awskeyring 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1643974c4cbfea33a3a2388ee0a26ca035561b69
-  data.tar.gz: f2c4c855e383f24bbeac967b19b6c47880638ab1
+  metadata.gz: 1e905b5fccdebddbc839f898423c513e8c3c3475
+  data.tar.gz: da11dceb9c06415e01647a2de7512103df2d951d
 SHA512:
-  metadata.gz: 9bc85b2fae258fdc80f0b5466caf8bfff34fcaa9d6b8440744812177feb0c35381b84be69bb53f38019518168b937eadcc53a3197c12e42cbdbd2972ee3a8751
-  data.tar.gz: 96c1704c005c2c304c76cb8613b6a0982e6a508482b22e792149abcd8780c8d76ff01a49581ccc0a70b8e251103e39729161d7a9319cfb8a805f98d2b86b3888
+  metadata.gz: 6c6b3db63fda21933153f5eb38be4a24e07701709c3d893b71c5266d8faca9b0385060dbdde6bac3ebad69d42077e8ae1e6199a74996e996be37f12883f299f8
+  data.tar.gz: d7db72c1d2f8a1d33508c113a5b8866dc48c5fc53017a89b9b14d8e7dae05d48e4ee1d8ac0f69d83d4041e48e3fbadb26f3847824c7240666ae2525018715c1d

data/CHANGELOG.md

@@ -1,6 +1,13 @@
 # Change Log
 
-## [v0.1.1](https://github.com/vibrato/awskeyring/tree/v0.1.1) (2018-03-26)
+## [v0.2.0](https://github.com/vibrato/awskeyring/tree/v0.2.0) (2018-04-05)
+[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.1.1...v0.2.0)
+
+**Implemented enhancements:**
+
+- Add AWS CLI credential\_process compatible JSON output [\#16](https://github.com/vibrato/awskeyring/pull/16) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v0.1.1](https://github.com/vibrato/awskeyring/tree/v0.1.1) (2018-03-25)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.1.0...v0.1.1)
 
 **Merged pull requests:**

data/README.md

@@ -32,13 +32,19 @@ Now your keys are stored safely in the macOS keychain. To print environment vari
 
     awskeyring env personal-aws
 
-See below and in the wiki for more details on usage.
+Alternatively you can create a profile using the credential_process config variable. See the [AWS CLI Config docs](http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config-vars) for more details on this config option.
+
+    [profile personal]
+    region = us-west-1
+    credential_process = awskeyring json personal-aws 
+
+See below and in the [wiki](https://github.com/vibrato/awskeyring/wiki) for more details on usage.
 
 ## Installation
 
 Install it with:
 
-    $ gem install awskeyring
+    $ gem install awskeyring --user-install
 
 ## Usage
 
@@ -53,6 +59,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
       awskeyring exec ACCOUNT command...     # Execute a COMMAND with the environment set for an ACCOUNT
       awskeyring help [COMMAND]              # Describe available commands or one specific command
       awskeyring initialise                  # Initialises a new KEYCHAIN
+      awskeyring json ACCOUNT                # Outputs AWS CLI compatible JSON for an ACCOUNT
       awskeyring list                        # Prints a list of accounts in the keyring
       awskeyring list-role                   # Prints a list of roles in the keyring
       awskeyring remove ACCOUNT              # Removes an ACCOUNT from the keyring
@@ -73,7 +80,7 @@ To set your environment easily the following bash function helps:
 
 After checking out the repo, run `bundle update` to install dependencies. Then, run `rake` to run the tests. Run `bundle exec awskeyring` to use the gem in this directory, ignoring other installed copies of this gem.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `bundle exec rake install`.
 
 ## Contributing
 

data/lib/awskeyring/awsapi.rb

@@ -49,7 +49,7 @@ module Awskeyring
             )
           end
       rescue Aws::STS::Errors::AccessDenied => err
-        puts err.to_s
+        warn err.to_s
         exit 1
       end
 
@@ -61,6 +61,24 @@ module Awskeyring
       }
     end
 
+    # Genarates AWS CLI compatible JSON
+    # see credential_process in AWS Docs
+    #
+    # @param [String] key The aws_access_key_id
+    # @param [String] secret The aws_secret_access_key
+    # @param [String] token The aws_session_token
+    # @param [String] expiry expiry time
+    # @return [String] credential_process json
+    def self.get_cred_json(key:, secret:, token:, expiry:)
+      JSON.pretty_generate(
+        Version: 1,
+        AccessKeyId: key,
+        SecretAccessKey: secret,
+        SessionToken: token,
+        Expiration: expiry
+      )
+    end
+
     # Retrieves an AWS Console login url
     #
     # @param [String] key The aws_access_key_id

data/lib/awskeyring/version.rb

@@ -1,4 +1,4 @@
 module Awskeyring
   # The Gems version number
-  VERSION = '0.1.1'.freeze
+  VERSION = '0.2.0'.freeze
 end

data/lib/awskeyring.rb

@@ -162,11 +162,13 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   def self.get_valid_creds(account:)
     cred, temp_cred = get_valid_item_pair(account: account)
     token = temp_cred.password unless temp_cred.nil?
+    expiry = temp_cred.attributes[:account].to_i unless temp_cred.nil?
     {
       account: account,
       key: cred.attributes[:account],
       secret: cred.password,
-      token: token
+      token: token,
+      expiry: expiry
     }
   end
 

data/lib/awskeyring_command.rb

@@ -76,6 +76,22 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
+  desc 'json ACCOUNT', 'Outputs AWS CLI compatible JSON for an ACCOUNT'
+  # Print JSON for use with credential_process
+  def json(account = nil)
+    account = ask_check(
+      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+    )
+    cred = Awskeyring.get_valid_creds(account: account)
+    expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
+    puts Awskeyring::Awsapi.get_cred_json(
+      key: cred[:key],
+      secret: cred[:secret],
+      token: cred[:token],
+      expiry: expiry || Time.new + 3600
+    )
+  end
+
   desc 'exec ACCOUNT command...', 'Execute a COMMAND with the environment set for an ACCOUNT'
   # execute an external command with env set
   def exec(account, *command)
@@ -166,12 +182,23 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   desc 'rotate ACCOUNT', 'Rotate access keys for an ACCOUNT'
   # rotate Account keys
-  def rotate(account = nil)
+  def rotate(account = nil) # rubocop:disable Metrics/MethodLength
     account = ask_check(
       existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
     )
     item_hash = Awskeyring.get_account_hash(account: account)
-    new_key = Awskeyring::Awsapi.rotate(account: item_hash[:account], key: item_hash[:key], secret: item_hash[:secret])
+
+    begin
+      new_key = Awskeyring::Awsapi.rotate(
+        account: item_hash[:account],
+        key: item_hash[:key],
+        secret: item_hash[:secret]
+      )
+    rescue Aws::Errors::ServiceError => err
+      warn err.to_s
+      exit 1
+    end
+
     Awskeyring.update_account(
       account: account,
       key: new_key[:key],
@@ -216,15 +243,20 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     item_hash = Awskeyring.get_account_hash(account: account)
     role_arn = Awskeyring.get_role_arn(role_name: role) if role
 
-    new_creds = Awskeyring::Awsapi.get_token(
-      code: code,
-      role_arn: role_arn,
-      duration: duration,
-      mfa: item_hash[:mfa],
-      key: item_hash[:key],
-      secret: item_hash[:secret],
-      user: ENV['USER']
-    )
+    begin
+      new_creds = Awskeyring::Awsapi.get_token(
+        code: code,
+        role_arn: role_arn,
+        duration: duration,
+        mfa: item_hash[:mfa],
+        key: item_hash[:key],
+        secret: item_hash[:secret],
+        user: ENV['USER']
+      )
+    rescue Aws::Errors::ServiceError => err
+      warn err.to_s
+      exit 1
+    end
 
     Awskeyring.add_token(
       account: account,
@@ -241,7 +273,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   desc 'console ACCOUNT', 'Open the AWS Console for the ACCOUNT'
   method_option :path, type: :string, aliases: '-p', desc: 'The service PATH to open.'
   # Open the AWS Console
-  def console(account = nil)
+  def console(account = nil) # rubocop:disable Metrics/MethodLength
     account = ask_check(
       existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
     )
@@ -249,13 +281,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
     path = options[:path] || 'console'
 
-    login_url = Awskeyring::Awsapi.get_login_url(
-      key: cred[:key],
-      secret: cred[:secret],
-      token: cred[:token],
-      path: path,
-      user: ENV['USER']
-    )
+    begin
+      login_url = Awskeyring::Awsapi.get_login_url(
+        key: cred[:key],
+        secret: cred[:secret],
+        token: cred[:token],
+        path: path,
+        user: ENV['USER']
+      )
+    rescue Aws::Errors::ServiceError => err
+      warn err.to_s
+      exit 1
+    end
 
     pid = Process.spawn("open \"#{login_url}\"")
     Process.wait pid
@@ -329,8 +366,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     begin
       value = ask_missing(existing: existing, message: message, secure: secure, optional: optional)
       value = validator.call(value) unless value.empty? && optional
-    rescue RuntimeError => e
-      warn e.message
+    rescue RuntimeError => err
+      warn err.message
       existing = nil
       retry unless (retries -= 1).zero?
       exit 1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-03-25 00:00:00.000000000 Z
+date: 2018-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam