awskeyring 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf00f602f71d488e5786047871727580791f3805cf53055c9d720801bae6b75b
-  data.tar.gz: be06827683d764c13767a1cda773b81dd1bcfa5e4c09958119a1b8b63698ec9c
+  metadata.gz: 30c8d91672aa45d4ed0bdf0500ce5ba053f510cd170958a785854ff10b5f0477
+  data.tar.gz: fc3e66624ea7712eedcba77119b09be088e06a5f4efd2c9d4c92388d26a2f4b0
 SHA512:
-  metadata.gz: 1adf1d2f3a8e3791494fb473a91ccebf471390120cebcbb0d1372824407637077eec4dbab37fcd4036b7f88488ba0e12e185169723144db4f5dad9222ab354b0
-  data.tar.gz: 2d829ba0a4fd623b52364f9b4b1e7918240722da89062f23e14c21d797bf2a7f55943579c39ae09f42933515f0ea476dfe23e6090dd98de6669da34aeda4b329
+  metadata.gz: 61d4e71bec6c42d350c3f3b3915c07dc70cc90c86c219774ac85bb5bc6aff7e6b09800c6efeff06ee50dbb44cb13219e6ffee2974addc3f95be480065f1d8b6e
+  data.tar.gz: d6b3489c866531e8c0c24cc3ed9a140ec734d88ae417e76610990170d08aa69c465b182c3c8dc45a131c3d10e2c80b909ee926ecfce9d83ad1e70eb6df00519b

data/CHANGELOG.md

@@ -1,6 +1,19 @@
 # Changelog
 
-## [v1.3.0](https://github.com/servian/awskeyring/tree/v1.3.0) (2020-02-20)
+## [v1.3.1](https://github.com/servian/awskeyring/tree/v1.3.1) (2020-03-20)
+
+[Full Changelog](https://github.com/servian/awskeyring/compare/v1.3.0...v1.3.1)
+
+**Implemented enhancements:**
+
+- Markdown linting changes and removed Rubocop-MD. [\#61](https://github.com/servian/awskeyring/pull/61) ([tristanmorgan](https://github.com/tristanmorgan))
+- Removed some redundant code. [\#60](https://github.com/servian/awskeyring/pull/60) ([tristanmorgan](https://github.com/tristanmorgan))
+
+**Merged pull requests:**
+
+- Update Ronn code and PR template. [\#59](https://github.com/servian/awskeyring/pull/59) ([tristanmorgan](https://github.com/tristanmorgan))
+
+## [v1.3.0](https://github.com/servian/awskeyring/tree/v1.3.0) (2020-02-19)
 
 [Full Changelog](https://github.com/servian/awskeyring/compare/v1.2.0...v1.3.0)
 

data/CONTRIBUTING.md

@@ -35,7 +35,7 @@ A friendly `README.md` written for many audiences.
 
 The [wiki].
 
-###  API documentation
+### API documentation
 
 API documentation is written as [YARD] docblocks in the Ruby code.
 

data/Gemfile

@@ -11,7 +11,6 @@ group :development do
   gem 'ronn'
   gem 'rspec'
   gem 'rubocop'
-  gem 'rubocop-md'
   gem 'rubocop-performance'
   gem 'rubocop-rake'
   gem 'rubocop-rspec'

data/README.md

@@ -44,7 +44,9 @@ Now your keys are stored safely in the macOS keychain. To print environment vari
 
     awskeyring env personal-aws
 
-Alternatively you can create a profile using the credential_process config variable. See the [AWS CLI Config docs](https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config-vars) for more details on this config option.
+Alternatively you can create a profile using the credential_process config variable. See the
+[AWS CLI Config docs](https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config-vars) for
+more details on this config option.
 
     [profile personal]
     region = us-west-1
@@ -87,22 +89,28 @@ To set your environment easily the following bash function helps:
 
 ## Development
 
-After checking out the repo, run `bundle update` to install dependencies. Then, run `bundle exec rake` to run the tests. Run `bundle exec awskeyring` to use the gem in this directory, ignoring other installed copies of this gem. Awskeyring is tested against the last two versions of Ruby shipped with macOS.
+After checking out the repo, run `bundle update` to install dependencies. Then, run `bundle exec rake` to run the
+tests. Run `bundle exec awskeyring` to use the gem in this directory, ignoring other installed copies of this gem.
+Awskeyring is tested against the last two versions of Ruby shipped with macOS.
 
 To install this gem onto your local machine, run `bundle exec rake install`.
 
 ## Security
 
-If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at [tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
+If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at
+[tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted
+to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/servian/awskeyring. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](https://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at [https://github.com/servian/awskeyring](https://github.com/servian/awskeyring).
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+the [Contributor Covenant](https://contributor-covenant.org) code of conduct.
 
 ### Contributors
 
- * Tristan [tristanmorgan](https://github.com/tristanmorgan)
- * Adam Sir [AzySir](https://github.com/AzySir)
+* Tristan [tristanmorgan](https://github.com/tristanmorgan)
+* Adam Sir [AzySir](https://github.com/AzySir)
 
 ## License
 

data/Rakefile

@@ -3,6 +3,7 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
+require 'ronn'
 require 'github_changelog_generator/task'
 require 'yard'
 
@@ -15,6 +16,10 @@ end
 
 RuboCop::RakeTask.new do |rubocop|
   rubocop.options = ['-D']
+  rubocop.requires << 'rubocop-performance'
+  rubocop.requires << 'rubocop-rake'
+  rubocop.requires << 'rubocop-rspec'
+  rubocop.requires << 'rubocop-rubycw'
 end
 
 RSpec::Core::RakeTask.new(:spec)
@@ -37,8 +42,10 @@ end
 
 desc 'generate manpage'
 task :ronn do
-  system('ronn -w -r man/awskeyring.5.ronn')
-  puts
+  puts 'Writing manpage'
+  roff_text = Ronn::Document.new('man/awskeyring.5.ronn').to_roff
+  File.write('man/awskeyring.5', roff_text)
+  puts "done\n\n"
 end
 
 YARD::Rake::YardocTask.new do |t|

data/lib/awskeyring/awsapi.rb

@@ -24,6 +24,7 @@ module Awskeyring
 
     # AWS Env vars
     AWS_ENV_VARS = %w[
+      AWS_ACCOUNT_NAME
       AWS_ACCESS_KEY_ID
       AWS_ACCESS_KEY
       AWS_SECRET_ACCESS_KEY
@@ -116,29 +117,23 @@ module Awskeyring
     # Generates Environment Variables for the AWS CLI
     #
     # @param [Hash] params including
-    #    [String] account The aws_access_key_id
+    #    [String] account The aws account name
+    #    [String] key The aws_access_key_id
     #    [String] secret The aws_secret_access_key
     #    [String] token The aws_session_token
     # @return [Hash] env_var hash
     def self.get_env_array(params = {})
       env_var = {}
       env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
-      env_var['AWS_ACCOUNT_NAME'] = params[:account] if params[:account]
 
-      if params[:key]
-        env_var['AWS_ACCESS_KEY_ID'] = params[:key]
-        env_var['AWS_ACCESS_KEY'] = params[:key]
-      end
-
-      if params[:secret]
-        env_var['AWS_SECRET_ACCESS_KEY'] = params[:secret]
-        env_var['AWS_SECRET_KEY'] = params[:secret]
+      params.each_key do |param_name|
+        AWS_ENV_VARS.each do |var_name|
+          if var_name.include?(param_name.to_s.upcase) && !params[param_name].nil?
+            env_var[var_name] = params[param_name]
+          end
+        end
       end
 
-      if params[:token]
-        env_var['AWS_SECURITY_TOKEN'] = params[:token]
-        env_var['AWS_SESSION_TOKEN'] = params[:token]
-      end
       env_var
     end
 
@@ -166,30 +161,22 @@ module Awskeyring
     # @param [String] user The local username
     # @param [String] path within the Console to access
     # @return [String] login_url to access
-    def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable Metrics/MethodLength
+    def self.get_login_url(key:, secret:, token:, path:, user:)
       console_url = "https://console.aws.amazon.com/#{path}/home"
 
-      if token
-        session_json = {
-          sessionId: key,
-          sessionKey: secret,
-          sessionToken: token
-        }.to_json
-      else
-        ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
-        sts = Aws::STS::Client.new(access_key_id: key,
-                                   secret_access_key: secret)
-
-        session = sts.get_federation_token(name: user,
-                                           policy: ADMIN_POLICY,
-                                           duration_seconds: TWELVE_HOUR)
-        session_json = {
-          sessionId: session.credentials[:access_key_id],
-          sessionKey: session.credentials[:secret_access_key],
-          sessionToken: session.credentials[:session_token]
-        }.to_json
+      unless token
+        cred = get_token({ key: key, secret: secret, user: user, duration: TWELVE_HOUR })
+        key = cred[:key]
+        secret = cred[:secret]
+        token = cred[:token]
       end
 
+      session_json = {
+        sessionId: key,
+        sessionKey: secret,
+        sessionToken: token
+      }.to_json
+
       destination_param = '&Destination=' + CGI.escape(console_url)
 
       AWS_SIGNIN_URL + '?Action=login' + token_param(session_json: session_json) + destination_param
@@ -235,10 +222,10 @@ module Awskeyring
         exit 1
       end
 
-      new_key = iam.create_access_key
+      new_key = iam.create_access_key[:access_key]
       iam = Aws::IAM::Client.new(
-        access_key_id: new_key[:access_key][:access_key_id],
-        secret_access_key: new_key[:access_key][:secret_access_key]
+        access_key_id: new_key[:access_key_id],
+        secret_access_key: new_key[:secret_access_key]
       )
       retry_backoff do
         iam.delete_access_key(
@@ -247,8 +234,8 @@ module Awskeyring
       end
       {
         account: account,
-        key: new_key[:access_key][:access_key_id],
-        secret: new_key[:access_key][:secret_access_key]
+        key: new_key[:access_key_id],
+        secret: new_key[:secret_access_key]
       }
     end
 

data/lib/awskeyring/version.rb

@@ -6,7 +6,7 @@ require 'json'
 # Version const and query of latest.
 module Awskeyring
   # The Gem's version number
-  VERSION = '1.3.0'
+  VERSION = '1.3.1'
   # The Gem's homepage
   HOMEPAGE = 'https://github.com/servian/awskeyring'
 

data/lib/awskeyring_command.rb

@@ -289,7 +289,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
   method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
   method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
   # generate a sessiopn token
-  def token(account = nil, role = nil, code = nil) # rubocop:disable all
+  def token(account = nil, role = nil, code = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     account = ask_check(
       existing: account,
       message: I18n.t('message.account'),
@@ -309,19 +309,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
         existing: code, message: I18n.t('message.code'), validator: Awskeyring::Validate.method(:mfa_code)
       )
     end
-    duration = options[:duration]
-    duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
-    duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
-    duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
-
     item_hash = age_check_and_get(account: account, no_token: true)
-    role_arn = Awskeyring.get_role_arn(role_name: role) if role
 
     begin
       new_creds = Awskeyring::Awsapi.get_token(
         code: code,
-        role_arn: role_arn,
-        duration: duration,
+        role_arn: (Awskeyring.get_role_arn(role_name: role) if role),
+        duration: default_duration(options[:duration], role, code),
         mfa: item_hash[:mfa],
         key: item_hash[:key],
         secret: item_hash[:secret],
@@ -471,6 +465,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
     Awskeyring::Awsapi::AWS_ENV_VARS.each { |key| puts "unset #{key}" unless env_var.key?(key) }
   end
 
+  def default_duration(duration, role, code)
+    duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
+    duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
+    duration || Awskeyring::Awsapi::ONE_HOUR.to_s
+  end
+
   def ask_check(existing:, message:, flags: nil, validator: nil, limited_to: nil) # rubocop:disable Metrics/MethodLength
     retries ||= 3
     begin

data/man/awskeyring.5

@@ -1,10 +1,10 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "AWSKEYRING" "5" "February 2020" "" ""
+.TH "AWSKEYRING" "5" "March 2020" "" ""
 .
 .SH "NAME"
-\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain\.
+\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
 .
 .SH "SYNOPSIS"
 awskeyring COMMAND [ACCOUNT|ROLE] [OPTIONS]
@@ -13,7 +13,7 @@ awskeyring COMMAND [ACCOUNT|ROLE] [OPTIONS]
 awskeyring help COMMAND
 .
 .SH "DESCRIPTION"
-The Awskeyring utility stores and manages AWS access keys and provides the facailty to generate access tokens with combinations of assumed roles and multi\-factor\-authentication codes\. It includes autocompletion features and multiple validation checks for input parsing\. It also includes the ability for the AWS CLI to call it directly to provide authentication\.
+The Awskeyring utility stores and manages AWS access keys and provides the facility to generate access tokens with combinations of assumed roles and multi\-factor\-authentication codes\. It includes autocompletion features and multiple validation checks for input parsing\. It also includes the ability for the AWS CLI to call it directly to provide authentication\.
 .
 .P
 The commands are as follows:

data/man/awskeyring.5.ronn

@@ -1,4 +1,4 @@
-# Awskeyring -- is a small tool to manage AWS account keys in the macOS Keychain.
+# Awskeyring -- is a small tool to manage AWS account keys in the macOS Keychain
 
 ## SYNOPSIS
 
@@ -8,81 +8,84 @@ awskeyring help COMMAND
 
 ## DESCRIPTION
 
-The Awskeyring utility stores and manages AWS access keys and provides the facailty to generate access tokens with combinations of assumed roles and multi-factor-authentication codes. It includes autocompletion features and multiple validation checks for input parsing. It also includes the ability for the AWS CLI to call it directly to provide authentication.
+The Awskeyring utility stores and manages AWS access keys and provides the facility to generate access tokens with
+combinations of assumed roles and multi-factor-authentication codes. It includes autocompletion features and multiple
+validation checks for input parsing. It also includes the ability for the AWS CLI to call it directly to provide authentication.
 
 The commands are as follows:
 
-  *  --version, -v:
+* --version, -v:
 
     Prints the version
 
-  *  add ACCOUNT:
+* add ACCOUNT:
 
     Adds an ACCOUNT to the keyring
 
-  *  add-role ROLE:
+* add-role ROLE:
 
     Adds a ROLE to the keyring
 
-*  console ACCOUNT:
+* console ACCOUNT:
 
     Open the AWS Console for the ACCOUNT
 
-*  env ACCOUNT:
+* env ACCOUNT:
 
     Outputs bourne shell environment exports for an ACCOUNT
 
-*  exec ACCOUNT command...:
+* exec ACCOUNT command...:
 
     Execute a COMMAND with the environment set for an ACCOUNT
 
-*  help [COMMAND]:
+* help [COMMAND]:
 
     Describe available commands or one specific command
 
-*  initialise:
+* initialise:
 
     Initialises a new KEYCHAIN
 
-*  json ACCOUNT:
+* json ACCOUNT:
 
     Outputs AWS CLI compatible JSON for an ACCOUNT
 
-*  list:
+* list:
 
     Prints a list of accounts in the keyring
 
-*  list-role:
+* list-role:
 
     Prints a list of roles in the keyring
 
-*  remove ACCOUNT:
+* remove ACCOUNT:
 
     Removes an ACCOUNT from the keyring
 
-*  remove-role ROLE:
+* remove-role ROLE:
 
     Removes a ROLE from the keyring
 
-*  remove-token ACCOUNT:
+* remove-token ACCOUNT:
 
     Removes a token for ACCOUNT from the keyring
 
-*  rotate ACCOUNT:
+* rotate ACCOUNT:
 
     Rotate access keys for an ACCOUNT
 
-*  token ACCOUNT [ROLE] [MFA]:
+* token ACCOUNT [ROLE] [MFA]:
 
     Create an STS Token from a ROLE or an MFA code
 
-*  update ACCOUNT:
+* update ACCOUNT:
 
     Updates an ACCOUNT in the keyring
 
 ## ENVIRONMENT
 
-The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us-east-1 when not.
+The AWS_DEFAULT_REGION environment variable will be used for AWS API calls where specified or fall back to us-east-1
+when not.
 
 ## EXIT STATUS
 
@@ -113,7 +116,9 @@ like [HashiCorp Vault](https://vaultproject.io/).
 
 ## SECURITY
 
-If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at [tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
+If you believe you have found a security issue in Awskeyring, please responsibly disclose by contacting me at
+[tristan@vibrato.com.au](mailto:tristan@vibrato.com.au). Awskeyring is a Ruby script and as such Ruby is whitelisted to
+access your "awskeyring" keychain. Use a strong password and keep the unlock time short.
 
 ## AUTHOR
 
@@ -121,8 +126,8 @@ Tristan Morgan <tristan@vibrato.com.au> is the maintainer of Awskeyring.
 
 ## CONTRIBUTORS
 
- * Tristan [tristanmorgan](https://github.com/tristanmorgan)
- * Adam Sir [AzySir](https://github.com/AzySir)
+* Tristan [tristanmorgan](https://github.com/tristanmorgan)
+* Adam Sir [AzySir](https://github.com/AzySir)
 
 ## LICENSE
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: awskeyring
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Tristan Morgan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-02-19 00:00:00.000000000 Z
+date: 2020-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-iam