awskeyring 1.9.5 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/i18n/en.yml +2 -0
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +21 -8
- data/man/awskeyring.5 +58 -11
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d9c2970e11f8010bdad75abe884f095359e4b673286bae9d9b71bffc0ba4be1
|
4
|
+
data.tar.gz: d1f1aa922b0a1625fb53cc3354895fefaedb719ef78336506603260fef6e9fb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60866afa30750d31ac60400e40176688164b7013180a6457ee0c88fdd5ce4bbcffca7ed4102e0f2ea1946d8c866998b559fd4a5ec60fb70a0183555cd4dab556
|
7
|
+
data.tar.gz: fc5a66e3ee183f8f460e6272ff4d9a8f7ec5abbec4dd3d6ddeb0b899dbd524ea5ee830d2aa489929f3de0e0d235cca0debcb636a36353b3cb7cf87755fd1cf9b
|
data/i18n/en.yml
CHANGED
@@ -35,6 +35,7 @@ en:
|
|
35
35
|
browser: 'Specify an alternative browser.'
|
36
36
|
secret: 'AWS account secret.'
|
37
37
|
unset: 'Unset environment variables.'
|
38
|
+
force: 'Force output to a tty.'
|
38
39
|
message:
|
39
40
|
keychain: 'Name for new keychain (default: awskeyring)'
|
40
41
|
account: 'account name'
|
@@ -57,6 +58,7 @@ en:
|
|
57
58
|
deltoken: '# Removing token for account %{account}'
|
58
59
|
delexpired: '# Removing expired session credentials'
|
59
60
|
exec: '# COMMAND not provided'
|
61
|
+
ttyblock: '# Output suppressed to a tty, --force to override'
|
60
62
|
missing: '# Config missing, run `%{bin} initialise` to recreate.'
|
61
63
|
missing_account: '# No accounts added, run `%{bin} add` to add.'
|
62
64
|
missing_role: '# No roles added, run `%{bin} add-role` to add.'
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
@@ -102,6 +102,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
102
102
|
end
|
103
103
|
|
104
104
|
desc 'env ACCOUNT', I18n.t('env_desc')
|
105
|
+
method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
|
105
106
|
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
106
107
|
method_option :unset, type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
|
107
108
|
# Print Env vars
|
@@ -109,6 +110,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
109
110
|
if options[:unset]
|
110
111
|
put_env_string(account: nil, key: nil, secret: nil, token: nil)
|
111
112
|
else
|
113
|
+
output_safe(options[:force])
|
112
114
|
account = ask_check(
|
113
115
|
existing: account, message: I18n.t('message.account'),
|
114
116
|
validator: Awskeyring.method(:account_exists),
|
@@ -120,9 +122,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
120
122
|
end
|
121
123
|
|
122
124
|
desc 'json ACCOUNT', I18n.t('json_desc')
|
125
|
+
method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
|
123
126
|
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
124
127
|
# Print JSON for use with credential_process
|
125
|
-
def json(account)
|
128
|
+
def json(account) # rubocop:disable Metrics/AbcSize
|
129
|
+
output_safe(options[:force])
|
126
130
|
account = ask_check(
|
127
131
|
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
|
128
132
|
limited_to: Awskeyring.list_account_names
|
@@ -174,8 +178,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
174
178
|
end
|
175
179
|
|
176
180
|
desc 'exec ACCOUNT command...', I18n.t('exec_desc')
|
177
|
-
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
178
181
|
method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
|
182
|
+
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
179
183
|
# execute an external command with env set
|
180
184
|
def exec(account, *command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
181
185
|
if command.empty?
|
@@ -192,7 +196,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
192
196
|
begin
|
193
197
|
pid = Process.spawn(env_vars, command.join(' '))
|
194
198
|
Process.wait pid
|
195
|
-
|
199
|
+
exit 1 if Process.last_status.exitstatus.positive?
|
196
200
|
rescue Errno::ENOENT => e
|
197
201
|
warn e.to_s
|
198
202
|
exit 1
|
@@ -201,9 +205,9 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
201
205
|
|
202
206
|
desc 'add ACCOUNT', I18n.t('add_desc')
|
203
207
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
204
|
-
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
205
208
|
method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
|
206
209
|
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
210
|
+
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
207
211
|
# Add an Account
|
208
212
|
def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
209
213
|
account = ask_check(
|
@@ -232,8 +236,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
232
236
|
|
233
237
|
desc 'update ACCOUNT', I18n.t('update_desc')
|
234
238
|
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
|
235
|
-
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
236
239
|
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
|
240
|
+
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
|
237
241
|
# Update an Account
|
238
242
|
def update(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
239
243
|
account = ask_check(
|
@@ -388,10 +392,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
388
392
|
end
|
389
393
|
|
390
394
|
desc 'console ACCOUNT', I18n.t('console_desc')
|
391
|
-
method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
|
392
395
|
method_option :browser, type: :string, aliases: '-b', desc: I18n.t('method_option.browser')
|
393
|
-
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
394
396
|
method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
|
397
|
+
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
|
398
|
+
method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
|
395
399
|
# Open the AWS Console
|
396
400
|
def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
397
401
|
account = ask_check(
|
@@ -418,6 +422,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
418
422
|
spawn_cmd = options[:browser] ? "open -a \"#{options[:browser]}\" \"#{login_url}\"" : "open \"#{login_url}\""
|
419
423
|
pid = Process.spawn(spawn_cmd)
|
420
424
|
Process.wait pid
|
425
|
+
exit 1 if Process.last_status.exitstatus.positive?
|
421
426
|
end
|
422
427
|
end
|
423
428
|
|
@@ -446,7 +451,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
446
451
|
# when a double dash is parsed it is dropped from the args but we need it
|
447
452
|
def fix_args(curr, prev)
|
448
453
|
if prev.nil?
|
449
|
-
[
|
454
|
+
[ARGF.argv[1], ARGF.argv[2]]
|
450
455
|
else
|
451
456
|
[curr, prev]
|
452
457
|
end
|
@@ -540,6 +545,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
540
545
|
cred
|
541
546
|
end
|
542
547
|
|
548
|
+
# warn if output is unsafe unless forced
|
549
|
+
def output_safe(force)
|
550
|
+
return if force || !$stdout.isatty
|
551
|
+
|
552
|
+
warn I18n.t('message.ttyblock')
|
553
|
+
exit 1
|
554
|
+
end
|
555
|
+
|
543
556
|
# print exports from map
|
544
557
|
def put_env_string(cred)
|
545
558
|
env_var = Awskeyring::Awsapi.get_env_array(cred)
|
data/man/awskeyring.5
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "AWSKEYRING" "5" "
|
4
|
+
.TH "AWSKEYRING" "5" "November 2022" "" ""
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
|
@@ -41,14 +41,14 @@ Adds an ACCOUNT to the keyring
|
|
41
41
|
\-k, \-\-key=KEY: AWS account key id\.
|
42
42
|
.
|
43
43
|
.br
|
44
|
-
\-s, \-\-secret=SECRET: AWS account secret\.
|
45
|
-
.
|
46
|
-
.br
|
47
44
|
\-m, \-\-mfa=MFA: AWS virtual mfa arn\.
|
48
45
|
.
|
49
46
|
.br
|
50
47
|
\-r, \-\-no\-remote: Do not validate with remote api\.
|
51
48
|
.
|
49
|
+
.br
|
50
|
+
\-s, \-\-secret=SECRET: AWS account secret\.
|
51
|
+
.
|
52
52
|
.TP
|
53
53
|
add\-role ROLE:
|
54
54
|
.
|
@@ -69,16 +69,16 @@ Open the AWS Console for the ACCOUNT
|
|
69
69
|
.br
|
70
70
|
.
|
71
71
|
.IP
|
72
|
-
\-
|
72
|
+
\-b, \-\-browser=BROWSER: Specify an alternative browser\.
|
73
73
|
.
|
74
74
|
.br
|
75
|
-
\-
|
75
|
+
\-o, \-\-no\-open: Do not open the url\.
|
76
76
|
.
|
77
77
|
.br
|
78
78
|
\-n, \-\-no\-token: Do not use saved token\.
|
79
79
|
.
|
80
80
|
.br
|
81
|
-
\-
|
81
|
+
\-p, \-\-path=PATH: The service PATH to open\.
|
82
82
|
.
|
83
83
|
.TP
|
84
84
|
env ACCOUNT:
|
@@ -89,6 +89,9 @@ Outputs bourne shell environment exports for an ACCOUNT
|
|
89
89
|
.br
|
90
90
|
.
|
91
91
|
.IP
|
92
|
+
\-f, \-\-force: Force output to a tty\.
|
93
|
+
.
|
94
|
+
.br
|
92
95
|
\-n, \-\-no\-token: Do not use saved token\.
|
93
96
|
.
|
94
97
|
.br
|
@@ -103,10 +106,10 @@ Execute a COMMAND with the environment set for an ACCOUNT
|
|
103
106
|
.br
|
104
107
|
.
|
105
108
|
.IP
|
106
|
-
\-
|
109
|
+
\-b, \-\-no\-bundle: Unset Bundler environment variables\.
|
107
110
|
.
|
108
111
|
.br
|
109
|
-
\-
|
112
|
+
\-n, \-\-no\-token: Do not use saved token\.
|
110
113
|
.
|
111
114
|
.TP
|
112
115
|
help [COMMAND]:
|
@@ -145,6 +148,9 @@ Outputs AWS CLI compatible JSON for an ACCOUNT
|
|
145
148
|
.br
|
146
149
|
.
|
147
150
|
.IP
|
151
|
+
\-f, \-\-force: Force output to a tty\.
|
152
|
+
.
|
153
|
+
.br
|
148
154
|
\-n, \-\-no\-token: Do not use saved token\.
|
149
155
|
.
|
150
156
|
.TP
|
@@ -214,10 +220,10 @@ Updates an ACCOUNT in the keyring
|
|
214
220
|
\-k, \-\-key=KEY: AWS account key id\.
|
215
221
|
.
|
216
222
|
.br
|
217
|
-
\-
|
223
|
+
\-r, \-\-no\-remote: Do not validate with remote api\.
|
218
224
|
.
|
219
225
|
.br
|
220
|
-
\-
|
226
|
+
\-s, \-\-secret=SECRET: AWS account secret\.
|
221
227
|
.
|
222
228
|
.SH "ENVIRONMENT"
|
223
229
|
The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us\-east\-1 when not\.
|
@@ -290,6 +296,47 @@ complete \-C /usr/local/bin/awskeyring awskeyring
|
|
290
296
|
.
|
291
297
|
.IP "" 0
|
292
298
|
.
|
299
|
+
.SH "CONFIGURATION"
|
300
|
+
A Configuration file is stored in the users home directory at \fB~/\.awskeyring\fR as a JSON formatted file\. Most of the fields have a default value except the awskeyring field\.
|
301
|
+
.
|
302
|
+
.IP "" 4
|
303
|
+
.
|
304
|
+
.nf
|
305
|
+
|
306
|
+
{
|
307
|
+
"awskeyring": "awskeyring",
|
308
|
+
"browser": ["FireFox", "Google Chrome", "Safari"],
|
309
|
+
"console": ["ec2/v2", "cloudwatch", "iam"],
|
310
|
+
"keyage": 90
|
311
|
+
}
|
312
|
+
.
|
313
|
+
.fi
|
314
|
+
.
|
315
|
+
.IP "" 0
|
316
|
+
.
|
317
|
+
.IP "1." 4
|
318
|
+
The first field is the Keychain that your keys will be saved in\.
|
319
|
+
.
|
320
|
+
.br
|
321
|
+
|
322
|
+
.
|
323
|
+
.IP "2." 4
|
324
|
+
A list of your browsers to use the console command with\.
|
325
|
+
.
|
326
|
+
.br
|
327
|
+
|
328
|
+
.
|
329
|
+
.IP "3." 4
|
330
|
+
The next is the list of AWS Console pages autocomplete will present\.
|
331
|
+
.
|
332
|
+
.br
|
333
|
+
|
334
|
+
.
|
335
|
+
.IP "4." 4
|
336
|
+
The last field is the warning threshold for key age\.
|
337
|
+
.
|
338
|
+
.IP "" 0
|
339
|
+
.
|
293
340
|
.SH "HISTORY"
|
294
341
|
The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. It then expanded to include autocomplete and a desire to have an almost complete test coverage to prevent regressions in its functionality\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
|
295
342
|
.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awskeyring
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tristan Morgan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-iam
|
@@ -92,9 +92,9 @@ licenses:
|
|
92
92
|
metadata:
|
93
93
|
bug_tracker_uri: https://github.com/servian/awskeyring/issues
|
94
94
|
changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
|
95
|
-
documentation_uri: https://rubydoc.info/gems/awskeyring/1.
|
95
|
+
documentation_uri: https://rubydoc.info/gems/awskeyring/1.10.0
|
96
96
|
rubygems_mfa_required: 'true'
|
97
|
-
source_code_uri: https://github.com/servian/awskeyring/tree/v1.
|
97
|
+
source_code_uri: https://github.com/servian/awskeyring/tree/v1.10.0
|
98
98
|
wiki_uri: https://github.com/servian/awskeyring/wiki
|
99
99
|
post_install_message:
|
100
100
|
rdoc_options: []
|