awskeyring 1.8.5 → 1.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.txt +1 -1
- data/Rakefile +4 -4
- data/awskeyring.gemspec +1 -0
- data/lib/awskeyring/awsapi.rb +1 -1
- data/lib/awskeyring/credential_provider.rb +29 -0
- data/lib/awskeyring/validate.rb +7 -1
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring.rb +15 -3
- data/lib/awskeyring_command.rb +12 -10
- data/man/awskeyring.5 +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ab7e97d00115352839c4d8e0824bb600df50322cab8fc819236635ff17235c3b
|
4
|
+
data.tar.gz: bc9f08082c31fe1fdc130506ccab07f782b78b55aa8b55d45b51d2c93305a9fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 200fd3d71505cb09266c76ff58ed9ad09ed671353b3df800aa774e68e482e4f02d87304cd5af59a978f084493da97352b10eed7fa47fa3aafad7a4aabdbfdd26
|
7
|
+
data.tar.gz: e0e114ab4d902e2ca79d571a34b88fd7d600abd322e6a98a2e44bd90f8b705a2d9571e9175fd3481e8666986d78b78e7de8c4b3038cd3e3744d5b61c60c0323f
|
data/LICENSE.txt
CHANGED
data/Rakefile
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'bundler/gem_tasks'
|
4
|
-
require 'rspec/core/rake_task'
|
5
4
|
require 'rubocop/rake_task'
|
6
5
|
require 'ronn'
|
7
6
|
require 'github_changelog_generator/task'
|
@@ -40,7 +39,7 @@ task :filemode do
|
|
40
39
|
files.merge(dirs).each do |file|
|
41
40
|
mode = File.stat(file).mode
|
42
41
|
print '.'
|
43
|
-
failure << file if (mode & 0x7) != (mode >> 3 & 0x7)
|
42
|
+
failure << file if (mode & 0x7) != ((mode >> 3) & 0x7)
|
44
43
|
end
|
45
44
|
abort "\nError: Incorrect file mode found\n#{failure.join("\n")}" unless failure.empty?
|
46
45
|
print "\n"
|
@@ -49,8 +48,9 @@ end
|
|
49
48
|
desc 'generate manpage'
|
50
49
|
task :ronn do
|
51
50
|
puts 'Running Ronn...'
|
52
|
-
|
53
|
-
|
51
|
+
doc = Ronn::Document.new('man/awskeyring.5.ronn')
|
52
|
+
doc.date = Time.parse(`git show -s --format=%ad --date=short`)
|
53
|
+
File.write('man/awskeyring.5', doc.to_roff)
|
54
54
|
puts "done\n\n"
|
55
55
|
end
|
56
56
|
|
data/awskeyring.gemspec
CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
'bug_tracker_uri' => "#{Awskeyring::HOMEPAGE}/issues",
|
27
27
|
'changelog_uri' => "#{Awskeyring::HOMEPAGE}/blob/main/CHANGELOG.md",
|
28
28
|
'documentation_uri' => "https://rubydoc.info/gems/#{spec.name}/#{Awskeyring::VERSION}",
|
29
|
+
'rubygems_mfa_required' => 'true',
|
29
30
|
'source_code_uri' => "#{Awskeyring::HOMEPAGE}/tree/v#{Awskeyring::VERSION}",
|
30
31
|
'wiki_uri' => "#{Awskeyring::HOMEPAGE}/wiki"
|
31
32
|
}
|
data/lib/awskeyring/awsapi.rb
CHANGED
@@ -209,7 +209,7 @@ module Awskeyring
|
|
209
209
|
# Get the signin token param
|
210
210
|
private_class_method def self.token_param(session_json:)
|
211
211
|
get_signin_token_url = AWS_SIGNIN_URL + '?Action=getSigninToken' \
|
212
|
-
|
212
|
+
'&Session=' + CGI.escape(session_json)
|
213
213
|
|
214
214
|
uri = URI(get_signin_token_url)
|
215
215
|
request = Net::HTTP.new(uri.host, uri.port)
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'aws-sdk-core'
|
4
|
+
require 'awskeyring'
|
5
|
+
|
6
|
+
module Awskeyring
|
7
|
+
# Provide a credential provider for use as a library, eg.
|
8
|
+
# require 'awskeyring/credential_provider'
|
9
|
+
# client = Aws::STS::Client.new(
|
10
|
+
# credentials: Awskeyring::CredentialProvider.new("company-acc")
|
11
|
+
# )
|
12
|
+
class CredentialProvider
|
13
|
+
include Aws::CredentialProvider
|
14
|
+
|
15
|
+
attr_accessor :account
|
16
|
+
|
17
|
+
def initialize(account)
|
18
|
+
@account = account
|
19
|
+
end
|
20
|
+
|
21
|
+
# returns a new Aws::Credentials object
|
22
|
+
def credentials
|
23
|
+
cred = Awskeyring.get_valid_creds(account: account)
|
24
|
+
Aws::Credentials.new(cred[:key],
|
25
|
+
cred[:secret],
|
26
|
+
cred[:token])
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/awskeyring/validate.rb
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'base64'
|
4
|
+
|
3
5
|
# Awskeyring Module,
|
4
6
|
# gives you an interface to access keychains and items.
|
5
7
|
module Awskeyring
|
@@ -27,7 +29,11 @@ module Awskeyring
|
|
27
29
|
#
|
28
30
|
# @param [String] aws_secret_access_key The aws_secret_access_key
|
29
31
|
def self.secret_access_key(aws_secret_access_key)
|
30
|
-
|
32
|
+
begin
|
33
|
+
raise 'Invalid Secret Access Key' unless Base64.strict_decode64(aws_secret_access_key).length == 30
|
34
|
+
rescue ArgumentError
|
35
|
+
raise 'Invalid Secret Access Key'
|
36
|
+
end
|
31
37
|
|
32
38
|
aws_secret_access_key
|
33
39
|
end
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring.rb
CHANGED
@@ -52,6 +52,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
52
52
|
prefs = {
|
53
53
|
awskeyring: awskeyring,
|
54
54
|
keyage: DEFAULT_KEY_AGE,
|
55
|
+
browser: DEFAULT_BROWSER_LIST,
|
55
56
|
console: DEFAULT_CONSOLE_LIST
|
56
57
|
}
|
57
58
|
File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
|
@@ -97,6 +98,17 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
97
98
|
all_items.where(account: account).first
|
98
99
|
end
|
99
100
|
|
101
|
+
# return item that matches a prefix if only one.
|
102
|
+
def self.solo_select(list, prefix)
|
103
|
+
return prefix if list.include?(prefix)
|
104
|
+
|
105
|
+
list.select! { |elem| elem.start_with?(prefix) }
|
106
|
+
|
107
|
+
return list.first if list.length == 1
|
108
|
+
|
109
|
+
nil
|
110
|
+
end
|
111
|
+
|
100
112
|
# Add an account item
|
101
113
|
#
|
102
114
|
# @param [String] account The account name to create
|
@@ -317,7 +329,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
317
329
|
# @param [String] account_name the associated account name.
|
318
330
|
def self.account_exists(account_name)
|
319
331
|
Awskeyring::Validate.account_name(account_name)
|
320
|
-
raise 'Account does not exist' unless
|
332
|
+
raise 'Account does not exist' unless (account_name = solo_select(list_account_names, account_name))
|
321
333
|
|
322
334
|
account_name
|
323
335
|
end
|
@@ -347,7 +359,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
347
359
|
# @param [String] role_name the associated role name.
|
348
360
|
def self.role_exists(role_name)
|
349
361
|
Awskeyring::Validate.role_name(role_name)
|
350
|
-
raise 'Role does not exist' unless
|
362
|
+
raise 'Role does not exist' unless (role_name = solo_select(list_role_names, role_name))
|
351
363
|
|
352
364
|
role_name
|
353
365
|
end
|
@@ -367,7 +379,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
367
379
|
# @param [String] token_name the associated account name.
|
368
380
|
def self.token_exists(token_name)
|
369
381
|
Awskeyring::Validate.account_name(token_name)
|
370
|
-
raise 'Token does not exist' unless
|
382
|
+
raise 'Token does not exist' unless (token_name = solo_select(list_token_names, token_name))
|
371
383
|
|
372
384
|
token_name
|
373
385
|
end
|
data/lib/awskeyring_command.rb
CHANGED
@@ -16,7 +16,6 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
16
16
|
I18n.backend.load_translations
|
17
17
|
|
18
18
|
map %w[--version -v] => :__version
|
19
|
-
map %w[--help -h] => :help
|
20
19
|
map 'adr' => :add_role
|
21
20
|
map 'assume-role' => :token
|
22
21
|
map 'ls' => :list
|
@@ -125,7 +124,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
125
124
|
# Print JSON for use with credential_process
|
126
125
|
def json(account)
|
127
126
|
account = ask_check(
|
128
|
-
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
|
127
|
+
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
|
128
|
+
limited_to: Awskeyring.list_account_names
|
129
129
|
)
|
130
130
|
cred = age_check_and_get(account: account, no_token: options['no-token'])
|
131
131
|
expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
|
@@ -133,7 +133,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
133
133
|
key: cred[:key],
|
134
134
|
secret: cred[:secret],
|
135
135
|
token: cred[:token],
|
136
|
-
expiry: (expiry || Time.new + Awskeyring::Awsapi::ONE_HOUR).iso8601
|
136
|
+
expiry: (expiry || (Time.new + Awskeyring::Awsapi::ONE_HOUR)).iso8601
|
137
137
|
)
|
138
138
|
end
|
139
139
|
|
@@ -177,11 +177,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
177
177
|
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
178
178
|
method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
|
179
179
|
# execute an external command with env set
|
180
|
-
def exec(account, *command)
|
180
|
+
def exec(account, *command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
181
181
|
if command.empty?
|
182
182
|
warn I18n.t('message.exec')
|
183
183
|
exit 1
|
184
184
|
end
|
185
|
+
account = ask_check(
|
186
|
+
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
|
187
|
+
limited_to: Awskeyring.list_account_names
|
188
|
+
)
|
185
189
|
cred = age_check_and_get(account: account, no_token: options['no-token'])
|
186
190
|
env_vars = Awskeyring::Awsapi.get_env_array(cred)
|
187
191
|
unbundle if options['no-bundle']
|
@@ -491,15 +495,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
491
495
|
|
492
496
|
# catch the command from prefixes and aliases
|
493
497
|
def sub_command(comp_lines)
|
494
|
-
return '' if comp_lines.
|
495
|
-
|
496
|
-
sub_cmd = comp_lines[1].tr('-', '_')
|
498
|
+
return '' if comp_lines.length < 2
|
497
499
|
|
498
|
-
|
500
|
+
sub_cmd = comp_lines[1]
|
499
501
|
|
500
|
-
return
|
502
|
+
return self.class.map[sub_cmd].to_s if self.class.map.key? sub_cmd
|
501
503
|
|
502
|
-
|
504
|
+
(Awskeyring.solo_select(list_commands, sub_cmd) || '').tr('-', '_')
|
503
505
|
end
|
504
506
|
|
505
507
|
# given a type return the right list for completions
|
data/man/awskeyring.5
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "AWSKEYRING" "5" "
|
4
|
+
.TH "AWSKEYRING" "5" "January 2022" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awskeyring
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.9.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tristan Morgan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-iam
|
@@ -82,6 +82,7 @@ files:
|
|
82
82
|
- i18n/en.yml
|
83
83
|
- lib/awskeyring.rb
|
84
84
|
- lib/awskeyring/awsapi.rb
|
85
|
+
- lib/awskeyring/credential_provider.rb
|
85
86
|
- lib/awskeyring/input.rb
|
86
87
|
- lib/awskeyring/validate.rb
|
87
88
|
- lib/awskeyring/version.rb
|
@@ -93,8 +94,9 @@ licenses:
|
|
93
94
|
metadata:
|
94
95
|
bug_tracker_uri: https://github.com/servian/awskeyring/issues
|
95
96
|
changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
|
96
|
-
documentation_uri: https://rubydoc.info/gems/awskeyring/1.
|
97
|
-
|
97
|
+
documentation_uri: https://rubydoc.info/gems/awskeyring/1.9.3
|
98
|
+
rubygems_mfa_required: 'true'
|
99
|
+
source_code_uri: https://github.com/servian/awskeyring/tree/v1.9.3
|
98
100
|
wiki_uri: https://github.com/servian/awskeyring/wiki
|
99
101
|
post_install_message:
|
100
102
|
rdoc_options: []
|
@@ -111,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
111
113
|
- !ruby/object:Gem::Version
|
112
114
|
version: '0'
|
113
115
|
requirements: []
|
114
|
-
rubygems_version: 3.0.3
|
116
|
+
rubygems_version: 3.0.3.1
|
115
117
|
signing_key:
|
116
118
|
specification_version: 4
|
117
119
|
summary: Manages AWS credentials in the macOS keychain
|