RubyGems - awskeyring - Versions diffs - 0.4.0 → 0.5.0 - Mend

awskeyring 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 045e119cd7be746d03d7b12c73d804958cc5331b
-  data.tar.gz: 1e7bc87c08887ed8625a80d629d5822ca60a3d08
+  metadata.gz: c6053b960d27395acf21d82a71883cdcf5788959
+  data.tar.gz: 0f8efce2feb5af0a87d7be239a85733448eee90d
 SHA512:
-  metadata.gz: 92b6df41a05aef2d2c4246b86daad7a6fdc4c8092192e05341167e6b707663ca73d9babbcc8ef871644743d40b2e84207f985eb4cfc140296a8297c18afebe94
-  data.tar.gz: 4c32c86b6ed103a50e4218e1f6a258e0bbe29ddd79de7470a56b149567fa2a66ca5515540092714c57cde7c98987a211d7ac87dfed17c11c682039db92455728
+  metadata.gz: 8449e554b6d4543d851d4caf488807965e5a5ee2cb656a4eb5535662254bc273ca457f76b1a8b0f435ecd771d7b5fb1cd6a8f1521fd6cca5c6d09b70f13246a1
+  data.tar.gz: 71d5d0e493329b3b6dc3c203175c79baf3a5caba618885863e9bc358c934f9d5215161fbe0a609b8c7cbc69d8f02aa6615960c6b1fde36e2c78f4fc37ea1332d

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # Change Log
+## [v0.5.0](https://github.com/vibrato/awskeyring/tree/v0.5.0) (2018-09-10)
+[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.4.0...v0.5.0)
+**Implemented enhancements:**
+- Separate update account from add account. [\#28](https://github.com/vibrato/awskeyring/pull/28) ([tristanmorgan](https://github.com/tristanmorgan))
+**Merged pull requests:**
+- Refactor [\#27](https://github.com/vibrato/awskeyring/pull/27) ([tristanmorgan](https://github.com/tristanmorgan))
 ## [v0.4.0](https://github.com/vibrato/awskeyring/tree/v0.4.0) (2018-08-21)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.1...v0.4.0)
@@ -73,7 +84,7 @@
 ## [v0.0.5](https://github.com/vibrato/awskeyring/tree/v0.0.5) (2018-02-15)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.0.4...v0.0.5)
-**Closed issues:**
+**Fixed bugs:**
 - Issue on add [\#7](https://github.com/vibrato/awskeyring/issues/7)

data/README.md CHANGED Viewed

@@ -67,6 +67,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
       awskeyring remove-token ACCOUNT        # Removes a token for ACCOUNT from the keyring
       awskeyring rotate ACCOUNT              # Rotate access keys for an ACCOUNT
       awskeyring token ACCOUNT [ROLE] [MFA]  # Create an STS Token from a ROLE or an MFA code
+      awskeyring update ACCOUNT              # Updates an ACCOUNT in the keyring
 and autocomplete that can be installed with:

data/Rakefile CHANGED Viewed

@@ -2,6 +2,7 @@ require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
 require 'github_changelog_generator/task'
+require 'yard'
 GitHubChangelogGenerator::RakeTask.new :changelog do |config|
   config.future_release = "v#{Awskeyring::VERSION}"
@@ -29,4 +30,9 @@ task :filemode do
   print "\n"
 end
-task default: %i[filemode rubocop spec]
+YARD::Rake::YardocTask.new do |t|
+  t.options = ['--fail-on-warning', '--no-progress']
+  t.stats_options = ['--list-undoc']
+end
+task default: %i[filemode rubocop spec yard]

data/awskeyring.gemspec CHANGED Viewed

@@ -29,4 +29,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'yard'
 end

data/i18n/en.yml CHANGED Viewed

@@ -32,6 +32,8 @@ en:
     desc: Rotate access keys for an ACCOUNT
   token:
     desc: Create an STS Token from a ROLE or an MFA code
+  update:
+    desc: Updates an ACCOUNT in the keyring
   method_option:
     arn: 'AWS role arn.'
     code: 'Virtual mfa CODE.'
@@ -40,11 +42,11 @@ en:
     keychain: 'Name of KEYCHAIN to initialise.'
     local: 'Only validate locally.'
     mfa: 'AWS virtual mfa arn.'
+    noopen: 'Do not open the url.'
     notoken: 'Do not use saved token.'
     path: 'The service PATH to open.'
     role: 'The ROLE to assume.'
     secret: 'AWS account secret.'
-    update: 'Update existing.'
   message:
     keychain: 'Name for new keychain (default: awskeyring)'
     account: 'account name'

data/lib/awskeyring/awsapi.rb CHANGED Viewed

@@ -17,7 +17,9 @@ module Awskeyring
       }]
     }.to_json.freeze
+    # Twelve hours in seconds
     TWELVE_HOUR = (60 * 60 * 12)
+    # One hour in seconds
     ONE_HOUR = (60 * 60 * 1)
     # Days in seconds
     ONE_DAY = (24 * 60 * 60)
@@ -100,7 +102,6 @@ module Awskeyring
     #
     # @param [String] key The aws_access_key_id
     # @param [String] secret The aws_secret_access_key
-    # @param [String] token The aws_session_token
     def self.verify_cred(key:, secret:)
       begin
         ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region

data/lib/awskeyring/validate.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Awskeyring
     # @param [String] account_name the associated account name.
     def self.account_name(account_name)
       raise 'Invalid Account Name' unless account_name =~ /\S+/
       account_name
     end
@@ -16,6 +17,7 @@ module Awskeyring
     # @param [String] aws_access_key The aws_access_key_id
     def self.access_key(aws_access_key)
       raise 'Invalid Access Key' unless aws_access_key =~ /\AAKIA[A-Z0-9]{12,16}\z/
       aws_access_key
     end
@@ -24,6 +26,7 @@ module Awskeyring
     # @param [String] aws_secret_access_key The aws_secret_access_key
     def self.secret_access_key(aws_secret_access_key)
       raise 'Secret Access Key is not 40 chars' if aws_secret_access_key.length != 40
       aws_secret_access_key
     end
@@ -32,6 +35,7 @@ module Awskeyring
     # @param [String] mfa_arn The users MFA arn
     def self.mfa_arn(mfa_arn)
       raise 'Invalid MFA ARN' unless mfa_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:mfa\/\S*\z)
       mfa_arn
     end
@@ -40,6 +44,7 @@ module Awskeyring
     # @param [String] role_name
     def self.role_name(role_name)
       raise 'Invalid Role Name' unless role_name =~ /\S+/
       role_name
     end
@@ -48,6 +53,7 @@ module Awskeyring
     # @param [String] role_arn The role arn
     def self.role_arn(role_arn)
       raise 'Invalid Role ARN' unless role_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:role\/\S*\z)
       role_arn
     end
@@ -56,6 +62,7 @@ module Awskeyring
     # @param [String] mfa_code The mfa code
     def self.mfa_code(mfa_code)
       raise 'Invalid MFA CODE' unless mfa_code =~ /\A\d{6}\z/
       mfa_code
     end
   end

data/lib/awskeyring/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Awskeyring
   # The Gems version number
-  VERSION = '0.4.0'.freeze
+  VERSION = '0.5.0'.freeze
 end

data/lib/awskeyring.rb CHANGED Viewed

@@ -128,7 +128,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   end
   # Return a session token pair of items by name
-  private_class_method def self.get_pair(account:)
+  private_class_method def self.get_token_pair(account:)
     session_key = all_items.where(label: SESSION_KEY_PREFIX + account).first
     session_token = all_items.where(label: SESSION_TOKEN_PREFIX + account).first if session_key
     [session_key, session_token]
@@ -145,11 +145,11 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   end
   # Return a session token if available or a static key
-  private_class_method def self.get_valid_item_pair(account:)
-    session_key, session_token = get_pair(account: account)
+  private_class_method def self.get_valid_item_pair(account:, no_token: false)
+    session_key, session_token = get_token_pair(account: account)
     session_key, session_token = delete_expired(key: session_key, token: session_token) if session_key
-    if session_key && session_token
+    if session_key && session_token && !no_token
       puts I18n.t('message.temporary')
       return session_key, session_token
     end
@@ -164,33 +164,16 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Return valid creds for account
   def self.get_valid_creds(account:, no_token: false)
-    if no_token
-      cred = get_item(account: account)
-      temp_cred = nil
-    else
-      cred, temp_cred = get_valid_item_pair(account: account)
-    end
+    cred, temp_cred = get_valid_item_pair(account: account, no_token: no_token)
     token = temp_cred.password unless temp_cred.nil?
     expiry = temp_cred.attributes[:account].to_i unless temp_cred.nil?
     {
       account: account,
-      key: cred.attributes[:account],
-      secret: cred.password,
-      token: token,
       expiry: expiry,
-      updated: cred.attributes[:updated_at]
-    }
-  end
-  # Return a hash for account (skip tokens)
-  def self.get_account_hash(account:)
-    cred = get_item(account: account)
-    return unless cred
-    {
-      account: account,
       key: cred.attributes[:account],
+      mfa: no_token ? cred.attributes[:comment] : nil,
       secret: cred.password,
-      mfa: cred.attributes[:comment],
+      token: token,
       updated: cred.attributes[:updated_at]
     }
   end
@@ -215,6 +198,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete session token items
   private_class_method def self.delete_pair(key:, token:, message:)
     return unless key
     puts message if message
     token.delete if token
     key.delete
@@ -222,7 +206,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete a session token
   def self.delete_token(account:, message:)
-    session_key, session_token = get_pair(account: account)
+    session_key, session_token = get_token_pair(account: account)
     delete_pair(key: session_key, token: session_token, message: message)
   end
@@ -231,6 +215,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     delete_token(account: account, message: I18n.t('message.delexpired'))
     cred = get_item(account: account)
     return unless cred
     puts message if message
     cred.delete
   end
@@ -239,6 +224,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   def self.delete_role(role_name:, message:)
     role = get_role(role_name: role_name)
     return unless role
     puts message if message
     role.delete
   end

data/lib/awskeyring_command.rb CHANGED Viewed

@@ -21,6 +21,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   map ['rmr'] => :remove_role
   map ['rmt'] => :remove_token
   map ['rot'] => :rotate
+  map ['up'] => :update
   desc '--version, -v', I18n.t('__version.desc')
   # print the version number
@@ -68,8 +69,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     put_env_string(
       account: cred[:account],
       key: cred[:key],
@@ -85,8 +85,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
     puts Awskeyring::Awsapi.get_cred_json(
       key: cred[:key],
@@ -100,8 +99,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
   def exec(account, *command)
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     env_vars = env_vars(
       account: cred[:account],
       key: cred[:key],
@@ -117,7 +115,6 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
   method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
-  method_option :update, type: :boolean, aliases: '-u', desc: I18n.t('method_option.update'), default: false
   # Add an Account
   def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     account = ask_check(
@@ -130,28 +127,43 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: options[:secret], message: I18n.t('message.secret'),
       secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
     )
-    if options[:update]
-      Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
-      Awskeyring.update_account(
-        account: account,
-        key: key,
-        secret: secret
-      )
-      puts I18n.t('message.upaccount', account: account)
-    else
-      mfa = ask_check(
-        existing: options[:mfa], message: I18n.t('message.mfa'),
-        optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
-      )
-      Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
-      Awskeyring.add_account(
-        account: account,
-        key: key,
-        secret: secret,
-        mfa: mfa
-      )
-      puts I18n.t('message.addaccount', account: account)
-    end
+    mfa = ask_check(
+      existing: options[:mfa], message: I18n.t('message.mfa'),
+      optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
+    )
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+    Awskeyring.add_account(
+      account: account,
+      key: key,
+      secret: secret,
+      mfa: mfa
+    )
+    puts I18n.t('message.addaccount', account: account)
+  end
+  desc 'update ACCOUNT', I18n.t('update.desc')
+  method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
+  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
+  method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
+  # Update an Account
+  def update(account = nil) # rubocop:disable Metrics/MethodLength
+    account = ask_check(
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
+    )
+    key = ask_check(
+      existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
+    )
+    secret = ask_check(
+      existing: options[:secret], message: I18n.t('message.secret'),
+      secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
+    )
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+    Awskeyring.update_account(
+      account: account,
+      key: key,
+      secret: secret
+    )
+    puts I18n.t('message.upaccount', account: account)
   end
   map 'add-role' => :add_role
@@ -214,13 +226,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    item_hash = Awskeyring.get_account_hash(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: true)
     begin
       new_key = Awskeyring::Awsapi.rotate(
-        account: item_hash[:account],
-        key: item_hash[:key],
-        secret: item_hash[:secret],
+        account: cred[:account],
+        key: cred[:key],
+        secret: cred[:secret],
         key_message: I18n.t('message.rotate', account: account)
       )
     rescue Aws::Errors::ServiceError => err
@@ -263,8 +275,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
     duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
-    item_hash = Awskeyring.get_account_hash(account: account)
-    age_check(account, item_hash[:updated])
+    item_hash = age_check_and_get(account: account, no_token: true)
     role_arn = Awskeyring.get_role_arn(role_name: role) if role
     begin
@@ -298,13 +309,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   desc 'console ACCOUNT', I18n.t('console.desc')
   method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
+  method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
   # Open the AWS Console
   def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     path = options[:path] || 'console'
@@ -321,8 +332,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       exit 1
     end
-    pid = Process.spawn("open \"#{login_url}\"")
-    Process.wait pid
+    if options['no-open']
+      puts login_url
+    else
+      pid = Process.spawn("open \"#{login_url}\"")
+      Process.wait pid
+    end
   end
   desc 'awskeyring CURR PREV', I18n.t('awskeyring.desc'), hide: true
@@ -348,10 +363,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   private
-  def age_check(account, updated)
+  def age_check_and_get(account:, no_token:)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
     maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
-    age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
+    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
     warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
+    cred
   end
   def print_auto_resp(curr, len)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-08-21 00:00:00.000000000 Z
+date: 2018-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -150,6 +150,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Manages AWS credentials in the macOS keychain
 email:
 - tristan@vibrato.com.au