awskeyring 1.9.5 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6ba49e965bca0b0058320cec1abfaaad640ce032c8e0307e1eb00c234de1290
-  data.tar.gz: 74c07eac3bf8080a776460a6466e789e6c18a31880fc619ea8ce2dca200b5d01
+  metadata.gz: 9d9c2970e11f8010bdad75abe884f095359e4b673286bae9d9b71bffc0ba4be1
+  data.tar.gz: d1f1aa922b0a1625fb53cc3354895fefaedb719ef78336506603260fef6e9fb1
 SHA512:
-  metadata.gz: 93fe4ab30ce3b64de1ca11f3db11253593c5aba9935bb9b766ab17121f8fd4ae931ce3ac99769ca97bb00682b13b8909092e2741e95f4aa6fdffc967edeb345a
-  data.tar.gz: 39ababe4689fd33f5c5600adb08646e3e42fa0a67e5e93b69d608c346d90b4628ec828e35f1646038904f9b1e4f0017ed62e756222791f24cf4ae14acd275fd2
+  metadata.gz: 60866afa30750d31ac60400e40176688164b7013180a6457ee0c88fdd5ce4bbcffca7ed4102e0f2ea1946d8c866998b559fd4a5ec60fb70a0183555cd4dab556
+  data.tar.gz: fc5a66e3ee183f8f460e6272ff4d9a8f7ec5abbec4dd3d6ddeb0b899dbd524ea5ee830d2aa489929f3de0e0d235cca0debcb636a36353b3cb7cf87755fd1cf9b

data/i18n/en.yml

@@ -35,6 +35,7 @@ en:
     browser: 'Specify an alternative browser.'
     secret: 'AWS account secret.'
     unset: 'Unset environment variables.'
+    force: 'Force output to a tty.'
   message:
     keychain: 'Name for new keychain (default: awskeyring)'
     account: 'account name'
@@ -57,6 +58,7 @@ en:
     deltoken: '# Removing token for account %{account}'
     delexpired: '# Removing expired session credentials'
     exec: '# COMMAND not provided'
+    ttyblock: '# Output suppressed to a tty, --force to override'
     missing: '# Config missing, run `%{bin} initialise` to recreate.'
     missing_account: '# No accounts added, run `%{bin} add` to add.'
     missing_role: '# No roles added, run `%{bin} add-role` to add.'

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.9.5'
+  VERSION = '1.10.0'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring_command.rb

@@ -102,6 +102,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   desc 'env ACCOUNT', I18n.t('env_desc')
+  method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option :unset, type: :boolean, aliases: '-u', desc: I18n.t('method_option.unset'), default: false
   # Print Env vars
@@ -109,6 +110,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     if options[:unset]
       put_env_string(account: nil, key: nil, secret: nil, token: nil)
     else
+      output_safe(options[:force])
       account = ask_check(
         existing: account, message: I18n.t('message.account'),
         validator: Awskeyring.method(:account_exists),
@@ -120,9 +122,11 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   desc 'json ACCOUNT', I18n.t('json_desc')
+  method_option :force, type: :boolean, aliases: '-f', desc: I18n.t('method_option.force'), default: false
   method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # Print JSON for use with credential_process
-  def json(account)
+  def json(account) # rubocop:disable Metrics/AbcSize
+    output_safe(options[:force])
     account = ask_check(
       existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
       limited_to: Awskeyring.list_account_names
@@ -174,8 +178,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   desc 'exec ACCOUNT command...', I18n.t('exec_desc')
-  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option 'no-bundle', type: :boolean, aliases: '-b', desc: I18n.t('method_option.nobundle'), default: false
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   # execute an external command with env set
   def exec(account, *command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     if command.empty?
@@ -192,7 +196,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     begin
       pid = Process.spawn(env_vars, command.join(' '))
       Process.wait pid
-      $CHILD_STATUS
+      exit 1 if Process.last_status.exitstatus.positive?
     rescue Errno::ENOENT => e
       warn e.to_s
       exit 1
@@ -201,9 +205,9 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   desc 'add ACCOUNT', I18n.t('add_desc')
   method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
-  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
   method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
+  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   # Add an Account
   def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     account = ask_check(
@@ -232,8 +236,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
 
   desc 'update ACCOUNT', I18n.t('update_desc')
   method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
-  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
+  method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
   # Update an Account
   def update(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
     account = ask_check(
@@ -388,10 +392,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   end
 
   desc 'console ACCOUNT', I18n.t('console_desc')
-  method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
   method_option :browser, type: :string, aliases: '-b', desc: I18n.t('method_option.browser')
-  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
   method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
+  method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
+  method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
   # Open the AWS Console
   def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     account = ask_check(
@@ -418,6 +422,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
       spawn_cmd = options[:browser] ? "open -a \"#{options[:browser]}\" \"#{login_url}\"" : "open \"#{login_url}\""
       pid = Process.spawn(spawn_cmd)
       Process.wait pid
+      exit 1 if Process.last_status.exitstatus.positive?
     end
   end
 
@@ -446,7 +451,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   # when a double dash is parsed it is dropped from the args but we need it
   def fix_args(curr, prev)
     if prev.nil?
-      [ARGV[1], ARGV[2]]
+      [ARGF.argv[1], ARGF.argv[2]]
     else
       [curr, prev]
     end
@@ -540,6 +545,14 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     cred
   end
 
+  # warn if output is unsafe unless forced
+  def output_safe(force)
+    return if force || !$stdout.isatty
+
+    warn I18n.t('message.ttyblock')
+    exit 1
+  end
+
   # print exports from map
   def put_env_string(cred)
     env_var = Awskeyring::Awsapi.get_env_array(cred)

data/man/awskeyring.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "October 2022" "" ""
+.TH "AWSKEYRING" "5" "November 2022" "" ""
 .
 .SH "NAME"
 \fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
@@ -41,14 +41,14 @@ Adds an ACCOUNT to the keyring
 \-k, \-\-key=KEY: AWS account key id\.
 .
 .br
-\-s, \-\-secret=SECRET: AWS account secret\.
-.
-.br
 \-m, \-\-mfa=MFA: AWS virtual mfa arn\.
 .
 .br
 \-r, \-\-no\-remote: Do not validate with remote api\.
 .
+.br
+\-s, \-\-secret=SECRET: AWS account secret\.
+.
 .TP
 add\-role ROLE:
 .
@@ -69,16 +69,16 @@ Open the AWS Console for the ACCOUNT
 .br
 .
 .IP
-\-p, \-\-path=PATH: The service PATH to open\.
+\-b, \-\-browser=BROWSER: Specify an alternative browser\.
 .
 .br
-\-b, \-\-browser=BROWSER: Specify an alternative browser\.
+\-o, \-\-no\-open: Do not open the url\.
 .
 .br
 \-n, \-\-no\-token: Do not use saved token\.
 .
 .br
-\-o, \-\-no\-open: Do not open the url\.
+\-p, \-\-path=PATH: The service PATH to open\.
 .
 .TP
 env ACCOUNT:
@@ -89,6 +89,9 @@ Outputs bourne shell environment exports for an ACCOUNT
 .br
 .
 .IP
+\-f, \-\-force: Force output to a tty\.
+.
+.br
 \-n, \-\-no\-token: Do not use saved token\.
 .
 .br
@@ -103,10 +106,10 @@ Execute a COMMAND with the environment set for an ACCOUNT
 .br
 .
 .IP
-\-n, \-\-no\-token: Do not use saved token\.
+\-b, \-\-no\-bundle: Unset Bundler environment variables\.
 .
 .br
-\-b, \-\-no\-bundle: Unset Bundler environment variables\.
+\-n, \-\-no\-token: Do not use saved token\.
 .
 .TP
 help [COMMAND]:
@@ -145,6 +148,9 @@ Outputs AWS CLI compatible JSON for an ACCOUNT
 .br
 .
 .IP
+\-f, \-\-force: Force output to a tty\.
+.
+.br
 \-n, \-\-no\-token: Do not use saved token\.
 .
 .TP
@@ -214,10 +220,10 @@ Updates an ACCOUNT in the keyring
 \-k, \-\-key=KEY: AWS account key id\.
 .
 .br
-\-s, \-\-secret=SECRET: AWS account secret\.
+\-r, \-\-no\-remote: Do not validate with remote api\.
 .
 .br
-\-r, \-\-no\-remote: Do not validate with remote api\.
+\-s, \-\-secret=SECRET: AWS account secret\.
 .
 .SH "ENVIRONMENT"
 The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us\-east\-1 when not\.
@@ -290,6 +296,47 @@ complete \-C /usr/local/bin/awskeyring awskeyring
 .
 .IP "" 0
 .
+.SH "CONFIGURATION"
+A Configuration file is stored in the users home directory at \fB~/\.awskeyring\fR as a JSON formatted file\. Most of the fields have a default value except the awskeyring field\.
+.
+.IP "" 4
+.
+.nf
+
+{
+  "awskeyring": "awskeyring",
+  "browser":    ["FireFox", "Google Chrome", "Safari"],
+  "console":    ["ec2/v2", "cloudwatch", "iam"],
+  "keyage":     90
+}
+.
+.fi
+.
+.IP "" 0
+.
+.IP "1." 4
+The first field is the Keychain that your keys will be saved in\.
+.
+.br
+
+.
+.IP "2." 4
+A list of your browsers to use the console command with\.
+.
+.br
+
+.
+.IP "3." 4
+The next is the list of AWS Console pages autocomplete will present\.
+.
+.br
+
+.
+.IP "4." 4
+The last field is the warning threshold for key age\.
+.
+.IP "" 0
+.
 .SH "HISTORY"
 The motivation of this application is to provide a local secure store of AWS credentials using specifically in the macOS Keychain, to have them easily accessed from the Terminal, and to provide useful functions like assuming roles and opening the AWS Console from the cli\. It then expanded to include autocomplete and a desire to have an almost complete test coverage to prevent regressions in its functionality\. For Enterprise environments there are better suited tools to use like HashiCorp Vault \fIhttps://vaultproject\.io/\fR\.
 .

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.9.5
+  version: 1.10.0
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-10-31 00:00:00.000000000 Z
+date: 2022-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam
@@ -92,9 +92,9 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/servian/awskeyring/issues
   changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
-  documentation_uri: https://rubydoc.info/gems/awskeyring/1.9.5
+  documentation_uri: https://rubydoc.info/gems/awskeyring/1.10.0
   rubygems_mfa_required: 'true'
-  source_code_uri: https://github.com/servian/awskeyring/tree/v1.9.5
+  source_code_uri: https://github.com/servian/awskeyring/tree/v1.10.0
   wiki_uri: https://github.com/servian/awskeyring/wiki
 post_install_message: 
 rdoc_options: []