awskeyring 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +3 -1
- data/Rakefile +3 -1
- data/lib/awskeyring.rb +5 -5
- data/lib/awskeyring/awsapi.rb +4 -4
- data/lib/awskeyring/validate.rb +8 -0
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +24 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1643974c4cbfea33a3a2388ee0a26ca035561b69
|
|
4
|
+
data.tar.gz: f2c4c855e383f24bbeac967b19b6c47880638ab1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9bc85b2fae258fdc80f0b5466caf8bfff34fcaa9d6b8440744812177feb0c35381b84be69bb53f38019518168b937eadcc53a3197c12e42cbdbd2972ee3a8751
|
|
7
|
+
data.tar.gz: 96c1704c005c2c304c76cb8613b6a0982e6a508482b22e792149abcd8780c8d76ff01a49581ccc0a70b8e251103e39729161d7a9319cfb8a805f98d2b86b3888
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.1.1](https://github.com/vibrato/awskeyring/tree/v0.1.1) (2018-03-26)
|
|
4
|
+
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.1.0...v0.1.1)
|
|
5
|
+
|
|
6
|
+
**Merged pull requests:**
|
|
7
|
+
|
|
8
|
+
- More coverage with tests. [\#15](https://github.com/vibrato/awskeyring/pull/15) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
9
|
+
- Validate MFA code and tweak Autocomplete [\#14](https://github.com/vibrato/awskeyring/pull/14) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
10
|
+
|
|
3
11
|
## [v0.1.0](https://github.com/vibrato/awskeyring/tree/v0.1.0) (2018-03-14)
|
|
4
12
|
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.0.6...v0.1.0)
|
|
5
13
|
|
data/README.md
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* [](https://opensource.org/licenses/MIT)
|
|
6
6
|
* [](https://rubygems.org/gems/awskeyring)
|
|
7
7
|
* [](https://rubygems.org/gems/awskeyring)
|
|
8
|
+
* [](http://www.rubydoc.info/gems/awskeyring)
|
|
8
9
|
|
|
9
10
|
Awskeyring is a small tool to manage AWS account keys in the macOS Keychain.
|
|
10
11
|
|
|
@@ -12,7 +13,8 @@ Awskeyring is a small tool to manage AWS account keys in the macOS Keychain.
|
|
|
12
13
|
|
|
13
14
|
The motivation of this application is to provide a local secure store of AWS
|
|
14
15
|
credentials using specifically in the macOS Keychain, to have them easily accessed
|
|
15
|
-
from the Terminal, and to provide useful functions like assuming roles
|
|
16
|
+
from the Terminal, and to provide useful functions like assuming roles and opening
|
|
17
|
+
the AWS Console from the cli.
|
|
16
18
|
For Enterprise environments there are better suited tools to use
|
|
17
19
|
like [HashiCorp Vault](https://vaultproject.io/).
|
|
18
20
|
|
data/Rakefile
CHANGED
|
@@ -15,16 +15,18 @@ RSpec::Core::RakeTask.new(:spec)
|
|
|
15
15
|
|
|
16
16
|
desc 'Check filemode bits'
|
|
17
17
|
task :filemode do
|
|
18
|
-
files =
|
|
18
|
+
files = `git ls-files -z`.split("\x0")
|
|
19
19
|
failure = false
|
|
20
20
|
files.each do |file|
|
|
21
21
|
mode = File.stat(file).mode
|
|
22
|
+
print '.'
|
|
22
23
|
if (mode & 0x7) != (mode >> 3 & 0x7)
|
|
23
24
|
puts file
|
|
24
25
|
failure = true
|
|
25
26
|
end
|
|
26
27
|
end
|
|
27
28
|
abort 'Error: Incorrect file mode found' if failure
|
|
29
|
+
print "\n"
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
task default: %i[filemode rubocop spec]
|
data/lib/awskeyring.rb
CHANGED
|
@@ -47,23 +47,23 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
47
47
|
|
|
48
48
|
keychain = Keychain.open(prefs['awskeyring'])
|
|
49
49
|
if keychain && keychain.lock_interval > 300
|
|
50
|
-
warn 'It is STRONGLY
|
|
50
|
+
warn 'It is STRONGLY recommended to set your keychain to lock in 5 minutes or less.'
|
|
51
51
|
end
|
|
52
52
|
keychain
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
# Return a list of all acount items
|
|
56
56
|
private_class_method def self.list_items
|
|
57
|
-
items = all_items.all.sort do |
|
|
58
|
-
|
|
57
|
+
items = all_items.all.sort do |elem_a, elem_b|
|
|
58
|
+
elem_a.attributes[:label] <=> elem_b.attributes[:label]
|
|
59
59
|
end
|
|
60
60
|
items.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
# Return a list of all role items
|
|
64
64
|
private_class_method def self.list_roles
|
|
65
|
-
items = all_items.all.sort do |
|
|
66
|
-
|
|
65
|
+
items = all_items.all.sort do |elem_a, elem_b|
|
|
66
|
+
elem_a.attributes[:label] <=> elem_b.attributes[:label]
|
|
67
67
|
end
|
|
68
68
|
items.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
|
|
69
69
|
end
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -48,8 +48,8 @@ module Awskeyring
|
|
|
48
48
|
token_code: params[:code]
|
|
49
49
|
)
|
|
50
50
|
end
|
|
51
|
-
rescue Aws::STS::Errors::AccessDenied =>
|
|
52
|
-
puts
|
|
51
|
+
rescue Aws::STS::Errors::AccessDenied => err
|
|
52
|
+
puts err.to_s
|
|
53
53
|
exit 1
|
|
54
54
|
end
|
|
55
55
|
|
|
@@ -153,13 +153,13 @@ module Awskeyring
|
|
|
153
153
|
retries ||= 1
|
|
154
154
|
begin
|
|
155
155
|
yield block
|
|
156
|
-
rescue Aws::IAM::Errors::InvalidClientTokenId =>
|
|
156
|
+
rescue Aws::IAM::Errors::InvalidClientTokenId => err
|
|
157
157
|
if retries < 4
|
|
158
158
|
sleep 2**retries
|
|
159
159
|
retries += 1
|
|
160
160
|
retry
|
|
161
161
|
end
|
|
162
|
-
warn
|
|
162
|
+
warn err.message
|
|
163
163
|
exit 1
|
|
164
164
|
end
|
|
165
165
|
end
|
data/lib/awskeyring/validate.rb
CHANGED
|
@@ -50,5 +50,13 @@ module Awskeyring
|
|
|
50
50
|
raise 'Invalid Role ARN' unless role_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:role\/\S*\z)
|
|
51
51
|
role_arn
|
|
52
52
|
end
|
|
53
|
+
|
|
54
|
+
# Validate an MFA CODE
|
|
55
|
+
#
|
|
56
|
+
# @param [String] mfa_code The mfa code
|
|
57
|
+
def self.mfa_code(mfa_code)
|
|
58
|
+
raise 'Invalid MFA CODE' unless mfa_code =~ /\A\d{6}\z/
|
|
59
|
+
mfa_code
|
|
60
|
+
end
|
|
53
61
|
end
|
|
54
62
|
end
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -10,11 +10,13 @@ require 'awskeyring/version'
|
|
|
10
10
|
class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
11
11
|
map %w[--version -v] => :__version
|
|
12
12
|
map ['init'] => :initialise
|
|
13
|
+
map ['con'] => :console
|
|
13
14
|
map ['ls'] => :list
|
|
14
15
|
map ['lsr'] => :list_role
|
|
15
16
|
map ['rm'] => :remove
|
|
16
17
|
map ['rmr'] => :remove_role
|
|
17
18
|
map ['rmt'] => :remove_token
|
|
19
|
+
map ['rot'] => :rotate
|
|
18
20
|
|
|
19
21
|
desc '--version, -v', 'Prints the version'
|
|
20
22
|
# print the version number
|
|
@@ -189,7 +191,17 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
189
191
|
existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
|
|
190
192
|
)
|
|
191
193
|
role ||= options[:role]
|
|
194
|
+
if role
|
|
195
|
+
role = ask_check(
|
|
196
|
+
existing: role, message: 'role name', validator: Awskeyring::Validate.method(:role_name)
|
|
197
|
+
)
|
|
198
|
+
end
|
|
192
199
|
code ||= options[:code]
|
|
200
|
+
if code
|
|
201
|
+
code = ask_check(
|
|
202
|
+
existing: code, message: 'current mfa code', validator: Awskeyring::Validate.method(:mfa_code)
|
|
203
|
+
)
|
|
204
|
+
end
|
|
193
205
|
duration = options[:duration]
|
|
194
206
|
duration ||= (60 * 60 * 1).to_s if role
|
|
195
207
|
duration ||= (60 * 60 * 12).to_s if code
|
|
@@ -258,11 +270,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
258
270
|
warn "enable autocomplete with 'complete -C /path-to-command/#{exec_name} #{exec_name}'"
|
|
259
271
|
exit 1
|
|
260
272
|
end
|
|
261
|
-
comp_len = comp_line.split.
|
|
262
|
-
|
|
273
|
+
comp_len = comp_line.split.index(prev)
|
|
274
|
+
|
|
275
|
+
case prev
|
|
276
|
+
when 'help'
|
|
277
|
+
comp_len = 0
|
|
278
|
+
when 'remove-role', '-r', 'rmr'
|
|
279
|
+
comp_len = 2
|
|
280
|
+
end
|
|
263
281
|
|
|
264
|
-
comp_len = 2 if prev == 'help'
|
|
265
|
-
comp_len = 4 if prev == 'remove-role'
|
|
266
282
|
print_auto_resp(curr, comp_len)
|
|
267
283
|
end
|
|
268
284
|
|
|
@@ -270,11 +286,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
270
286
|
|
|
271
287
|
def print_auto_resp(curr, len)
|
|
272
288
|
case len
|
|
273
|
-
when
|
|
289
|
+
when 0
|
|
274
290
|
puts list_commands.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
275
|
-
when
|
|
291
|
+
when 1
|
|
276
292
|
puts Awskeyring.list_account_names.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
277
|
-
when
|
|
293
|
+
when 2
|
|
278
294
|
puts Awskeyring.list_role_names.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
279
295
|
else
|
|
280
296
|
exit 1
|
|
@@ -315,6 +331,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
315
331
|
value = validator.call(value) unless value.empty? && optional
|
|
316
332
|
rescue RuntimeError => e
|
|
317
333
|
warn e.message
|
|
334
|
+
existing = nil
|
|
318
335
|
retry unless (retries -= 1).zero?
|
|
319
336
|
exit 1
|
|
320
337
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-03-
|
|
11
|
+
date: 2018-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|