awskeyring 1.11.0 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +0 -1
- data/exe/awskeyring +1 -1
- data/i18n/en.yml +1 -0
- data/lib/awskeyring/awsapi.rb +32 -5
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring.rb +14 -0
- data/lib/awskeyring_command.rb +19 -4
- data/man/awskeyring.5 +4 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 73c6d89c7a836a7f9b8d75bbb1bde93a27792dbfbdc4c8cc563b0f1b4127f811
|
|
4
|
+
data.tar.gz: fe93e67911337c48cd21c8207bec071de5c5991bbbcccb96fdfc36b2728c346c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e91c2c5df102632b00cb823943381c4b1548c2baec16bb72c58724b5e0f790cc2eddac774e96efcc072bd8283efdc356e3ef77a39374659030f1fb4ff4c58ce4
|
|
7
|
+
data.tar.gz: 70cb85135e88d82902dd3f30e2cd8428f6534480d49c75dfb79001525b31c687bfb11c0df3cc35afe97f41a88e9aa32fc48626539c6788cff0c1c607efbf0a33
|
data/README.md
CHANGED
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
|
|
4
4
|
|
|
5
|
-
* [](https://app.travis-ci.com/github/tristanmorgan/awskeyring)
|
|
6
5
|
* [](https://badge.fury.io/rb/awskeyring)
|
|
7
6
|
* [](https://opensource.org/licenses/MIT)
|
|
8
7
|
* [](https://rubygems.org/gems/awskeyring)
|
data/exe/awskeyring
CHANGED
data/i18n/en.yml
CHANGED
|
@@ -5,6 +5,7 @@ en:
|
|
|
5
5
|
add_role_desc: Adds a ROLE to the keyring
|
|
6
6
|
awskeyring_desc: Autocompletion for bourne shells
|
|
7
7
|
console_desc: Open the AWS Console for the ACCOUNT
|
|
8
|
+
decode_desc: Decode an account id from a KEY
|
|
8
9
|
default_desc: Run default help or initialise if needed.
|
|
9
10
|
env_desc: Outputs bourne shell environment exports for an ACCOUNT
|
|
10
11
|
exec_desc: Execute a COMMAND with the environment set for an ACCOUNT
|
data/lib/awskeyring/awsapi.rb
CHANGED
|
@@ -25,6 +25,7 @@ module Awskeyring
|
|
|
25
25
|
# AWS Env vars
|
|
26
26
|
AWS_ENV_VARS = %w[
|
|
27
27
|
AWS_ACCOUNT_NAME
|
|
28
|
+
AWS_ACCOUNT_ID
|
|
28
29
|
AWS_ACCESS_KEY_ID
|
|
29
30
|
AWS_ACCESS_KEY
|
|
30
31
|
AWS_CREDENTIAL_EXPIRATION
|
|
@@ -85,7 +86,7 @@ module Awskeyring
|
|
|
85
86
|
)
|
|
86
87
|
end
|
|
87
88
|
rescue Aws::STS::Errors::AccessDenied => e
|
|
88
|
-
warn e
|
|
89
|
+
warn e
|
|
89
90
|
exit 1
|
|
90
91
|
end
|
|
91
92
|
|
|
@@ -123,14 +124,16 @@ module Awskeyring
|
|
|
123
124
|
# [String] secret The aws_secret_access_key
|
|
124
125
|
# [String] token The aws_session_token
|
|
125
126
|
# @return [Hash] env_var hash
|
|
126
|
-
def self.get_env_array(params = {})
|
|
127
|
+
def self.get_env_array(params = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
|
|
127
128
|
env_var = {}
|
|
128
129
|
env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
|
|
129
130
|
|
|
130
131
|
params[:expiration] = Time.at(params[:expiry]).iso8601 unless params[:expiry].nil?
|
|
132
|
+
params[:account_name] = params.delete(:account)
|
|
133
|
+
params[:account_id] = get_account_id(key: params[:key]) unless params[:key].nil?
|
|
131
134
|
|
|
132
|
-
|
|
133
|
-
|
|
135
|
+
AWS_ENV_VARS.each do |var_name|
|
|
136
|
+
params.each_key do |param_name|
|
|
134
137
|
if var_name.include?(param_name.to_s.upcase) && !params[param_name].nil?
|
|
135
138
|
env_var[var_name] = params[param_name]
|
|
136
139
|
end
|
|
@@ -151,7 +154,7 @@ module Awskeyring
|
|
|
151
154
|
sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret, session_token: token)
|
|
152
155
|
sts.get_caller_identity
|
|
153
156
|
rescue Aws::Errors::ServiceError => e
|
|
154
|
-
warn e
|
|
157
|
+
warn e
|
|
155
158
|
exit 1
|
|
156
159
|
end
|
|
157
160
|
true
|
|
@@ -229,6 +232,30 @@ module Awskeyring
|
|
|
229
232
|
region || Aws.shared_config.region(profile: 'default')
|
|
230
233
|
end
|
|
231
234
|
|
|
235
|
+
# Get the account number from an access key
|
|
236
|
+
#
|
|
237
|
+
# @param [String] key The aws_access_key_id
|
|
238
|
+
# @return [String] Account number
|
|
239
|
+
def self.get_account_id(key:)
|
|
240
|
+
padded_no = key[3..12]
|
|
241
|
+
mask = (2 << 39) - 1
|
|
242
|
+
decimal = (decode(padded_no) >> 4) & mask
|
|
243
|
+
decimal.to_s.rjust(12, '0')
|
|
244
|
+
end
|
|
245
|
+
|
|
246
|
+
# base32 decode function
|
|
247
|
+
# returns 0 on failure
|
|
248
|
+
private_class_method def self.decode(str)
|
|
249
|
+
aws_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
|
|
250
|
+
bytes = str.bytes
|
|
251
|
+
bytes.inject do |m, o|
|
|
252
|
+
i = aws_table.index(o.chr)
|
|
253
|
+
return 0 if i.nil?
|
|
254
|
+
|
|
255
|
+
(m << 5) + i
|
|
256
|
+
end
|
|
257
|
+
end
|
|
258
|
+
|
|
232
259
|
# Rotates the AWS access keys
|
|
233
260
|
#
|
|
234
261
|
# @param [String] key The aws_access_key_id
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'i18n'
|
|
|
4
4
|
require 'json'
|
|
5
5
|
require 'keychain'
|
|
6
6
|
require 'awskeyring/validate'
|
|
7
|
+
require 'awskeyring/awsapi'
|
|
7
8
|
|
|
8
9
|
# Awskeyring Module,
|
|
9
10
|
# gives you an interface to access keychains and items.
|
|
@@ -195,6 +196,19 @@ module Awskeyring # rubocop:disable Metrics/ModuleLength
|
|
|
195
196
|
(items + tokens).uniq.sort
|
|
196
197
|
end
|
|
197
198
|
|
|
199
|
+
# Return a list account item names plus account ids
|
|
200
|
+
def self.list_account_names_plus # rubocop:disable Metrics/AbcSize
|
|
201
|
+
list_items.concat(list_tokens).map do |elem|
|
|
202
|
+
account_id = Awskeyring::Awsapi.get_account_id(key: elem.attributes[:account])
|
|
203
|
+
account_name = if elem.attributes[:label].start_with?(ACCOUNT_PREFIX)
|
|
204
|
+
elem.attributes[:label][(ACCOUNT_PREFIX.length)..]
|
|
205
|
+
else
|
|
206
|
+
elem.attributes[:label][(SESSION_KEY_PREFIX.length)..]
|
|
207
|
+
end
|
|
208
|
+
"#{account_name}\t#{account_id}"
|
|
209
|
+
end.uniq.sort
|
|
210
|
+
end
|
|
211
|
+
|
|
198
212
|
# Return a list role item names
|
|
199
213
|
def self.list_role_names
|
|
200
214
|
list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..] }.sort
|
data/lib/awskeyring_command.rb
CHANGED
|
@@ -77,13 +77,18 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
desc 'list', I18n.t('list_desc')
|
|
80
|
+
method_option :detail, type: :boolean, aliases: '-d', desc: I18n.t('method_option.detail'), default: false
|
|
80
81
|
# list the accounts
|
|
81
82
|
def list
|
|
82
83
|
if Awskeyring.list_account_names.empty?
|
|
83
84
|
warn I18n.t('message.missing_account', bin: File.basename($PROGRAM_NAME))
|
|
84
85
|
exit 1
|
|
85
86
|
end
|
|
86
|
-
|
|
87
|
+
if options[:detail]
|
|
88
|
+
puts Awskeyring.list_account_names_plus.join("\n")
|
|
89
|
+
else
|
|
90
|
+
puts Awskeyring.list_account_names.join("\n")
|
|
91
|
+
end
|
|
87
92
|
end
|
|
88
93
|
|
|
89
94
|
desc 'list-role', I18n.t('list_role_desc')
|
|
@@ -198,7 +203,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
198
203
|
Process.wait pid
|
|
199
204
|
exit 1 if Process.last_status.exitstatus.positive?
|
|
200
205
|
rescue Errno::ENOENT => e
|
|
201
|
-
warn e
|
|
206
|
+
warn e
|
|
202
207
|
exit 1
|
|
203
208
|
end
|
|
204
209
|
end
|
|
@@ -330,7 +335,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
330
335
|
key_message: I18n.t('message.rotate', account: account)
|
|
331
336
|
)
|
|
332
337
|
rescue Aws::Errors::ServiceError => e
|
|
333
|
-
warn e
|
|
338
|
+
warn e
|
|
334
339
|
exit 1
|
|
335
340
|
end
|
|
336
341
|
|
|
@@ -426,6 +431,16 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
426
431
|
end
|
|
427
432
|
end
|
|
428
433
|
|
|
434
|
+
desc 'decode KEY', I18n.t('decode_desc'), hide: true
|
|
435
|
+
# decode account numbers
|
|
436
|
+
def decode(key = nil)
|
|
437
|
+
key = ask_check(
|
|
438
|
+
existing: key, message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
|
|
439
|
+
)
|
|
440
|
+
|
|
441
|
+
puts Awskeyring::Awsapi.get_account_id(key: key)
|
|
442
|
+
end
|
|
443
|
+
|
|
429
444
|
desc "#{File.basename($PROGRAM_NAME)} CURR PREV", I18n.t('awskeyring_desc'), hide: true
|
|
430
445
|
map File.basename($PROGRAM_NAME) => :autocomplete
|
|
431
446
|
# autocomplete
|
|
@@ -522,7 +537,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
522
537
|
# list command names
|
|
523
538
|
def list_commands
|
|
524
539
|
commands = self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
|
|
525
|
-
commands.reject! { |elem| %w[autocomplete default].include?(elem) }
|
|
540
|
+
commands.reject! { |elem| %w[autocomplete default decode].include?(elem) }
|
|
526
541
|
end
|
|
527
542
|
|
|
528
543
|
# list flags for a command
|
data/man/awskeyring.5
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
|
3
3
|
.
|
|
4
|
-
.TH "AWSKEYRING" "5" "
|
|
4
|
+
.TH "AWSKEYRING" "5" "December 2023" "" ""
|
|
5
5
|
.
|
|
6
6
|
.SH "NAME"
|
|
7
7
|
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
|
|
@@ -159,6 +159,9 @@ list:
|
|
|
159
159
|
.IP
|
|
160
160
|
Prints a list of accounts in the keyring
|
|
161
161
|
.
|
|
162
|
+
.IP
|
|
163
|
+
\-d, \-\-detail, \-\-no\-detail: Show more detail\.
|
|
164
|
+
.
|
|
162
165
|
.TP
|
|
163
166
|
list\-role:
|
|
164
167
|
.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|
|
@@ -92,9 +92,9 @@ licenses:
|
|
|
92
92
|
metadata:
|
|
93
93
|
bug_tracker_uri: https://github.com/tristanmorgan/awskeyring/issues
|
|
94
94
|
changelog_uri: https://github.com/tristanmorgan/awskeyring/blob/main/CHANGELOG.md
|
|
95
|
-
documentation_uri: https://rubydoc.info/gems/awskeyring/1.
|
|
95
|
+
documentation_uri: https://rubydoc.info/gems/awskeyring/1.12.0
|
|
96
96
|
rubygems_mfa_required: 'true'
|
|
97
|
-
source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.
|
|
97
|
+
source_code_uri: https://github.com/tristanmorgan/awskeyring/tree/v1.12.0
|
|
98
98
|
wiki_uri: https://github.com/tristanmorgan/awskeyring/wiki
|
|
99
99
|
post_install_message:
|
|
100
100
|
rdoc_options: []
|