awskeyring 1.8.4 → 1.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d6214486cc6877ca62ed23c40f01636f0f5bd726f7d7fdd9dd7f310ec87da84
-  data.tar.gz: fede3a531c42bab12951bb316e8f4c0f9c3d383f60121c4993359013422fb6b4
+  metadata.gz: 6461179e25d74d7a488cc8dd25db6cb3f3965c177f0dd5cdc8fa440f7c0bf1e3
+  data.tar.gz: 30ac24cde26e0b407a89b218e61ecfd5a8f3ed2852d1da3e3339fa0ef82d17c1
 SHA512:
-  metadata.gz: f23bed2643e3ab8f288ff690f20f540b8486a9aca792ff362696bf867009d36d874391f13b936cc1808a9908f1f16617d2fe81073e08c6620f0997835e653cb3
-  data.tar.gz: a9732e12755c7465545bdcd59a982f446a33e42988de10158a4db977c4d8fc5a8a391d6c55c67b835fb6af749dd3e77dfef1d335b04fa6683a6df1ce0a36d227
+  metadata.gz: c11cee874dbaa962b252a637ebffb6623fbc0bf05cafaab9e32bbf34b8243dcf0a53e91f1ca6b3f1e4a2e65f3112981cae169334fa89817a866b8efe48a650dd
+  data.tar.gz: e4bbba7de171b98f88a1e3ea9232ab54c09a785712cddf979f232539ec867676bc0e33fe3b763eaf8217feecb3728aad11436326795f30560034ceeb2ac2d769

data/README.md

@@ -62,24 +62,24 @@ more details on this config option.
 The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
 
     Awskeyring commands:
-      awskeyring --version, -v               # Prints the version
-      awskeyring add ACCOUNT                 # Adds an ACCOUNT to the keyring
-      awskeyring add-role ROLE               # Adds a ROLE to the keyring
-      awskeyring console ACCOUNT             # Open the AWS Console for the ACCOUNT
-      awskeyring env ACCOUNT                 # Outputs bourne shell environment exports for an ACCOUNT
-      awskeyring exec ACCOUNT command...     # Execute a COMMAND with the environment set for an ACCOUNT
-      awskeyring help [COMMAND]              # Describe available commands or one specific command
-      awskeyring import ACCOUNT              # Import an ACCOUNT to the keyring from ~/.aws/credentials
-      awskeyring initialise                  # Initialises a new KEYCHAIN
-      awskeyring json ACCOUNT                # Outputs AWS CLI compatible JSON for an ACCOUNT
-      awskeyring list                        # Prints a list of accounts in the keyring
-      awskeyring list-role                   # Prints a list of roles in the keyring
-      awskeyring remove ACCOUNT              # Removes an ACCOUNT from the keyring
-      awskeyring remove-role ROLE            # Removes a ROLE from the keyring
-      awskeyring remove-token ACCOUNT        # Removes a token for ACCOUNT from the keyring
-      awskeyring rotate ACCOUNT              # Rotate access keys for an ACCOUNT
-      awskeyring token ACCOUNT [ROLE] [MFA]  # Create an STS Token from a ROLE or an MFA code
-      awskeyring update ACCOUNT              # Updates an ACCOUNT in the keyring
+      awskeyring --version, -v                # Prints the version
+      awskeyring add ACCOUNT                  # Adds an ACCOUNT to the keyring
+      awskeyring add-role ROLE                # Adds a ROLE to the keyring
+      awskeyring console ACCOUNT              # Open the AWS Console for the ACCOUNT
+      awskeyring env ACCOUNT                  # Outputs bourne shell environment exports for an ACCOUNT
+      awskeyring exec ACCOUNT command...      # Execute a COMMAND with the environment set for an ACCOUNT
+      awskeyring help [COMMAND]               # Describe available commands or one specific command
+      awskeyring import ACCOUNT               # Import an ACCOUNT to the keyring from ~/.aws/credentials
+      awskeyring initialise                   # Initialises a new KEYCHAIN
+      awskeyring json ACCOUNT                 # Outputs AWS CLI compatible JSON for an ACCOUNT
+      awskeyring list                         # Prints a list of accounts in the keyring
+      awskeyring list-role                    # Prints a list of roles in the keyring
+      awskeyring remove ACCOUNT               # Removes an ACCOUNT from the keyring
+      awskeyring remove-role ROLE             # Removes a ROLE from the keyring
+      awskeyring remove-token ACCOUNT         # Removes a token for ACCOUNT from the keyring
+      awskeyring rotate ACCOUNT               # Rotate access keys for an ACCOUNT
+      awskeyring token ACCOUNT [ROLE] [CODE]  # Create an STS Token from a ROLE or an mfa CODE
+      awskeyring update ACCOUNT               # Updates an ACCOUNT in the keyring
 
 and autocomplete that can be installed with:
 

data/Rakefile

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
 require 'ronn'
 require 'github_changelog_generator/task'
@@ -49,8 +48,9 @@ end
 desc 'generate manpage'
 task :ronn do
   puts 'Running Ronn...'
-  roff_text = Ronn::Document.new('man/awskeyring.5.ronn').to_roff
-  File.write('man/awskeyring.5', roff_text)
+  doc = Ronn::Document.new('man/awskeyring.5.ronn')
+  doc.date = Time.parse(`git show -s --format=%ad --date=short`)
+  File.write('man/awskeyring.5', doc.to_roff)
   puts "done\n\n"
 end
 

data/i18n/en.yml

@@ -17,7 +17,7 @@ en:
   remove_role_desc: Removes a ROLE from the keyring
   remove_token_desc: Removes a token for ACCOUNT from the keyring
   rotate_desc: Rotate access keys for an ACCOUNT
-  token_desc: Create an STS Token from a ROLE or an MFA code
+  token_desc: Create an STS Token from a ROLE or an mfa CODE
   update_desc: Updates an ACCOUNT in the keyring
   method_option:
     arn: 'AWS role arn.'

data/lib/awskeyring/awsapi.rb

@@ -209,7 +209,7 @@ module Awskeyring
     # Get the signin token param
     private_class_method def self.token_param(session_json:)
       get_signin_token_url = AWS_SIGNIN_URL + '?Action=getSigninToken' \
-                             '&Session=' + CGI.escape(session_json)
+                                              '&Session=' + CGI.escape(session_json)
 
       uri       = URI(get_signin_token_url)
       request   = Net::HTTP.new(uri.host, uri.port)

data/lib/awskeyring/credential_provider.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-core'
+require 'awskeyring'
+
+module Awskeyring
+  # Provide a credential provider for use as a library, eg.
+  #     require 'awskeyring/credential_provider'
+  #     client = Aws::STS::Client.new(
+  #       credentials: Awskeyring::CredentialProvider.new("company-acc")
+  #     )
+  class CredentialProvider
+    include Aws::CredentialProvider
+
+    attr_accessor :account
+
+    def initialize(account)
+      @account = account
+    end
+
+    # returns a new Aws::Credentials object
+    def credentials
+      cred = Awskeyring.get_valid_creds(account: account)
+      Aws::Credentials.new(cred[:key],
+                           cred[:secret],
+                           cred[:token])
+    end
+  end
+end

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.8.4'
+  VERSION = '1.9.2'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring.rb

@@ -52,6 +52,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     prefs = {
       awskeyring: awskeyring,
       keyage: DEFAULT_KEY_AGE,
+      browser: DEFAULT_BROWSER_LIST,
       console: DEFAULT_CONSOLE_LIST
     }
     File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
@@ -97,6 +98,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     all_items.where(account: account).first
   end
 
+  # return item that matches a prefix if only one.
+  def self.solo_select(list, prefix)
+    return prefix if list.include?(prefix)
+
+    list.select! { |elem| elem.start_with?(prefix) }
+
+    return list.first if list.length == 1
+
+    nil
+  end
+
   # Add an account item
   #
   # @param [String] account The account name to create
@@ -317,7 +329,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] account_name the associated account name.
   def self.account_exists(account_name)
     Awskeyring::Validate.account_name(account_name)
-    raise 'Account does not exist' unless list_account_names.include?(account_name)
+    raise 'Account does not exist' unless (account_name = solo_select(list_account_names, account_name))
 
     account_name
   end
@@ -347,7 +359,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] role_name the associated role name.
   def self.role_exists(role_name)
     Awskeyring::Validate.role_name(role_name)
-    raise 'Role does not exist' unless list_role_names.include?(role_name)
+    raise 'Role does not exist' unless (role_name = solo_select(list_role_names, role_name))
 
     role_name
   end
@@ -367,7 +379,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @param [String] token_name the associated account name.
   def self.token_exists(token_name)
     Awskeyring::Validate.account_name(token_name)
-    raise 'Token does not exist' unless list_token_names.include?(token_name)
+    raise 'Token does not exist' unless (token_name = solo_select(list_token_names, token_name))
 
     token_name
   end

data/lib/awskeyring_command.rb

@@ -16,7 +16,6 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   I18n.backend.load_translations
 
   map %w[--version -v] => :__version
-  map %w[--help -h] => :help
   map 'adr' => :add_role
   map 'assume-role' => :token
   map 'ls' => :list
@@ -125,7 +124,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # Print JSON for use with credential_process
   def json(account)
     account = ask_check(
-      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
+      limited_to: Awskeyring.list_account_names
     )
     cred = age_check_and_get(account: account, no_token: options['no-token'])
     expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
@@ -177,11 +177,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
   # execute an external command with env set
-  def exec(account, *command)
+  def exec(account, *command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     if command.empty?
       warn I18n.t('message.exec')
       exit 1
     end
+    account = ask_check(
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
+      limited_to: Awskeyring.list_account_names
+    )
     cred = age_check_and_get(account: account, no_token: options['no-token'])
     env_vars = Awskeyring::Awsapi.get_env_array(cred)
     unbundle if options['no-bundle']
@@ -335,7 +339,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     puts I18n.t('message.upaccount', account: account)
   end
 
-  desc 'token ACCOUNT [ROLE] [MFA]', I18n.t('token_desc')
+  desc 'token ACCOUNT [ROLE] [CODE]', I18n.t('token_desc')
   method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
   method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
   # generate a sessiopn token
@@ -430,7 +434,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   desc "#{File.basename($PROGRAM_NAME)} CURR PREV", I18n.t('awskeyring_desc'), hide: true
   map File.basename($PROGRAM_NAME) => :autocomplete
   # autocomplete
-  def autocomplete(curr, prev)
+  def autocomplete(curr, prev = nil)
+    curr, prev = fix_args(curr, prev)
     comp_line = ENV['COMP_LINE']
     comp_point_str = ENV['COMP_POINT']
     unless comp_line && comp_point_str
@@ -448,16 +453,16 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   private
 
-  def age_check_and_get(account:, no_token:)
-    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
-
-    maxage = Awskeyring.key_age
-    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
-    warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
-
-    cred
+  # when a double dash is parsed it is dropped from the args but we need it
+  def fix_args(curr, prev)
+    if prev.nil?
+      [ARGV[1], ARGV[2]]
+    else
+      [curr, prev]
+    end
   end
 
+  # determine the type of completion needed
   def comp_type(comp_lines:, prev:)
     sub_cmd = sub_command(comp_lines)
     comp_idx = comp_lines.rindex(prev)
@@ -475,8 +480,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     [comp_type, sub_cmd]
   end
 
+  # check params for named params or fall back to flags
   def param_type(comp_idx, sub_cmd)
-    param_list = method(sub_cmd).parameters
+    types = %i[opt req]
+    param_list = method(sub_cmd).parameters.select { |elem| types.include? elem[0] }
     if comp_idx.zero?
       :command
     elsif comp_idx > param_list.length
@@ -486,18 +493,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
+  # catch the command from prefixes and aliases
   def sub_command(comp_lines)
-    return '' if comp_lines.nil? || comp_lines.length < 2
+    return '' if comp_lines.length < 2
 
-    sub_cmd = comp_lines[1].tr('-', '_')
+    sub_cmd = comp_lines[1]
 
-    sub_cmds = self.class.all_commands.keys.select { |elem| elem.start_with?(sub_cmd) }
+    return self.class.map[sub_cmd].to_s if self.class.map.key? sub_cmd
 
-    return sub_cmds.first if sub_cmds.length == 1
-
-    self.class.map[sub_cmd].to_s
+    (Awskeyring.solo_select(list_commands, sub_cmd) || '').tr('-', '_')
   end
 
+  # given a type return the right list for completions
   def fetch_auto_resp(comp_type, sub_cmd)
     case comp_type
     when :command
@@ -517,11 +524,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
+  # list command names
   def list_commands
     commands = self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
     commands.reject! { |elem| %w[autocomplete default].include?(elem) }
   end
 
+  # list flags for a command
   def list_arguments(command:)
     options = self.class.all_commands[command].options.values
     exit 1 if options.empty?
@@ -530,18 +539,32 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       options.map(&:switch_name)
   end
 
+  # add warning about old keys
+  def age_check_and_get(account:, no_token:)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
+
+    maxage = Awskeyring.key_age
+    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
+    warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
+
+    cred
+  end
+
+  # print exports from map
   def put_env_string(cred)
     env_var = Awskeyring::Awsapi.get_env_array(cred)
     env_var.each { |var, value| puts "export #{var}=\"#{value}\"" }
     Awskeyring::Awsapi::AWS_ENV_VARS.each { |key| puts "unset #{key}" unless env_var.key?(key) }
   end
 
+  # select duration for sts token types
   def default_duration(duration, role, code)
     duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
     duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
     duration || Awskeyring::Awsapi::ONE_HOUR.to_s
   end
 
+  # ask and validate input values.
   def ask_check(existing:, message:, flags: nil, validator: nil, limited_to: nil) # rubocop:disable Metrics/MethodLength
     retries ||= 3
     begin
@@ -562,10 +585,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     value
   end
 
+  # ask for somthinng if its missing.
   def ask_missing(existing:, message:, secure: false, optional: false, limited_to: nil)
     existing || ask(message: message, secure: secure, optional: optional, limited_to: limited_to).strip
   end
 
+  # ask in different ways
   def ask(message:, secure: false, optional: false, limited_to: nil)
     if secure
       Awskeyring::Input.read_secret("#{message.rjust(20)}: ")
@@ -578,6 +603,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     end
   end
 
+  # undo Bundler env vars
   def unbundle
     to_delete = ENV.keys.select { |elem| elem.start_with?('BUNDLER_ORIG_') }
     bundled_env = to_delete.map { |elem| elem[('BUNDLER_ORIG_'.length)..] }

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "May 2021" "" ""
+.TH "AWSKEYRING" "5" "September 2021" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -189,10 +189,10 @@ rotate ACCOUNT:
 Rotate access keys for an ACCOUNT
 .
 .TP
-token ACCOUNT [ROLE] [MFA]:
+token ACCOUNT [ROLE] [CODE]:
 .
 .IP
-Create an STS Token from a ROLE or an MFA code
+Create an STS Token from a ROLE or an mfa CODE
 .
 .br
 .

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.8.4
+  version: 1.9.2
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-24 00:00:00.000000000 Z
+date: 2021-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -82,6 +82,7 @@ files:
 - i18n/en.yml
 - lib/awskeyring.rb
 - lib/awskeyring/awsapi.rb
+- lib/awskeyring/credential_provider.rb
 - lib/awskeyring/input.rb
 - lib/awskeyring/validate.rb
 - lib/awskeyring/version.rb
@@ -93,8 +94,8 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/servian/awskeyring/issues
   changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
-  documentation_uri: https://rubydoc.info/gems/awskeyring/1.8.4
-  source_code_uri: https://github.com/servian/awskeyring/tree/v1.8.4
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.9.2
+  source_code_uri: https://github.com/servian/awskeyring/tree/v1.9.2
   wiki_uri: https://github.com/servian/awskeyring/wiki
 post_install_message: 
 rdoc_options: []