awskeyring 1.8.2 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 821682d536efc3d5785f862fb8e1a53fda4107eb18020bc6b3796a1d3654ee7d
-  data.tar.gz: 79bda10be2bfdabb9142e9798cfcdd47a20eba1b1cc4186526ca2f2860253514
+  metadata.gz: c40aae37a636dc9f09930e87a9c592d85b19889d96f0550875954d460bc7e9fe
+  data.tar.gz: 6d18d87a6301f6fe6f9cd8976da5bc80dbaf3cffe8570997b341d99426f56dfc
 SHA512:
-  metadata.gz: a84c3ef0c53bdf13a5740e1231494700bd40b91acda358c27c99de2eb8170c8073d98536c3fdfd6973a8f80cf2c3b362b101de83a5415eebada7b3a7f391053c
-  data.tar.gz: 728d2d23bd55a416d39bb94dbc5f7445941a15a64a18ef6f2a070ac6a21a6c9d4b14f3e0f210e6b85a964c08070c5435fc301665d4d6fd4989fe411dfed29efd
+  metadata.gz: 621e70e88839085be03c4c0cc30c8fe1e338392f46eca028c5a4fd244eac3d9f7c8cf68458730a154837408c9bd5cdc3d1da8625989c1b7de69bd007b3d91ecc
+  data.tar.gz: bac9058e92069e9206a070eb6fde527aeb1254e9135742cbbc7bd23a4666b27c6ee01da09f72083acff8e6b7fb0fc995e2553d2ebee196e05fc01e5f81419c4f

data/README.md

@@ -61,25 +61,25 @@ more details on this config option.
 
 The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
 
-    Commands:
-      awskeyring --version, -v               # Prints the version
-      awskeyring add ACCOUNT                 # Adds an ACCOUNT to the keyring
-      awskeyring add-role ROLE               # Adds a ROLE to the keyring
-      awskeyring console ACCOUNT             # Open the AWS Console for the ACCOUNT
-      awskeyring env ACCOUNT                 # Outputs bourne shell environment exports for an ACCOUNT
-      awskeyring exec ACCOUNT command...     # Execute a COMMAND with the environment set for an ACCOUNT
-      awskeyring help [COMMAND]              # Describe available commands or one specific command
-      awskeyring import ACCOUNT              # Import an ACCOUNT to the keyring from ~/.aws/credentials
-      awskeyring initialise                  # Initialises a new KEYCHAIN
-      awskeyring json ACCOUNT                # Outputs AWS CLI compatible JSON for an ACCOUNT
-      awskeyring list                        # Prints a list of accounts in the keyring
-      awskeyring list-role                   # Prints a list of roles in the keyring
-      awskeyring remove ACCOUNT              # Removes an ACCOUNT from the keyring
-      awskeyring remove-role ROLE            # Removes a ROLE from the keyring
-      awskeyring remove-token ACCOUNT        # Removes a token for ACCOUNT from the keyring
-      awskeyring rotate ACCOUNT              # Rotate access keys for an ACCOUNT
-      awskeyring token ACCOUNT [ROLE] [MFA]  # Create an STS Token from a ROLE or an MFA code
-      awskeyring update ACCOUNT              # Updates an ACCOUNT in the keyring
+    Awskeyring commands:
+      awskeyring --version, -v                # Prints the version
+      awskeyring add ACCOUNT                  # Adds an ACCOUNT to the keyring
+      awskeyring add-role ROLE                # Adds a ROLE to the keyring
+      awskeyring console ACCOUNT              # Open the AWS Console for the ACCOUNT
+      awskeyring env ACCOUNT                  # Outputs bourne shell environment exports for an ACCOUNT
+      awskeyring exec ACCOUNT command...      # Execute a COMMAND with the environment set for an ACCOUNT
+      awskeyring help [COMMAND]               # Describe available commands or one specific command
+      awskeyring import ACCOUNT               # Import an ACCOUNT to the keyring from ~/.aws/credentials
+      awskeyring initialise                   # Initialises a new KEYCHAIN
+      awskeyring json ACCOUNT                 # Outputs AWS CLI compatible JSON for an ACCOUNT
+      awskeyring list                         # Prints a list of accounts in the keyring
+      awskeyring list-role                    # Prints a list of roles in the keyring
+      awskeyring remove ACCOUNT               # Removes an ACCOUNT from the keyring
+      awskeyring remove-role ROLE             # Removes a ROLE from the keyring
+      awskeyring remove-token ACCOUNT         # Removes a token for ACCOUNT from the keyring
+      awskeyring rotate ACCOUNT               # Rotate access keys for an ACCOUNT
+      awskeyring token ACCOUNT [ROLE] [CODE]  # Create an STS Token from a ROLE or an mfa CODE
+      awskeyring update ACCOUNT               # Updates an ACCOUNT in the keyring
 
 and autocomplete that can be installed with:
 
@@ -91,7 +91,7 @@ There are also short forms of most commands if you prefer:
 
 To set your environment easily the following bash function helps:
 
-    awsenv() { eval "$(awskeyring env $@)"; }
+    awsenv() { eval "$(awskeyring env ${@:-$AWS_ACCOUNT_NAME})"; }
 
 ## Development
 

data/Rakefile

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
 require 'ronn'
 require 'github_changelog_generator/task'
@@ -49,13 +48,14 @@ end
 desc 'generate manpage'
 task :ronn do
   puts 'Running Ronn...'
-  roff_text = Ronn::Document.new('man/awskeyring.5.ronn').to_roff
-  File.write('man/awskeyring.5', roff_text)
+  doc = Ronn::Document.new('man/awskeyring.5.ronn')
+  doc.date = Time.parse(`git show -s --format=%ad --date=short`)
+  File.write('man/awskeyring.5', doc.to_roff)
   puts "done\n\n"
 end
 
 YARD::Rake::YardocTask.new do |t|
-  t.options = ['--fail-on-warning', '--no-progress']
+  t.options = ['--fail-on-warning', '--no-progress', '--files', '*.md']
   t.stats_options = ['--list-undoc']
 end
 

data/i18n/en.yml

@@ -1,41 +1,24 @@
 ---
 en:
-  __version:
-    desc: Prints the version
-  add:
-    desc: Adds an ACCOUNT to the keyring
-  add_role:
-    desc: Adds a ROLE to the keyring
-  awskeyring:
-    desc: Autocompletion for bourne shells
-  console:
-    desc: Open the AWS Console for the ACCOUNT
-  env:
-    desc: Outputs bourne shell environment exports for an ACCOUNT
-  exec:
-    desc: Execute a COMMAND with the environment set for an ACCOUNT
-  import:
-    desc: Import an ACCOUNT to the keyring from ~/.aws/credentials
-  initialise:
-    desc: Initialises a new KEYCHAIN
-  json:
-    desc: Outputs AWS CLI compatible JSON for an ACCOUNT
-  list:
-    desc: Prints a list of accounts in the keyring
-  list_role:
-    desc: Prints a list of roles in the keyring
-  remove:
-    desc: Removes an ACCOUNT from the keyring
-  remove_role:
-    desc: Removes a ROLE from the keyring
-  remove_token:
-    desc: Removes a token for ACCOUNT from the keyring
-  rotate:
-    desc: Rotate access keys for an ACCOUNT
-  token:
-    desc: Create an STS Token from a ROLE or an MFA code
-  update:
-    desc: Updates an ACCOUNT in the keyring
+  __version_desc: Prints the version
+  add_desc: Adds an ACCOUNT to the keyring
+  add_role_desc: Adds a ROLE to the keyring
+  awskeyring_desc: Autocompletion for bourne shells
+  console_desc: Open the AWS Console for the ACCOUNT
+  default_desc: Run default help or initialise if needed.
+  env_desc: Outputs bourne shell environment exports for an ACCOUNT
+  exec_desc: Execute a COMMAND with the environment set for an ACCOUNT
+  import_desc: Import an ACCOUNT to the keyring from ~/.aws/credentials
+  initialise_desc: Initialises a new KEYCHAIN
+  json_desc: Outputs AWS CLI compatible JSON for an ACCOUNT
+  list_desc: Prints a list of accounts in the keyring
+  list_role_desc: Prints a list of roles in the keyring
+  remove_desc: Removes an ACCOUNT from the keyring
+  remove_role_desc: Removes a ROLE from the keyring
+  remove_token_desc: Removes a token for ACCOUNT from the keyring
+  rotate_desc: Rotate access keys for an ACCOUNT
+  token_desc: Create an STS Token from a ROLE or an mfa CODE
+  update_desc: Updates an ACCOUNT in the keyring
   method_option:
     arn: 'AWS role arn.'
     code: 'Virtual mfa CODE.'
@@ -50,7 +33,6 @@ en:
     noremote: 'Do not validate with remote api.'
     path: 'The service PATH to open.'
     browser: 'Specify an alternative browser.'
-    role: 'The ROLE to assume.'
     secret: 'AWS account secret.'
     unset: 'Unset environment variables.'
   message:

data/lib/awskeyring.rb

@@ -97,6 +97,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     all_items.where(account: account).first
   end
 
+  # return item that matches a prefix if only one.
+  def self.solo_select(list, prefix)
+    return prefix if list.include?(prefix)
+
+    list.select! { |elem| elem.start_with?(prefix) }
+
+    return list.first if list.length == 1
+
+    nil
+  end
+
   # Add an account item
   #
   # @param [String] account The account name to create
@@ -317,7 +328,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] account_name the associated account name.
   def self.account_exists(account_name)
     Awskeyring::Validate.account_name(account_name)
-    raise 'Account does not exist' unless list_account_names.include?(account_name)
+    raise 'Account does not exist' unless (account_name = solo_select(list_account_names, account_name))
 
     account_name
   end
@@ -347,7 +358,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] role_name the associated role name.
   def self.role_exists(role_name)
     Awskeyring::Validate.role_name(role_name)
-    raise 'Role does not exist' unless list_role_names.include?(role_name)
+    raise 'Role does not exist' unless (role_name = solo_select(list_role_names, role_name))
 
     role_name
   end
@@ -367,7 +378,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] token_name the associated account name.
   def self.token_exists(token_name)
     Awskeyring::Validate.account_name(token_name)
-    raise 'Token does not exist' unless list_token_names.include?(token_name)
+    raise 'Token does not exist' unless (token_name = solo_select(list_token_names, token_name))
 
     token_name
   end

data/lib/awskeyring/awsapi.rb

@@ -209,7 +209,7 @@ module Awskeyring
     # Get the signin token param
     private_class_method def self.token_param(session_json:)
       get_signin_token_url = AWS_SIGNIN_URL + '?Action=getSigninToken' \
-                             '&Session=' + CGI.escape(session_json)
+                                              '&Session=' + CGI.escape(session_json)
 
       uri       = URI(get_signin_token_url)
       request   = Net::HTTP.new(uri.host, uri.port)

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.8.2'
+  VERSION = '1.9.0'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring_command.rb

@@ -11,29 +11,36 @@ require 'awskeyring/version'
 
 # AWSkeyring command line interface.
 class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
+  package_name 'Awskeyring'
   I18n.load_path = Dir.glob(File.join(File.realpath(__dir__), '..', 'i18n', '*.{yml,yaml}'))
   I18n.backend.load_translations
 
   map %w[--version -v] => :__version
-  map %w[--help -h] => :help
-  map 'init' => :initialise
   map 'adr' => :add_role
-  map 'con' => :console
+  map 'assume-role' => :token
   map 'ls' => :list
   map 'lsr' => :list_role
   map 'rm' => :remove
   map 'rmr' => :remove_role
   map 'rmt' => :remove_token
-  map 'rot' => :rotate
-  map 'tok' => :token
-  map 'up' => :update
+  default_command :default
 
   # default to returning an error on failure.
   def self.exit_on_failure?
     true
   end
 
-  desc '--version, -v', I18n.t('__version.desc')
+  desc 'default', I18n.t('default_desc'), hide: true
+  # default command to run
+  def default
+    if Awskeyring.prefs.empty?
+      invoke :initialise
+    else
+      invoke :help
+    end
+  end
+
+  desc '--version, -v', I18n.t('__version_desc')
   method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
   # print the version number
   def __version
@@ -44,7 +51,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts "Homepage #{Awskeyring::HOMEPAGE}"
   end
 
-  desc 'initialise', I18n.t('initialise.desc')
+  desc 'initialise', I18n.t('initialise_desc')
   method_option :keychain, type: :string, aliases: '-n', desc: I18n.t('method_option.keychain')
   # initialise the keychain
   def initialise
@@ -69,7 +76,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.addkeychain', keychain: keychain, exec_name: exec_name)
   end
 
-  desc 'list', I18n.t('list.desc')
+  desc 'list', I18n.t('list_desc')
   # list the accounts
   def list
     if Awskeyring.list_account_names.empty?
@@ -79,9 +86,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts Awskeyring.list_account_names.join("\n")
   end
 
-  map 'list-role' => :list_role
-  desc 'list-role', I18n.t('list_role.desc')
-  method_option 'detail', type: :boolean, aliases: '-d', desc: I18n.t('method_option.detail'), default: false
+  desc 'list-role', I18n.t('list_role_desc')
+  method_option :detail, type: :boolean, aliases: '-d', desc: I18n.t('method_option.detail'), default: false
   # List roles
   def list_role
     if Awskeyring.list_role_names.empty?
@@ -95,9 +101,9 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
-  desc 'env ACCOUNT', I18n.t('env.desc')
+  desc 'env ACCOUNT', I18n.t('env_desc')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
-  method_option 'unset', type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
+  method_option :unset, type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
   # Print Env vars
   def env(account = nil)
     if options[:unset]
@@ -113,7 +119,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
-  desc 'json ACCOUNT', I18n.t('json.desc')
+  desc 'json ACCOUNT', I18n.t('json_desc')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # Print JSON for use with credential_process
   def json(account)
@@ -130,7 +136,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
-  desc 'import ACCOUNT', I18n.t('import.desc')
+  desc 'import ACCOUNT', I18n.t('import_desc')
   method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
   # Import an Account
   def import(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
@@ -166,7 +172,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
-  desc 'exec ACCOUNT command...', I18n.t('exec.desc')
+  desc 'exec ACCOUNT command...', I18n.t('exec_desc')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
   # execute an external command with env set
@@ -188,7 +194,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
-  desc 'add ACCOUNT', I18n.t('add.desc')
+  desc 'add ACCOUNT', I18n.t('add_desc')
   method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
   method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
@@ -219,7 +225,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.addaccount', account: account)
   end
 
-  desc 'update ACCOUNT', I18n.t('update.desc')
+  desc 'update ACCOUNT', I18n.t('update_desc')
   method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
   method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
@@ -246,8 +252,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.upaccount', account: account)
   end
 
-  map 'add-role' => :add_role
-  desc 'add-role ROLE', I18n.t('add_role.desc')
+  desc 'add-role ROLE', I18n.t('add_role_desc')
   method_option :arn, type: :string, aliases: '-a', desc: I18n.t('method_option.arn')
   # Add a role
   def add_role(role = nil)
@@ -267,7 +272,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.addrole', role: role)
   end
 
-  desc 'remove ACCOUNT', I18n.t('remove.desc')
+  desc 'remove ACCOUNT', I18n.t('remove_desc')
   # Remove an account
   def remove(account = nil)
     account = ask_check(
@@ -277,18 +282,17 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     Awskeyring.delete_account(account: account, message: I18n.t('message.delaccount', account: account))
   end
 
-  desc 'remove-token ACCOUNT', I18n.t('remove_token.desc')
+  desc 'remove-token ACCOUNT', I18n.t('remove_token_desc')
   # remove a session token
-  def remove_token(account = nil)
-    account = ask_check(
-      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
+  def remove_token(token = nil)
+    token = ask_check(
+      existing: token, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
       limited_to: Awskeyring.list_token_names
     )
-    Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
+    Awskeyring.delete_token(account: token, message: I18n.t('message.deltoken', account: token))
   end
 
-  map 'remove-role' => :remove_role
-  desc 'remove-role ROLE', I18n.t('remove_role.desc')
+  desc 'remove-role ROLE', I18n.t('remove_role_desc')
   # remove a role
   def remove_role(role = nil)
     role = ask_check(
@@ -298,7 +302,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     Awskeyring.delete_role(role_name: role, message: I18n.t('message.delrole', role: role))
   end
 
-  desc 'rotate ACCOUNT', I18n.t('rotate.desc')
+  desc 'rotate ACCOUNT', I18n.t('rotate_desc')
   # rotate Account keys
   def rotate(account = nil) # rubocop:disable Metrics/MethodLength
     account = ask_check(
@@ -330,8 +334,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.upaccount', account: account)
   end
 
-  desc 'token ACCOUNT [ROLE] [MFA]', I18n.t('token.desc')
-  method_option :role, type: :string, aliases: '-r', desc: I18n.t('method_option.role')
+  desc 'token ACCOUNT [ROLE] [CODE]', I18n.t('token_desc')
   method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
   method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
   # generate a sessiopn token
@@ -342,7 +345,6 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       validator: Awskeyring.method(:account_exists),
       limited_to: Awskeyring.list_account_names
     )
-    role ||= options[:role]
     if role
       role = ask_check(
         existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
@@ -385,7 +387,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
   end
 
-  desc 'console ACCOUNT', I18n.t('console.desc')
+  desc 'console ACCOUNT', I18n.t('console_desc')
   method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
   method_option :browser, type: :string, aliases: '-b', desc: I18n.t('method_option.browser')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
@@ -424,110 +426,140 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
-  desc 'awskeyring CURR PREV', I18n.t('awskeyring.desc'), hide: true
+  desc "#{File.basename($PROGRAM_NAME)} CURR PREV", I18n.t('awskeyring_desc'), hide: true
   map File.basename($PROGRAM_NAME) => :autocomplete
   # autocomplete
-  def autocomplete(curr, prev)
+  def autocomplete(curr, prev = nil)
+    curr, prev = fix_args(curr, prev)
     comp_line = ENV['COMP_LINE']
-    unless comp_line
+    comp_point_str = ENV['COMP_POINT']
+    unless comp_line && comp_point_str
       exec_name = File.basename($PROGRAM_NAME)
       warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
       exit 1
     end
 
-    curr, comp_len, sub_cmd = comp_type(comp_line: comp_line, curr: curr, prev: prev)
-    print_auto_resp(curr, comp_len, sub_cmd)
+    comp_lines = comp_line[0..(comp_point_str.to_i)].split
+
+    comp_type, sub_cmd = comp_type(comp_lines: comp_lines, prev: prev)
+    list = fetch_auto_resp(comp_type, sub_cmd)
+    puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
   end
 
   private
 
-  def age_check_and_get(account:, no_token:)
-    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
-
-    maxage = Awskeyring.key_age
-    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
-    warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
-
-    cred
+  # when a double dash is parsed it is dropped from the args but we need it
+  def fix_args(curr, prev)
+    if prev.nil?
+      [ARGV[1], ARGV[2]]
+    else
+      [curr, prev]
+    end
   end
 
-  def comp_type(comp_line:, curr:, prev:)
-    comp_len = comp_line.split.index(prev)
-    sub_cmd = sub_command(comp_line.split)
-
-    comp_len = 3 if curr.start_with?('-')
+  # determine the type of completion needed
+  def comp_type(comp_lines:, prev:)
+    sub_cmd = sub_command(comp_lines)
+    comp_idx = comp_lines.rindex(prev)
 
     case prev
-    when 'help', File.basename($PROGRAM_NAME)
-      comp_len = 0
-    when 'remove-role', '-r', 'rmr'
-      comp_len = 2
     when '--path', '-p'
-      comp_len = 40
-    when 'remove-token', 'rmt'
-      comp_len = 50
+      comp_type = :path_type
     when '--browser', '-b'
-      comp_len = 60
+      comp_type = :browser_type
+    else
+      comp_type = :command
+      comp_type = param_type(comp_idx, sub_cmd) unless sub_cmd.empty?
     end
 
-    [curr, comp_len, sub_cmd]
+    [comp_type, sub_cmd]
   end
 
+  # check params for named params or fall back to flags
+  def param_type(comp_idx, sub_cmd)
+    types = %i[opt req]
+    param_list = method(sub_cmd).parameters.select { |elem| types.include? elem[0] }
+    if comp_idx.zero?
+      :command
+    elsif comp_idx > param_list.length
+      :flag
+    else
+      param_list[comp_idx - 1][1]
+    end
+  end
+
+  # catch the command from prefixes and aliases
   def sub_command(comp_lines)
-    return nil if comp_lines.nil? || comp_lines.length < 2
+    return '' if comp_lines.length < 2
 
     sub_cmd = comp_lines[1]
 
-    return sub_cmd if self.class.all_commands.keys.index(sub_cmd)
-
-    self.class.map[sub_cmd].to_s
-  end
-
-  def print_auto_resp(curr, len, sub_cmd) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
-    list = []
-    case len
-    when 0
-      list = list_commands
-    when 1
-      list = Awskeyring.list_account_names
-    when 2
-      list = Awskeyring.list_role_names
-    when 3..10
-      list = list_arguments(command: sub_cmd)
-    when 40
-      list = Awskeyring.list_console_path
-    when 50
-      list = Awskeyring.list_token_names
-    when 60
-      list = Awskeyring.list_browsers
+    return self.class.map[sub_cmd].to_s if self.class.map.key? sub_cmd
+
+    (Awskeyring.solo_select(list_commands, sub_cmd) || '').tr('-', '_')
+  end
+
+  # given a type return the right list for completions
+  def fetch_auto_resp(comp_type, sub_cmd)
+    case comp_type
+    when :command
+      list_commands
+    when :account
+      Awskeyring.list_account_names
+    when :role
+      Awskeyring.list_role_names
+    when :path_type
+      Awskeyring.list_console_path
+    when :token
+      Awskeyring.list_token_names
+    when :browser_type
+      Awskeyring.list_browsers
     else
-      exit 1
+      list_arguments(command: sub_cmd)
     end
-    puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
   end
 
+  # list command names
   def list_commands
-    self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject! { |elem| elem == 'autocomplete' }
+    commands = self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
+    commands.reject! { |elem| %w[autocomplete default].include?(elem) }
   end
 
+  # list flags for a command
   def list_arguments(command:)
-    exit 1 if command.empty?
-    self.class.all_commands[command].options.values.map(&:aliases).flatten! +
-      self.class.all_commands[command].options.values.map(&:switch_name)
+    options = self.class.all_commands[command].options.values
+    exit 1 if options.empty?
+
+    options.map(&:aliases).flatten! +
+      options.map(&:switch_name)
+  end
+
+  # add warning about old keys
+  def age_check_and_get(account:, no_token:)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
+
+    maxage = Awskeyring.key_age
+    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
+    warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
+
+    cred
   end
 
+  # print exports from map
   def put_env_string(cred)
     env_var = Awskeyring::Awsapi.get_env_array(cred)
     env_var.each { |var, value| puts "export #{var}=\"#{value}\"" }
     Awskeyring::Awsapi::AWS_ENV_VARS.each { |key| puts "unset #{key}" unless env_var.key?(key) }
   end
 
+  # select duration for sts token types
   def default_duration(duration, role, code)
     duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
     duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
     duration || Awskeyring::Awsapi::ONE_HOUR.to_s
   end
 
+  # ask and validate input values.
   def ask_check(existing:, message:, flags: nil, validator: nil, limited_to: nil) # rubocop:disable Metrics/MethodLength
     retries ||= 3
     begin
@@ -548,10 +580,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     value
   end
 
+  # ask for somthinng if its missing.
   def ask_missing(existing:, message:, secure: false, optional: false, limited_to: nil)
     existing || ask(message: message, secure: secure, optional: optional, limited_to: limited_to).strip
   end
 
+  # ask in different ways
   def ask(message:, secure: false, optional: false, limited_to: nil)
     if secure
       Awskeyring::Input.read_secret("#{message.rjust(20)}: ")
@@ -564,6 +598,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
+  # undo Bundler env vars
   def unbundle
     to_delete = ENV.keys.select { |elem| elem.start_with?('BUNDLER_ORIG_') }
     bundled_env = to_delete.map { |elem| elem[('BUNDLER_ORIG_'.length)..] }

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "March 2021" "" ""
+.TH "AWSKEYRING" "5" "July 2021" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -189,17 +189,14 @@ rotate ACCOUNT:
 Rotate access keys for an ACCOUNT
 .
 .TP
-token ACCOUNT [ROLE] [MFA]:
+token ACCOUNT [ROLE] [CODE]:
 .
 .IP
-Create an STS Token from a ROLE or an MFA code
+Create an STS Token from a ROLE or an mfa CODE
 .
 .br
 .
 .IP
-\-r, \-\-role=ROLE: The ROLE to assume\.
-.
-.br
 \-c, \-\-code=CODE: Virtual mfa CODE\.
 .
 .br
@@ -267,8 +264,34 @@ awskeyring env personal\-aws
 .
 .IP "" 0
 .
+.P
+To open the AWS Console (web page) with your default browser simply run\.\.\.
+.
+.IP "" 4
+.
+.nf
+
+awskeyring console personal\-aws
+.
+.fi
+.
+.IP "" 0
+.
+.P
+Autocomplete is enabled in your current shell with the following command\.\.\.
+.
+.IP "" 4
+.
+.nf
+
+complete \-C /usr/local/bin/awskeyring awskeyring
+.
+.fi
+.
+.IP "" 0
+.
 .SH "HISTORY"
-The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
+The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. It then expanded to include autocomplete and a desire to have an almost complete test coverage to prevent regressions in its functionality\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
 .
 .SH "SECURITY"
 If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at \fItristan\.morgan@servian\.com\fR\. Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain\. Use a strong password and keep the unlock time short\.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.8.2
+  version: 1.9.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-19 00:00:00.000000000 Z
+date: 2021-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -93,8 +93,8 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/servian/awskeyring/issues
   changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
-  documentation_uri: https://rubydoc.info/gems/awskeyring/1.8.2
-  source_code_uri: https://github.com/servian/awskeyring/tree/v1.8.2
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.9.0
+  source_code_uri: https://github.com/servian/awskeyring/tree/v1.9.0
   wiki_uri: https://github.com/servian/awskeyring/wiki
 post_install_message: 
 rdoc_options: []