awskeyring 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 872f5a554d55d638f03155e0b3411bf3d96fb719
-  data.tar.gz: 4cb3938b6a21b369372b933f541432861b7ee790
+  metadata.gz: 045e119cd7be746d03d7b12c73d804958cc5331b
+  data.tar.gz: 1e7bc87c08887ed8625a80d629d5822ca60a3d08
 SHA512:
-  metadata.gz: def1b159bc413bc54dcb75161cb211e65d2eec1cecefe40bf7d5811eaa101594f05d8be24a50e18cab0c7751a1691fcebc1b6d979c8ec14f1b7ac79e9befceb9
-  data.tar.gz: 1daafcf9f1c1451d08000645626675c0c4e7ea399bb1a7a0939872412857d75efd71a775426e22f4482c32f937ec937e8b8cf9fef33566c92ea360f8afc9bb25
+  metadata.gz: 92b6df41a05aef2d2c4246b86daad7a6fdc4c8092192e05341167e6b707663ca73d9babbcc8ef871644743d40b2e84207f985eb4cfc140296a8297c18afebe94
+  data.tar.gz: 4c32c86b6ed103a50e4218e1f6a258e0bbe29ddd79de7470a56b149567fa2a66ca5515540092714c57cde7c98987a211d7ac87dfed17c11c682039db92455728

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## [v0.4.0](https://github.com/vibrato/awskeyring/tree/v0.4.0) (2018-08-21)
+[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.1...v0.4.0)
+
+**Implemented enhancements:**
+
+- I18n - Internationalisation [\#26](https://github.com/vibrato/awskeyring/pull/26) ([tristanmorgan](https://github.com/tristanmorgan))
+- Adds no token flag to skip saved token [\#25](https://github.com/vibrato/awskeyring/pull/25) ([tristanmorgan](https://github.com/tristanmorgan))
+
 ## [v0.3.1](https://github.com/vibrato/awskeyring/tree/v0.3.1) (2018-07-25)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.0...v0.3.1)
 

data/README.md

@@ -72,9 +72,13 @@ and autocomplete that can be installed with:
 
     $ complete -C /usr/local/bin/awskeyring awskeyring
 
+There are also short forms of most commands if you prefer:
+
+    $ awskeyring ls
+
 To set your environment easily the following bash function helps:
 
-    awsenv() { eval "$(awskeyring env $1)"; }
+    awsenv() { eval "$(awskeyring env $@)"; }
 
 ## Development
 

data/awskeyring.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency('aws-sdk-iam')
   spec.add_dependency('highline')
+  spec.add_dependency('i18n')
   spec.add_dependency('ruby-keychain')
   spec.add_dependency('thor')
 

data/i18n/en.yml

@@ -0,0 +1,82 @@
+---
+en:
+  __version:
+    desc: Prints the version
+  add:
+    desc: Adds an ACCOUNT to the keyring
+  add_role:
+    desc: Adds a ROLE to the keyring
+  awskeyring:
+    desc: Autocompletion for bourne shells
+  console:
+    desc: Open the AWS Console for the ACCOUNT
+  env:
+    desc: Outputs bourne shell environment exports for an ACCOUNT
+  exec:
+    desc: Execute a COMMAND with the environment set for an ACCOUNT
+  initialise:
+    desc: Initialises a new KEYCHAIN
+  json:
+    desc: Outputs AWS CLI compatible JSON for an ACCOUNT
+  list:
+    desc: Prints a list of accounts in the keyring
+  list_role:
+    desc: Prints a list of roles in the keyring
+  remove:
+    desc: Removes an ACCOUNT from the keyring
+  remove_role:
+    desc: Removes a ROLE from the keyring
+  remove_token:
+    desc: Removes a token for ACCOUNT from the keyring
+  rotate:
+    desc: Rotate access keys for an ACCOUNT
+  token:
+    desc: Create an STS Token from a ROLE or an MFA code
+  method_option:
+    arn: 'AWS role arn.'
+    code: 'Virtual mfa CODE.'
+    duration: 'Session DURATION in seconds.'
+    key: 'AWS account key id.'
+    keychain: 'Name of KEYCHAIN to initialise.'
+    local: 'Only validate locally.'
+    mfa: 'AWS virtual mfa arn.'
+    notoken: 'Do not use saved token.'
+    path: 'The service PATH to open.'
+    role: 'The ROLE to assume.'
+    secret: 'AWS account secret.'
+    update: 'Update existing.'
+  message:
+    keychain: 'Name for new keychain (default: awskeyring)'
+    account: 'account name'
+    arn: 'role arn'
+    code: 'current mfa code'
+    key: 'access key id'
+    mfa: 'mfa arn'
+    secret: 'secret access key'
+    role: 'role name'
+    addaccount: "# Added account %{account}"
+    upaccount: "# Updated account %{account}"
+    addrole: "# Added role %{role}"
+    addtoken: |
+      # Token saved for account %{account}
+      # Authentication valid until %{time}
+    age_check: '# Creds for account %{account} are %{age} days old.'
+    awskeyring: "# enable autocomplete with 'complete -C %{path} %{bin}'"
+    delaccount: '# Removing account %{account}'
+    delrole: '# Removing role %{role}'
+    deltoken: '# Removing token for account %{account}'
+    delexpired: '# Removing expired session credentials'
+    missing: '# Config missing, run `%{bin} initialise` to recreate.'
+    rotate: '# You have two access keys for account %{account}'
+    temporary: '# Using temporary session credentials.'
+    timeout: '# It is STRONGLY recommended to set your keychain to lock in 5 minutes or less.'
+    initialise: '# %{file} exists. no need to initialise.'
+    notfound: '# Credential not found with name: %{account}'
+    newkeychain:
+      Creating a new Keychain, you will be prompted for a password for it.
+    addkeychain: >
+      Your keychain has been initialised. It will auto-lock after 5 minutes
+      and when sleeping. Use Keychain Access to adjust.
+
+      Add accounts to your %{keychain} keychain with:
+          %{exec_name} add

data/lib/awskeyring/awsapi.rb

@@ -175,11 +175,11 @@ module Awskeyring
     # @return [String] key The aws_access_key_id
     # @return [String] secret The aws_secret_access_key
     # @return [String] account the associated account name.
-    def self.rotate(account:, key:, secret:) # rubocop:disable  Metrics/MethodLength
+    def self.rotate(account:, key:, secret:, key_message:) # rubocop:disable  Metrics/MethodLength
       iam = Aws::IAM::Client.new(access_key_id: key, secret_access_key: secret)
 
       if iam.list_access_keys[:access_key_metadata].length > 1
-        warn "You have two access keys for account #{account}"
+        warn key_message
         exit 1
       end
 

data/lib/awskeyring/version.rb

@@ -1,4 +1,4 @@
 module Awskeyring
   # The Gems version number
-  VERSION = '0.3.1'.freeze
+  VERSION = '0.4.0'.freeze
 end

data/lib/awskeyring.rb

@@ -46,14 +46,13 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # @return [Keychain] keychain ready for use.
   private_class_method def self.load_keychain
     unless File.exist?(Awskeyring::PREFS_FILE) && !prefs.empty?
-      warn "Config missing, run `#{File.basename($PROGRAM_NAME)} initialise` to recreate."
+      warn I18n.t('message.missing', bin: File.basename($PROGRAM_NAME))
       exit 1
     end
 
     keychain = Keychain.open(prefs['awskeyring'])
-    if keychain && keychain.lock_interval > 300
-      warn 'It is STRONGLY recommended to set your keychain to lock in 5 minutes or less.'
-    end
+    warn I18n.t('message.timeout') if keychain && keychain.lock_interval > 300
+
     keychain
   end
 
@@ -151,21 +150,26 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     session_key, session_token = delete_expired(key: session_key, token: session_token) if session_key
 
     if session_key && session_token
-      puts '# Using temporary session credentials'
+      puts I18n.t('message.temporary')
       return session_key, session_token
     end
 
     item = get_item(account: account)
     if item.nil?
-      warn "# Credential not found with name: #{account}"
+      warn I18n.t('message.notfound', account: account)
       exit 2
     end
     [item, nil]
   end
 
   # Return valid creds for account
-  def self.get_valid_creds(account:)
-    cred, temp_cred = get_valid_item_pair(account: account)
+  def self.get_valid_creds(account:, no_token: false)
+    if no_token
+      cred = get_item(account: account)
+      temp_cred = nil
+    else
+      cred, temp_cred = get_valid_item_pair(account: account)
+    end
     token = temp_cred.password unless temp_cred.nil?
     expiry = temp_cred.attributes[:account].to_i unless temp_cred.nil?
     {
@@ -201,7 +205,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   private_class_method def self.delete_expired(key:, token:)
     expires_at = Time.at(token.attributes[:account].to_i)
     if expires_at < Time.now
-      delete_pair(key: key, token: token, message: '# Removing expired session credentials')
+      delete_pair(key: key, token: token, message: I18n.t('message.delexpired'))
       key = nil
       token = nil
     end
@@ -224,7 +228,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
 
   # Delete an Account
   def self.delete_account(account:, message:)
-    delete_token(account: account, message: '# Removing expired session credentials')
+    delete_token(account: account, message: I18n.t('message.delexpired'))
     cred = get_item(account: account)
     return unless cred
     puts message if message

data/lib/awskeyring_command.rb

@@ -1,4 +1,5 @@
 require 'highline'
+require 'i18n'
 require 'thor'
 
 require 'awskeyring'
@@ -8,6 +9,9 @@ require 'awskeyring/version'
 
 # AWSkeyring command line interface.
 class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
+  I18n.load_path = Dir.glob(File.join(File.realpath(__dir__), '..', 'i18n', '*.{yml,yaml}'))
+  I18n.backend.load_translations
+
   map %w[--version -v] => :__version
   map ['init'] => :initialise
   map ['con'] => :console
@@ -18,56 +22,53 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   map ['rmt'] => :remove_token
   map ['rot'] => :rotate
 
-  desc '--version, -v', 'Prints the version'
+  desc '--version, -v', I18n.t('__version.desc')
   # print the version number
   def __version
     puts Awskeyring::VERSION
   end
 
-  desc 'initialise', 'Initialises a new KEYCHAIN'
-  method_option :keychain, type: :string, aliases: '-n', desc: 'Name of KEYCHAIN to initialise.'
+  desc 'initialise', I18n.t('initialise.desc')
+  method_option :keychain, type: :string, aliases: '-n', desc: I18n.t('method_option.keychain')
   # initialise the keychain
   def initialise
     unless Awskeyring.prefs.empty?
-      puts "#{Awskeyring::PREFS_FILE} exists. no need to initialise."
+      puts I18n.t('message.initialise', file: Awskeyring::PREFS_FILE)
       exit 1
     end
 
-    keychain = ask_missing(existing: options[:keychain], message: "Name for new keychain (default: 'awskeyring')")
+    keychain = ask_missing(existing: options[:keychain], message: I18n.t('message.keychain'))
     keychain = 'awskeyring' if keychain.empty?
 
-    puts 'Creating a new Keychain, you will be prompted for a password for it.'
+    puts I18n.t('message.newkeychain')
     Awskeyring.init_keychain(awskeyring: keychain)
 
     exec_name = File.basename($PROGRAM_NAME)
 
-    puts 'Your keychain has been initialised. It will auto-lock after 5 minutes'
-    puts 'and when sleeping. Use Keychain Access to adjust.'
-    puts
-    puts "Add accounts to your #{keychain} keychain with:"
-    puts "    #{exec_name} add"
+    puts I18n.t('message.addkeychain', keychain: keychain, exec_name: exec_name)
   end
 
-  desc 'list', 'Prints a list of accounts in the keyring'
+  desc 'list', I18n.t('list.desc')
   # list the accounts
   def list
     puts Awskeyring.list_account_names.join("\n")
   end
 
   map 'list-role' => :list_role
-  desc 'list-role', 'Prints a list of roles in the keyring'
+  desc 'list-role', I18n.t('list_role.desc')
   # List roles
   def list_role
     puts Awskeyring.list_role_names.join("\n")
   end
 
-  desc 'env ACCOUNT', 'Outputs bourne shell environment exports for an ACCOUNT'
+  desc 'env ACCOUNT', I18n.t('env.desc')
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # Print Env vars
   def env(account = nil)
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
     age_check(account, cred[:updated])
     put_env_string(
       account: cred[:account],
@@ -77,13 +78,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
-  desc 'json ACCOUNT', 'Outputs AWS CLI compatible JSON for an ACCOUNT'
+  desc 'json ACCOUNT', I18n.t('json.desc')
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # Print JSON for use with credential_process
   def json(account = nil)
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
     age_check(account, cred[:updated])
     expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
     puts Awskeyring::Awsapi.get_cred_json(
@@ -94,10 +96,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     )
   end
 
-  desc 'exec ACCOUNT command...', 'Execute a COMMAND with the environment set for an ACCOUNT'
+  desc 'exec ACCOUNT command...', I18n.t('exec.desc')
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
   def exec(account, *command)
-    cred = Awskeyring.get_valid_creds(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
     age_check(account, cred[:updated])
     env_vars = env_vars(
       account: cred[:account],
@@ -109,22 +112,22 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     Process.wait pid
   end
 
-  desc 'add ACCOUNT', 'Adds an ACCOUNT to the keyring'
-  method_option :key, type: :string, aliases: '-k', desc: 'AWS account key id.'
-  method_option :secret, type: :string, aliases: '-s', desc: 'AWS account secret.'
-  method_option :mfa, type: :string, aliases: '-m', desc: 'AWS virtual mfa arn.'
-  method_option :local, type: :boolean, aliases: '-l', desc: 'Only validate locally.', default: false
-  method_option :update, type: :boolean, aliases: '-u', desc: 'Update existing.', default: false
+  desc 'add ACCOUNT', I18n.t('add.desc')
+  method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
+  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
+  method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
+  method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
+  method_option :update, type: :boolean, aliases: '-u', desc: I18n.t('method_option.update'), default: false
   # Add an Account
   def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
     key = ask_check(
-      existing: options[:key], message: 'access key id', validator: Awskeyring::Validate.method(:access_key)
+      existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
     )
     secret = ask_check(
-      existing: options[:secret], message: 'secret access key',
+      existing: options[:secret], message: I18n.t('message.secret'),
       secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
     )
     if options[:update]
@@ -134,10 +137,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
         key: key,
         secret: secret
       )
-      puts "# Updated account #{account}"
+      puts I18n.t('message.upaccount', account: account)
     else
       mfa = ask_check(
-        existing: options[:mfa], message: 'mfa arn', optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
+        existing: options[:mfa], message: I18n.t('message.mfa'),
+        optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
       )
       Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
       Awskeyring.add_account(
@@ -146,19 +150,26 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
         secret: secret,
         mfa: mfa
       )
-      puts "# Added account #{account}"
+      puts I18n.t('message.addaccount', account: account)
     end
   end
 
   map 'add-role' => :add_role
-  desc 'add-role ROLE', 'Adds a ROLE to the keyring'
-  method_option :arn, type: :string, aliases: '-a', desc: 'AWS role arn.'
+  desc 'add-role ROLE', I18n.t('add_role.desc')
+  method_option :arn, type: :string, aliases: '-a', desc: I18n.t('method_option.arn')
   # Add a role
-  def add_role(role = nil)
-    role = ask_check(existing: role, message: 'role name', validator: Awskeyring::Validate.method(:role_name))
-    arn = ask_check(existing: options[:arn], message: 'role arn', validator: Awskeyring::Validate.method(:role_arn))
+  def add_role(role = nil) # rubocop:disable Metrics/MethodLength
+    role = ask_check(
+      existing: role, message: I18n.t('message.role'),
+      validator: Awskeyring::Validate.method(:role_name)
+    )
+    arn = ask_check(
+      existing: options[:arn], message: I18n.t('message.arn'),
+      validator: Awskeyring::Validate.method(:role_arn)
+    )
     account = ask_check(
-      existing: account, message: 'account', optional: true, validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'),
+      optional: true, validator: Awskeyring::Validate.method(:account_name)
     )
 
     Awskeyring.add_role(
@@ -166,40 +177,42 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       arn: arn,
       account: account
     )
-    puts "# Added role #{role}"
+    puts I18n.t('message.addrole', role: role)
   end
 
-  desc 'remove ACCOUNT', 'Removes an ACCOUNT from the keyring'
+  desc 'remove ACCOUNT', I18n.t('remove.desc')
   # Remove an account
   def remove(account = nil)
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    Awskeyring.delete_account(account: account, message: "# Removing account #{account}")
+    Awskeyring.delete_account(account: account, message: I18n.t('message.delaccount', account: account))
   end
 
-  desc 'remove-token ACCOUNT', 'Removes a token for ACCOUNT from the keyring'
+  desc 'remove-token ACCOUNT', I18n.t('remove_token.desc')
   # remove a session token
   def remove_token(account = nil)
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    Awskeyring.delete_token(account: account, message: "# Removing token for account #{account}")
+    Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
   end
 
   map 'remove-role' => :remove_role
-  desc 'remove-role ROLE', 'Removes a ROLE from the keyring'
+  desc 'remove-role ROLE', I18n.t('remove_role.desc')
   # remove a role
   def remove_role(role = nil)
-    role = ask_check(existing: role, message: 'role name', validator: Awskeyring::Validate.method(:role_name))
-    Awskeyring.delete_role(role_name: role, message: "# Removing role #{role}")
+    role = ask_check(
+      existing: role, message: I18n.t('message.role'), validator: Awskeyring::Validate.method(:role_name)
+    )
+    Awskeyring.delete_role(role_name: role, message: I18n.t('message.delrole', role: role))
   end
 
-  desc 'rotate ACCOUNT', 'Rotate access keys for an ACCOUNT'
+  desc 'rotate ACCOUNT', I18n.t('rotate.desc')
   # rotate Account keys
   def rotate(account = nil) # rubocop:disable Metrics/MethodLength
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
     item_hash = Awskeyring.get_account_hash(account: account)
 
@@ -207,7 +220,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       new_key = Awskeyring::Awsapi.rotate(
         account: item_hash[:account],
         key: item_hash[:key],
-        secret: item_hash[:secret]
+        secret: item_hash[:secret],
+        key_message: I18n.t('message.rotate', account: account)
       )
     rescue Aws::Errors::ServiceError => err
       warn err.to_s
@@ -220,28 +234,28 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       secret: new_key[:secret]
     )
 
-    puts "# Updated account #{account}"
+    puts I18n.t('message.upaccount', account: account)
   end
 
-  desc 'token ACCOUNT [ROLE] [MFA]', 'Create an STS Token from a ROLE or an MFA code'
-  method_option :role, type: :string, aliases: '-r', desc: 'The ROLE to assume.'
-  method_option :code, type: :string, aliases: '-c', desc: 'Virtual mfa CODE.'
-  method_option :duration, type: :string, aliases: '-d', desc: 'Session DURATION in seconds.'
+  desc 'token ACCOUNT [ROLE] [MFA]', I18n.t('token.desc')
+  method_option :role, type: :string, aliases: '-r', desc: I18n.t('method_option.role')
+  method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
+  method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
   # generate a sessiopn token
   def token(account = nil, role = nil, code = nil) # rubocop:disable all
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
     role ||= options[:role]
     if role
       role = ask_check(
-        existing: role, message: 'role name', validator: Awskeyring::Validate.method(:role_name)
+        existing: role, message: I18n.t('message.role'), validator: Awskeyring::Validate.method(:role_name)
       )
     end
     code ||= options[:code]
     if code
       code = ask_check(
-        existing: code, message: 'current mfa code', validator: Awskeyring::Validate.method(:mfa_code)
+        existing: code, message: I18n.t('message.code'), validator: Awskeyring::Validate.method(:mfa_code)
       )
     end
     duration = options[:duration]
@@ -278,18 +292,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       role: role
     )
 
-    puts "# Token saved for account #{account}"
-    puts "# Authentication valid until #{Time.at(new_creds[:expiry].to_i)}"
+    puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
   end
 
-  desc 'console ACCOUNT', 'Open the AWS Console for the ACCOUNT'
-  method_option :path, type: :string, aliases: '-p', desc: 'The service PATH to open.'
+  desc 'console ACCOUNT', I18n.t('console.desc')
+  method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # Open the AWS Console
-  def console(account = nil) # rubocop:disable Metrics/MethodLength
+  def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     account = ask_check(
-      existing: account, message: 'account name', validator: Awskeyring::Validate.method(:account_name)
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
     age_check(account, cred[:updated])
 
     path = options[:path] || 'console'
@@ -311,13 +325,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     Process.wait pid
   end
 
-  desc 'awskeyring CURR PREV', 'Autocompletion for bourne shells', hide: true
+  desc 'awskeyring CURR PREV', I18n.t('awskeyring.desc'), hide: true
   # autocomplete
   def awskeyring(curr, prev)
     comp_line = ENV['COMP_LINE']
     unless comp_line
       exec_name = File.basename($PROGRAM_NAME)
-      warn "enable autocomplete with 'complete -C #{$PROGRAM_NAME} #{exec_name}'"
+      warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
       exit 1
     end
     comp_len = comp_line.split.index(prev)
@@ -337,13 +351,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   def age_check(account, updated)
     maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
     age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
-    warn "# Creds for account #{account} are #{age} days old." unless age < maxage
+    warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
   end
 
   def print_auto_resp(curr, len)
     case len
     when 0
-      puts list_commands.select { |elem| elem.start_with?(curr) }.join("\n")
+      puts list_commands.select { |elem| elem.start_with?(curr) }.sort.join("\n")
     when 1
       puts Awskeyring.list_account_names.select { |elem| elem.start_with?(curr) }.join("\n")
     when 2
@@ -354,7 +368,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   def list_commands
-    self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
+    self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }.reject { |elem| elem == 'awskeyring' }
   end
 
   def env_vars(account:, key:, secret:, token:)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-07-25 00:00:00.000000000 Z
+date: 2018-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ruby-keychain
   requirement: !ruby/object:Gem::Requirement
@@ -156,6 +170,7 @@ files:
 - Rakefile
 - awskeyring.gemspec
 - exe/awskeyring
+- i18n/en.yml
 - lib/awskeyring.rb
 - lib/awskeyring/awsapi.rb
 - lib/awskeyring/validate.rb