RubyGems - awskeyring - Versions diffs - 0.4.0 → 0.5.0 - Mend

awskeyring 0.4.0 → 0.5.0

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 045e119cd7be746d03d7b12c73d804958cc5331b
-  data.tar.gz: 1e7bc87c08887ed8625a80d629d5822ca60a3d08
+  metadata.gz: c6053b960d27395acf21d82a71883cdcf5788959
+  data.tar.gz: 0f8efce2feb5af0a87d7be239a85733448eee90d
 SHA512:
-  metadata.gz: 92b6df41a05aef2d2c4246b86daad7a6fdc4c8092192e05341167e6b707663ca73d9babbcc8ef871644743d40b2e84207f985eb4cfc140296a8297c18afebe94
-  data.tar.gz: 4c32c86b6ed103a50e4218e1f6a258e0bbe29ddd79de7470a56b149567fa2a66ca5515540092714c57cde7c98987a211d7ac87dfed17c11c682039db92455728
+  metadata.gz: 8449e554b6d4543d851d4caf488807965e5a5ee2cb656a4eb5535662254bc273ca457f76b1a8b0f435ecd771d7b5fb1cd6a8f1521fd6cca5c6d09b70f13246a1
+  data.tar.gz: 71d5d0e493329b3b6dc3c203175c79baf3a5caba618885863e9bc358c934f9d5215161fbe0a609b8c7cbc69d8f02aa6615960c6b1fde36e2c78f4fc37ea1332d

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # Change Log
+## [v0.5.0](https://github.com/vibrato/awskeyring/tree/v0.5.0) (2018-09-10)
+[Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.4.0...v0.5.0)
+**Implemented enhancements:**
+- Separate update account from add account. [\#28](https://github.com/vibrato/awskeyring/pull/28) ([tristanmorgan](https://github.com/tristanmorgan))
+**Merged pull requests:**
+- Refactor [\#27](https://github.com/vibrato/awskeyring/pull/27) ([tristanmorgan](https://github.com/tristanmorgan))
 ## [v0.4.0](https://github.com/vibrato/awskeyring/tree/v0.4.0) (2018-08-21)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.3.1...v0.4.0)
@@ -73,7 +84,7 @@
 ## [v0.0.5](https://github.com/vibrato/awskeyring/tree/v0.0.5) (2018-02-15)
 [Full Changelog](https://github.com/vibrato/awskeyring/compare/v0.0.4...v0.0.5)
-**Closed issues:**
+**Fixed bugs:**
 - Issue on add [\#7](https://github.com/vibrato/awskeyring/issues/7)

data/README.md CHANGED Viewed

@@ -67,6 +67,7 @@ The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
       awskeyring remove-token ACCOUNT        # Removes a token for ACCOUNT from the keyring
       awskeyring rotate ACCOUNT              # Rotate access keys for an ACCOUNT
       awskeyring token ACCOUNT [ROLE] [MFA]  # Create an STS Token from a ROLE or an MFA code
+      awskeyring update ACCOUNT              # Updates an ACCOUNT in the keyring
 and autocomplete that can be installed with:

data/Rakefile CHANGED Viewed

@@ -2,6 +2,7 @@ require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
 require 'github_changelog_generator/task'
+require 'yard'
 GitHubChangelogGenerator::RakeTask.new :changelog do |config|
   config.future_release = "v#{Awskeyring::VERSION}"
@@ -29,4 +30,9 @@ task :filemode do
   print "\n"
 end
-task default: %i[filemode rubocop spec]
+YARD::Rake::YardocTask.new do |t|
+  t.options = ['--fail-on-warning', '--no-progress']
+  t.stats_options = ['--list-undoc']
+end
+task default: %i[filemode rubocop spec yard]

data/awskeyring.gemspec CHANGED Viewed

@@ -29,4 +29,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'yard'
 end

data/i18n/en.yml CHANGED Viewed

@@ -32,6 +32,8 @@ en:
     desc: Rotate access keys for an ACCOUNT
   token:
     desc: Create an STS Token from a ROLE or an MFA code
+  update:
+    desc: Updates an ACCOUNT in the keyring
   method_option:
     arn: 'AWS role arn.'
     code: 'Virtual mfa CODE.'
@@ -40,11 +42,11 @@ en:
     keychain: 'Name of KEYCHAIN to initialise.'
     local: 'Only validate locally.'
     mfa: 'AWS virtual mfa arn.'
+    noopen: 'Do not open the url.'
     notoken: 'Do not use saved token.'
     path: 'The service PATH to open.'
     role: 'The ROLE to assume.'
     secret: 'AWS account secret.'
-    update: 'Update existing.'
   message:
     keychain: 'Name for new keychain (default: awskeyring)'
     account: 'account name'

data/lib/awskeyring/awsapi.rb CHANGED Viewed

@@ -17,7 +17,9 @@ module Awskeyring
       }]
     }.to_json.freeze
+    # Twelve hours in seconds
     TWELVE_HOUR = (60 * 60 * 12)
+    # One hour in seconds
     ONE_HOUR = (60 * 60 * 1)
     # Days in seconds
     ONE_DAY = (24 * 60 * 60)
@@ -100,7 +102,6 @@ module Awskeyring
     #
     # @param [String] key The aws_access_key_id
     # @param [String] secret The aws_secret_access_key
-    # @param [String] token The aws_session_token
     def self.verify_cred(key:, secret:)
       begin
         ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region

data/lib/awskeyring/validate.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module Awskeyring
     # @param [String] account_name the associated account name.
     def self.account_name(account_name)
       raise 'Invalid Account Name' unless account_name =~ /\S+/
       account_name
     end
@@ -16,6 +17,7 @@ module Awskeyring
     # @param [String] aws_access_key The aws_access_key_id
     def self.access_key(aws_access_key)
       raise 'Invalid Access Key' unless aws_access_key =~ /\AAKIA[A-Z0-9]{12,16}\z/
       aws_access_key
     end
@@ -24,6 +26,7 @@ module Awskeyring
     # @param [String] aws_secret_access_key The aws_secret_access_key
     def self.secret_access_key(aws_secret_access_key)
       raise 'Secret Access Key is not 40 chars' if aws_secret_access_key.length != 40
       aws_secret_access_key
     end
@@ -32,6 +35,7 @@ module Awskeyring
     # @param [String] mfa_arn The users MFA arn
     def self.mfa_arn(mfa_arn)
       raise 'Invalid MFA ARN' unless mfa_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:mfa\/\S*\z)
       mfa_arn
     end
@@ -40,6 +44,7 @@ module Awskeyring
     # @param [String] role_name
     def self.role_name(role_name)
       raise 'Invalid Role Name' unless role_name =~ /\S+/
       role_name
     end
@@ -48,6 +53,7 @@ module Awskeyring
     # @param [String] role_arn The role arn
     def self.role_arn(role_arn)
       raise 'Invalid Role ARN' unless role_arn =~ %r(\Aarn:aws:iam::[0-9]{12}:role\/\S*\z)
       role_arn
     end
@@ -56,6 +62,7 @@ module Awskeyring
     # @param [String] mfa_code The mfa code
     def self.mfa_code(mfa_code)
       raise 'Invalid MFA CODE' unless mfa_code =~ /\A\d{6}\z/
       mfa_code
     end
   end

data/lib/awskeyring/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Awskeyring
   # The Gems version number
-  VERSION = '0.4.0'.freeze
+  VERSION = '0.5.0'.freeze
 end

data/lib/awskeyring.rb CHANGED Viewed

@@ -128,7 +128,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   end
   # Return a session token pair of items by name
-  private_class_method def self.get_pair(account:)
+  private_class_method def self.get_token_pair(account:)
     session_key = all_items.where(label: SESSION_KEY_PREFIX + account).first
     session_token = all_items.where(label: SESSION_TOKEN_PREFIX + account).first if session_key
     [session_key, session_token]
@@ -145,11 +145,11 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   end
   # Return a session token if available or a static key
-  private_class_method def self.get_valid_item_pair(account:)
-    session_key, session_token = get_pair(account: account)
+  private_class_method def self.get_valid_item_pair(account:, no_token: false)
+    session_key, session_token = get_token_pair(account: account)
     session_key, session_token = delete_expired(key: session_key, token: session_token) if session_key
-    if session_key && session_token
+    if session_key && session_token && !no_token
       puts I18n.t('message.temporary')
       return session_key, session_token
     end
@@ -164,33 +164,16 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Return valid creds for account
   def self.get_valid_creds(account:, no_token: false)
-    if no_token
-      cred = get_item(account: account)
-      temp_cred = nil
-    else
-      cred, temp_cred = get_valid_item_pair(account: account)
-    end
+    cred, temp_cred = get_valid_item_pair(account: account, no_token: no_token)
     token = temp_cred.password unless temp_cred.nil?
     expiry = temp_cred.attributes[:account].to_i unless temp_cred.nil?
     {
       account: account,
-      key: cred.attributes[:account],
-      secret: cred.password,
-      token: token,
       expiry: expiry,
-      updated: cred.attributes[:updated_at]
-    }
-  end
-  # Return a hash for account (skip tokens)
-  def self.get_account_hash(account:)
-    cred = get_item(account: account)
-    return unless cred
-    {
-      account: account,
       key: cred.attributes[:account],
+      mfa: no_token ? cred.attributes[:comment] : nil,
       secret: cred.password,
-      mfa: cred.attributes[:comment],
+      token: token,
       updated: cred.attributes[:updated_at]
     }
   end
@@ -215,6 +198,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete session token items
   private_class_method def self.delete_pair(key:, token:, message:)
     return unless key
     puts message if message
     token.delete if token
     key.delete
@@ -222,7 +206,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   # Delete a session token
   def self.delete_token(account:, message:)
-    session_key, session_token = get_pair(account: account)
+    session_key, session_token = get_token_pair(account: account)
     delete_pair(key: session_key, token: session_token, message: message)
   end
@@ -231,6 +215,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
     delete_token(account: account, message: I18n.t('message.delexpired'))
     cred = get_item(account: account)
     return unless cred
     puts message if message
     cred.delete
   end
@@ -239,6 +224,7 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
   def self.delete_role(role_name:, message:)
     role = get_role(role_name: role_name)
     return unless role
     puts message if message
     role.delete
   end

data/lib/awskeyring_command.rb CHANGED Viewed

@@ -21,6 +21,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   map ['rmr'] => :remove_role
   map ['rmt'] => :remove_token
   map ['rot'] => :rotate
+  map ['up'] => :update
   desc '--version, -v', I18n.t('__version.desc')
   # print the version number
@@ -68,8 +69,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     put_env_string(
       account: cred[:account],
       key: cred[:key],
@@ -85,8 +85,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
     puts Awskeyring::Awsapi.get_cred_json(
       key: cred[:key],
@@ -100,8 +99,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
   def exec(account, *command)
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     env_vars = env_vars(
       account: cred[:account],
       key: cred[:key],
@@ -117,7 +115,6 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
   method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
-  method_option :update, type: :boolean, aliases: '-u', desc: I18n.t('method_option.update'), default: false
   # Add an Account
   def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     account = ask_check(
@@ -130,28 +127,43 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       existing: options[:secret], message: I18n.t('message.secret'),
       secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
     )
-    if options[:update]
-      Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
-      Awskeyring.update_account(
-        account: account,
-        key: key,
-        secret: secret
-      )
-      puts I18n.t('message.upaccount', account: account)
-    else
-      mfa = ask_check(
-        existing: options[:mfa], message: I18n.t('message.mfa'),
-        optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
-      )
-      Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
-      Awskeyring.add_account(
-        account: account,
-        key: key,
-        secret: secret,
-        mfa: mfa
-      )
-      puts I18n.t('message.addaccount', account: account)
-    end
+    mfa = ask_check(
+      existing: options[:mfa], message: I18n.t('message.mfa'),
+      optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
+    )
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+    Awskeyring.add_account(
+      account: account,
+      key: key,
+      secret: secret,
+      mfa: mfa
+    )
+    puts I18n.t('message.addaccount', account: account)
+  end
+  desc 'update ACCOUNT', I18n.t('update.desc')
+  method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
+  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
+  method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
+  # Update an Account
+  def update(account = nil) # rubocop:disable Metrics/MethodLength
+    account = ask_check(
+      existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
+    )
+    key = ask_check(
+      existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
+    )
+    secret = ask_check(
+      existing: options[:secret], message: I18n.t('message.secret'),
+      secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
+    )
+    Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+    Awskeyring.update_account(
+      account: account,
+      key: key,
+      secret: secret
+    )
+    puts I18n.t('message.upaccount', account: account)
   end
   map 'add-role' => :add_role
@@ -214,13 +226,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    item_hash = Awskeyring.get_account_hash(account: account)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: true)
     begin
       new_key = Awskeyring::Awsapi.rotate(
-        account: item_hash[:account],
-        key: item_hash[:key],
-        secret: item_hash[:secret],
+        account: cred[:account],
+        key: cred[:key],
+        secret: cred[:secret],
         key_message: I18n.t('message.rotate', account: account)
       )
     rescue Aws::Errors::ServiceError => err
@@ -263,8 +275,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
     duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
-    item_hash = Awskeyring.get_account_hash(account: account)
-    age_check(account, item_hash[:updated])
+    item_hash = age_check_and_get(account: account, no_token: true)
     role_arn = Awskeyring.get_role_arn(role_name: role) if role
     begin
@@ -298,13 +309,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   desc 'console ACCOUNT', I18n.t('console.desc')
   method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
+  method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
   # Open the AWS Console
   def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
     )
-    cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
-    age_check(account, cred[:updated])
+    cred = age_check_and_get(account: account, no_token: options['no-token'])
     path = options[:path] || 'console'
@@ -321,8 +332,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       exit 1
     end
-    pid = Process.spawn("open \"#{login_url}\"")
-    Process.wait pid
+    if options['no-open']
+      puts login_url
+    else
+      pid = Process.spawn("open \"#{login_url}\"")
+      Process.wait pid
+    end
   end
   desc 'awskeyring CURR PREV', I18n.t('awskeyring.desc'), hide: true
@@ -348,10 +363,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   private
-  def age_check(account, updated)
+  def age_check_and_get(account:, no_token:)
+    cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
     maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
-    age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
+    age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
     warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
+    cred
   end
   def print_auto_resp(curr, len)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-08-21 00:00:00.000000000 Z
+date: 2018-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -150,6 +150,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Manages AWS credentials in the macOS keychain
 email:
 - tristan@vibrato.com.au