring.add_account(
       account: account,
       key: key,
@@ -235,8 +271,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # remove a session token
   def remove_token(account = nil)
     account = ask_check(
-      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
-      limited_to: Awskeyring.list_account_names
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
+      limited_to: Awskeyring.list_token_names
     )
     Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
   end
@@ -415,6 +451,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       comp_len = 2
     when '--path', '-p'
       comp_len = 4
+    when 'remove-token', 'rmt'
+      comp_len = 5
     end
 
     [curr, comp_len, sub_cmd]
@@ -430,7 +468,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     self.class.map[sub_cmd].to_s
   end
 
-  def print_auto_resp(curr, len, sub_cmd)
+  def print_auto_resp(curr, len, sub_cmd) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
     list = []
     case len
     when 0
@@ -443,6 +481,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       list = list_arguments(command: sub_cmd)
     when 4
       list = Awskeyring.list_console_path
+    when 5
+      list = Awskeyring.list_token_names
     else
       exit 1
     end

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "April 2020" "" ""
+.TH "AWSKEYRING" "5" "June 2020" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -61,6 +61,12 @@ help [COMMAND]:
 Describe available commands or one specific command
 .
 .TP
+import:
+.
+.IP
+Import an ACCOUNT to the keyring from ~/\.aws/credentials
+.
+.TP
 initialise:
 .
 .IP

data/man/awskeyring.5.ronn

@@ -42,6 +42,10 @@ The commands are as follows:
 
     Describe available commands or one specific command
 
+* import:
+
+    Import an ACCOUNT to the keyring from ~/.aws/credentials
+
 * initialise:
 
     Initialises a new KEYCHAIN

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.4.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-04 00:00:00.000000000 Z
+date: 2020-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -97,8 +97,8 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/servian/awskeyring/issues
   changelog_uri: https://github.com/servian/awskeyring/blob/master/CHANGELOG.md
-  documentation_uri: https://rubydoc.info/gems/awskeyring/1.3.3
-  source_code_uri: https://github.com/servian/awskeyring/tree/v1.3.3
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.4.0
+  source_code_uri: https://github.com/servian/awskeyring/tree/v1.4.0
   wiki_uri: https://github.com/servian/awskeyring/wiki
 post_install_message: 
 rdoc_options: []