awskeyring 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +3 -1
- data/Rakefile +3 -1
- data/lib/awskeyring.rb +5 -5
- data/lib/awskeyring/awsapi.rb +4 -4
- data/lib/awskeyring/validate.rb +8 -0
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +24 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1643974c4cbfea33a3a2388ee0a26ca035561b69
|
|
4
|
+
data.tar.gz: f2c4c855e383f24bbeac967b19b6c47880638ab1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9bc85b2fae258fdc80f0b5466caf8bfff34fcaa9d6b8440744812177feb0c35381b84be69bb53f38019518168b937eadcc53a3197c12e42cbdbd2972ee3a8751
|
|
7
|
+
data.tar.gz: 96c1704c005c2c304c76cb8613b6a0982e6a508482b22e792149abcd8780c8d76ff01a49581ccc0a70b8e251103e39729161d7a9319cfb8a805f98d2b86b3888
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.1.1](https://github.com/vibrato/awskeyring/tree/v0.1.1) (2018-03-26)
|
|
4
|
+
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.1.0...v0.1.1)
|
|
5
|
+
|
|
6
|
+
**Merged pull requests:**
|
|
7
|
+
|
|
8
|
+
- More coverage with tests. [\#15](https://github.com/vibrato/awskeyring/pull/15) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
9
|
+
- Validate MFA code and tweak Autocomplete [\#14](https://github.com/vibrato/awskeyring/pull/14) ([tristanmorgan](https://github.com/tristanmorgan))
|
|
10
|
+
|
|
3
11
|
## [v0.1.0](https://github.com/vibrato/awskeyring/tree/v0.1.0) (2018-03-14)
|
|
4
12
|
[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.0.6...v0.1.0)
|
|
5
13
|
|
data/README.md
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* [](https://opensource.org/licenses/MIT)
|
|
6
6
|
* [](https://rubygems.org/gems/awskeyring)
|
|
7
7
|
* [](https://rubygems.org/gems/awskeyring)
|
|
8
|
+
* [](http://www.rubydoc.info/gems/awskeyring)
|
|
8
9
|
|
|
9
10
|
Awskeyring is a small tool to manage AWS account keys in the macOS Keychain.
|
|
10
11
|
|
|
@@ -12,7 +13,8 @@ Awskeyring is a small tool to manage AWS account keys in the macOS Keychain.
|
|
|
12
13
|
|
|
13
14
|
The motivation of this application is to provide a local secure store of AWS
|
|
14
15
|
credentials using specifically in the macOS Keychain, to have them easily accessed
|
|
15
|
-
from the Terminal, and to provide useful functions like assuming roles
|
|
16
|
+
from the Terminal, and to provide useful functions like assuming roles and opening
|
|
17
|
+
the AWS Console from the cli.
|
|
16
18
|
For Enterprise environments there are better suited tools to use
|
|
17
19
|
like [HashiCorp Vault](https://vaultproject.io/).
|
|
18
20
|
|
data/Rakefile
CHANGED
|
@@ -15,16 +15,18 @@ RSpec::Core::RakeTask.new(:spec)
|
|
|
15
15
|
|
|
16
16
|
desc 'Check filemode bits'
|
|
17
17
|
task :filemode do
|
|
18
|
-
files =
|
|
18
|
+
files = `git ls-files -z`.split("\x0")
|
|
19
19
|
failure = false
|
|
20
20
|
files.each do |file|
|
|
21
21
|
mode = File.stat(file).mode
|
|
22
|
+
print '.'
|
|
22
23
|
if (mode & 0x7) != (mode >> 3 & 0x7)
|
|
23
24
|
puts file
|
|
24
25
|
failure = true
|
|
25
26
|
end
|
|
26
27
|
end
|
|
27
28
|
abort 'Error: Incorrect file mode found' if failure
|
|
29
|
+
print "\n"
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
task default: %i[filemode rubocop spec]
|
data/lib/awskeyring.rb
CHANGED
|
@@ -47,23 +47,23 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
47
47
|
|
|
48
48
|
keychain = Keychain.open(prefs['awskeyring'])
|
|
49
49
|
if keychain && keychain.lock_interval > 300
|
|
50
|
-
warn 'It is STRONGLY
|
|
50
|
+
warn 'It is STRONGLY recommended to set your keychain to lock in 5 minutes or less.'
|
|
51
51
|
end
|
|
52
52
|
keychain
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
# Return a list of all acount items
|
|
56
56
|
private_class_method def self.list_items
|
|
57
|
-
items = all_items.all.sort do |
|
|
58
|
-
|
|
57
|
+
items = all_items.all.sort do |elem_a, elem_b|
|
|
58
|
+
elem_a.attributes[:label] <=> elem_b.attributes[:label]
|
|
59
59
|
end
|
|
60
60
|
items.select { |elem| elem.attributes[:label].start_with?(ACCOUNT_PREFIX) }
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
# Return a list of all role items
|
|
64
64
|
private_class_method def self.list_roles
|
|
65
|
-
items = all_items.all.sort do |
|
|
66
|
-
|
|
65
|
+
items = all_items.all.sort do |elem_a, elem_b|
|
|
66
|
+
elem_a.attributes[:label] <=> elem_b.attributes[:label]
|
|
67
67
|
end
|
|
68
68
|
items.select { |elem| elem.attributes[:label].start_with?(ROLE_PREFIX) }
|
|
69
69
|
end
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -48,8 +48,8 @@ module Awskeyring
|
|
|
48
48
|
token_code: params[:code]
|
|
49
49
|
)
|
|
50
50
|
end
|
|
51
|
-
rescue Aws::STS::Errors::AccessDenied =>
|
|
52
|
-
puts
|
|
51
|
+
rescue Aws::STS::Errors::AccessDenied => err
|
|
52
|
+
puts err.to_s
|
|
53
53
|
exit 1
|
|
54
54
|
end
|
|
55
55
|
|
|
@@ -153,13 +153,13 @@ module Awskeyring
|
|
|
153
153
|
retries ||= 1
|
|
154
154
|
begin
|
|
155
155
|
yield block
|
|
156
|
-
rescue Aws::IAM::Errors::InvalidClientTokenId =>
|
|
156
|
+
rescue Aws::IAM::Errors::InvalidClientTokenId => err
|
|
157
157
|
if retries < 4
|
|
158
158
|
sleep 2**retries
|
|
159
159
|
retries += 1
|
|
160
160
|
retry
|
|
161
161
|
end
|
|
162
|
-
warn
|
|
162
|
+
warn err.message
|
|
163
163
|
exit 1
|
|
164
164
|
end
|
|
165
165
|
end
|
data/lib/awskeyring/validate.rb
CHANGED
|
@@ -50,5 +50,13 @@ module Awskeyring
|
|
|
50
50
|
raise 'Invalid Role ARN' unless role_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:role\/\S*\z)
|
|
51
51
|
role_arn
|
|
52
52
|
end
|
|
53
|
+
|
|
54
|
+
# Validate an MFA CODE
|
|
55
|
+
#
|
|
56
|
+
# @param [String] mfa_code The mfa code
|
|
57
|
+
def self.mfa_code(mfa_code)
|
|
58
|
+
raise 'Invalid MFA CODE' unless mfa_code =~ /\A\d{6}\z/
|
|
59
|
+
mfa_code
|
|
60
|
+
end
|
|
53
61
|
end
|
|
54
62
|
end
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -10,11 +10,13 @@ require 'awskeyring/version'
|
|
|
10
10
|
class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
11
11
|
map %w[--version -v] => :__version
|
|
12
12
|
map ['init'] => :initialise
|
|
13
|
+
map ['con'] => :console
|
|
13
14
|
map ['ls'] => :list
|
|
14
15
|
map ['lsr'] => :list_role
|
|
15
16
|
map ['rm'] => :remove
|
|
16
17
|
map ['rmr'] => :remove_role
|
|
17
18
|
map ['rmt'] => :remove_token
|
|
19
|
+
map ['rot'] => :rotate
|
|
18
20
|
|
|
19
21
|
desc '--version, -v', 'Prints the version'
|
|
20
22
|
# print the version number
|
|
@@ -189,7 +191,17 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
189
191
|
existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
|
|
190
192
|
)
|
|
191
193
|
role ||= options[:role]
|
|
194
|
+
if role
|
|
195
|
+
role = ask_check(
|
|
196
|
+
existing: role, message: 'role name', validator: Awskeyring::Validate.method(:role_name)
|
|
197
|
+
)
|
|
198
|
+
end
|
|
192
199
|
code ||= options[:code]
|
|
200
|
+
if code
|
|
201
|
+
code = ask_check(
|
|
202
|
+
existing: code, message: 'current mfa code', validator: Awskeyring::Validate.method(:mfa_code)
|
|
203
|
+
)
|
|
204
|
+
end
|
|
193
205
|
duration = options[:duration]
|
|
194
206
|
duration ||= (60 * 60 * 1).to_s if role
|
|
195
207
|
duration ||= (60 * 60 * 12).to_s if code
|
|
@@ -258,11 +270,15 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
258
270
|
warn "enable autocomplete with 'complete -C /path-to-command/#{exec_name} #{exec_name}'"
|
|
259
271
|
exit 1
|
|
260
272
|
end
|
|
261
|
-
comp_len = comp_line.split.
|
|
262
|
-
|
|
273
|
+
comp_len = comp_line.split.index(prev)
|
|
274
|
+
|
|
275
|
+
case prev
|
|
276
|
+
when 'help'
|
|
277
|
+
comp_len = 0
|
|
278
|
+
when 'remove-role', '-r', 'rmr'
|
|
279
|
+
comp_len = 2
|
|
280
|
+
end
|
|
263
281
|
|
|
264
|
-
comp_len = 2 if prev == 'help'
|
|
265
|
-
comp_len = 4 if prev == 'remove-role'
|
|
266
282
|
print_auto_resp(curr, comp_len)
|
|
267
283
|
end
|
|
268
284
|
|
|
@@ -270,11 +286,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
270
286
|
|
|
271
287
|
def print_auto_resp(curr, len)
|
|
272
288
|
case len
|
|
273
|
-
when
|
|
289
|
+
when 0
|
|
274
290
|
puts list_commands.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
275
|
-
when
|
|
291
|
+
when 1
|
|
276
292
|
puts Awskeyring.list_account_names.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
277
|
-
when
|
|
293
|
+
when 2
|
|
278
294
|
puts Awskeyring.list_role_names.select { |elem| elem.start_with?(curr) }.join("\n")
|
|
279
295
|
else
|
|
280
296
|
exit 1
|
|
@@ -315,6 +331,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
315
331
|
value = validator.call(value) unless value.empty? && optional
|
|
316
332
|
rescue RuntimeError => e
|
|
317
333
|
warn e.message
|
|
334
|
+
existing = nil
|
|
318
335
|
retry unless (retries -= 1).zero?
|
|
319
336
|
exit 1
|
|
320
337
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-03-
|
|
11
|
+
date: 2018-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|