awskeyring 1.8.4 → 1.8.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -18
- data/i18n/en.yml +1 -1
- data/lib/awskeyring/version.rb +1 -1
- data/lib/awskeyring_command.rb +35 -11
- data/man/awskeyring.5 +3 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df8b15491f307691db7f25727bdc12f5a90ba71b816e6b14b14a71bdbd53c594
|
|
4
|
+
data.tar.gz: af3cc61ea5c8c44025254b5fb9a90a087e67a2c556f7391006acc188ab5be214
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c20ade29e6499e0fa836cb7532dd1dd8776659ed7c3e69cc905c6ea34ae5a46b3af24320a94781996af7cdbb0cc4e69fabe86259d7aaa99048b577c5a9a09208
|
|
7
|
+
data.tar.gz: 547a0ad97e0e38b7b6e61d7b8275ab75c18a114d83a540de293c410cd4835f4a429bf829863e62fce4c8350ece488d0d4d4a0571c17b9e1a0b97b4416eaa51e2
|
data/README.md
CHANGED
|
@@ -62,24 +62,24 @@ more details on this config option.
|
|
|
62
62
|
The CLI is using [Thor](http://whatisthor.com) with help provided interactively.
|
|
63
63
|
|
|
64
64
|
Awskeyring commands:
|
|
65
|
-
awskeyring --version, -v
|
|
66
|
-
awskeyring add ACCOUNT
|
|
67
|
-
awskeyring add-role ROLE
|
|
68
|
-
awskeyring console ACCOUNT
|
|
69
|
-
awskeyring env ACCOUNT
|
|
70
|
-
awskeyring exec ACCOUNT command...
|
|
71
|
-
awskeyring help [COMMAND]
|
|
72
|
-
awskeyring import ACCOUNT
|
|
73
|
-
awskeyring initialise
|
|
74
|
-
awskeyring json ACCOUNT
|
|
75
|
-
awskeyring list
|
|
76
|
-
awskeyring list-role
|
|
77
|
-
awskeyring remove ACCOUNT
|
|
78
|
-
awskeyring remove-role ROLE
|
|
79
|
-
awskeyring remove-token ACCOUNT
|
|
80
|
-
awskeyring rotate ACCOUNT
|
|
81
|
-
awskeyring token ACCOUNT [ROLE] [
|
|
82
|
-
awskeyring update ACCOUNT
|
|
65
|
+
awskeyring --version, -v # Prints the version
|
|
66
|
+
awskeyring add ACCOUNT # Adds an ACCOUNT to the keyring
|
|
67
|
+
awskeyring add-role ROLE # Adds a ROLE to the keyring
|
|
68
|
+
awskeyring console ACCOUNT # Open the AWS Console for the ACCOUNT
|
|
69
|
+
awskeyring env ACCOUNT # Outputs bourne shell environment exports for an ACCOUNT
|
|
70
|
+
awskeyring exec ACCOUNT command... # Execute a COMMAND with the environment set for an ACCOUNT
|
|
71
|
+
awskeyring help [COMMAND] # Describe available commands or one specific command
|
|
72
|
+
awskeyring import ACCOUNT # Import an ACCOUNT to the keyring from ~/.aws/credentials
|
|
73
|
+
awskeyring initialise # Initialises a new KEYCHAIN
|
|
74
|
+
awskeyring json ACCOUNT # Outputs AWS CLI compatible JSON for an ACCOUNT
|
|
75
|
+
awskeyring list # Prints a list of accounts in the keyring
|
|
76
|
+
awskeyring list-role # Prints a list of roles in the keyring
|
|
77
|
+
awskeyring remove ACCOUNT # Removes an ACCOUNT from the keyring
|
|
78
|
+
awskeyring remove-role ROLE # Removes a ROLE from the keyring
|
|
79
|
+
awskeyring remove-token ACCOUNT # Removes a token for ACCOUNT from the keyring
|
|
80
|
+
awskeyring rotate ACCOUNT # Rotate access keys for an ACCOUNT
|
|
81
|
+
awskeyring token ACCOUNT [ROLE] [CODE] # Create an STS Token from a ROLE or an mfa CODE
|
|
82
|
+
awskeyring update ACCOUNT # Updates an ACCOUNT in the keyring
|
|
83
83
|
|
|
84
84
|
and autocomplete that can be installed with:
|
|
85
85
|
|
data/i18n/en.yml
CHANGED
|
@@ -17,7 +17,7 @@ en:
|
|
|
17
17
|
remove_role_desc: Removes a ROLE from the keyring
|
|
18
18
|
remove_token_desc: Removes a token for ACCOUNT from the keyring
|
|
19
19
|
rotate_desc: Rotate access keys for an ACCOUNT
|
|
20
|
-
token_desc: Create an STS Token from a ROLE or an
|
|
20
|
+
token_desc: Create an STS Token from a ROLE or an mfa CODE
|
|
21
21
|
update_desc: Updates an ACCOUNT in the keyring
|
|
22
22
|
method_option:
|
|
23
23
|
arn: 'AWS role arn.'
|
data/lib/awskeyring/version.rb
CHANGED
data/lib/awskeyring_command.rb
CHANGED
|
@@ -335,7 +335,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
335
335
|
puts I18n.t('message.upaccount', account: account)
|
|
336
336
|
end
|
|
337
337
|
|
|
338
|
-
desc 'token ACCOUNT [ROLE] [
|
|
338
|
+
desc 'token ACCOUNT [ROLE] [CODE]', I18n.t('token_desc')
|
|
339
339
|
method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
|
|
340
340
|
method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
|
|
341
341
|
# generate a sessiopn token
|
|
@@ -430,7 +430,8 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
430
430
|
desc "#{File.basename($PROGRAM_NAME)} CURR PREV", I18n.t('awskeyring_desc'), hide: true
|
|
431
431
|
map File.basename($PROGRAM_NAME) => :autocomplete
|
|
432
432
|
# autocomplete
|
|
433
|
-
def autocomplete(curr, prev)
|
|
433
|
+
def autocomplete(curr, prev = nil)
|
|
434
|
+
curr, prev = fix_args(curr, prev)
|
|
434
435
|
comp_line = ENV['COMP_LINE']
|
|
435
436
|
comp_point_str = ENV['COMP_POINT']
|
|
436
437
|
unless comp_line && comp_point_str
|
|
@@ -448,16 +449,16 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
448
449
|
|
|
449
450
|
private
|
|
450
451
|
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
cred
|
|
452
|
+
# when a double dash is parsed it is dropped from the args but we need it
|
|
453
|
+
def fix_args(curr, prev)
|
|
454
|
+
if prev.nil?
|
|
455
|
+
[ARGV[1], ARGV[2]]
|
|
456
|
+
else
|
|
457
|
+
[curr, prev]
|
|
458
|
+
end
|
|
459
459
|
end
|
|
460
460
|
|
|
461
|
+
# determine the type of completion needed
|
|
461
462
|
def comp_type(comp_lines:, prev:)
|
|
462
463
|
sub_cmd = sub_command(comp_lines)
|
|
463
464
|
comp_idx = comp_lines.rindex(prev)
|
|
@@ -475,8 +476,10 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
475
476
|
[comp_type, sub_cmd]
|
|
476
477
|
end
|
|
477
478
|
|
|
479
|
+
# check params for named params or fall back to flags
|
|
478
480
|
def param_type(comp_idx, sub_cmd)
|
|
479
|
-
|
|
481
|
+
types = %i[opt req]
|
|
482
|
+
param_list = method(sub_cmd).parameters.select { |elem| types.include? elem[0] }
|
|
480
483
|
if comp_idx.zero?
|
|
481
484
|
:command
|
|
482
485
|
elsif comp_idx > param_list.length
|
|
@@ -486,6 +489,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
486
489
|
end
|
|
487
490
|
end
|
|
488
491
|
|
|
492
|
+
# catch the command from prefixes and aliases
|
|
489
493
|
def sub_command(comp_lines)
|
|
490
494
|
return '' if comp_lines.nil? || comp_lines.length < 2
|
|
491
495
|
|
|
@@ -498,6 +502,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
498
502
|
self.class.map[sub_cmd].to_s
|
|
499
503
|
end
|
|
500
504
|
|
|
505
|
+
# given a type return the right list for completions
|
|
501
506
|
def fetch_auto_resp(comp_type, sub_cmd)
|
|
502
507
|
case comp_type
|
|
503
508
|
when :command
|
|
@@ -517,11 +522,13 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
517
522
|
end
|
|
518
523
|
end
|
|
519
524
|
|
|
525
|
+
# list command names
|
|
520
526
|
def list_commands
|
|
521
527
|
commands = self.class.all_commands.keys.map { |elem| elem.tr('_', '-') }
|
|
522
528
|
commands.reject! { |elem| %w[autocomplete default].include?(elem) }
|
|
523
529
|
end
|
|
524
530
|
|
|
531
|
+
# list flags for a command
|
|
525
532
|
def list_arguments(command:)
|
|
526
533
|
options = self.class.all_commands[command].options.values
|
|
527
534
|
exit 1 if options.empty?
|
|
@@ -530,18 +537,32 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
530
537
|
options.map(&:switch_name)
|
|
531
538
|
end
|
|
532
539
|
|
|
540
|
+
# add warning about old keys
|
|
541
|
+
def age_check_and_get(account:, no_token:)
|
|
542
|
+
cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
|
|
543
|
+
|
|
544
|
+
maxage = Awskeyring.key_age
|
|
545
|
+
age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
|
|
546
|
+
warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
|
|
547
|
+
|
|
548
|
+
cred
|
|
549
|
+
end
|
|
550
|
+
|
|
551
|
+
# print exports from map
|
|
533
552
|
def put_env_string(cred)
|
|
534
553
|
env_var = Awskeyring::Awsapi.get_env_array(cred)
|
|
535
554
|
env_var.each { |var, value| puts "export #{var}=\"#{value}\"" }
|
|
536
555
|
Awskeyring::Awsapi::AWS_ENV_VARS.each { |key| puts "unset #{key}" unless env_var.key?(key) }
|
|
537
556
|
end
|
|
538
557
|
|
|
558
|
+
# select duration for sts token types
|
|
539
559
|
def default_duration(duration, role, code)
|
|
540
560
|
duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
|
|
541
561
|
duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
|
|
542
562
|
duration || Awskeyring::Awsapi::ONE_HOUR.to_s
|
|
543
563
|
end
|
|
544
564
|
|
|
565
|
+
# ask and validate input values.
|
|
545
566
|
def ask_check(existing:, message:, flags: nil, validator: nil, limited_to: nil) # rubocop:disable Metrics/MethodLength
|
|
546
567
|
retries ||= 3
|
|
547
568
|
begin
|
|
@@ -562,10 +583,12 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
562
583
|
value
|
|
563
584
|
end
|
|
564
585
|
|
|
586
|
+
# ask for somthinng if its missing.
|
|
565
587
|
def ask_missing(existing:, message:, secure: false, optional: false, limited_to: nil)
|
|
566
588
|
existing || ask(message: message, secure: secure, optional: optional, limited_to: limited_to).strip
|
|
567
589
|
end
|
|
568
590
|
|
|
591
|
+
# ask in different ways
|
|
569
592
|
def ask(message:, secure: false, optional: false, limited_to: nil)
|
|
570
593
|
if secure
|
|
571
594
|
Awskeyring::Input.read_secret("#{message.rjust(20)}: ")
|
|
@@ -578,6 +601,7 @@ class AwskeyringCommand < Thor # rubocop:disable Metrics/ClassLength
|
|
|
578
601
|
end
|
|
579
602
|
end
|
|
580
603
|
|
|
604
|
+
# undo Bundler env vars
|
|
581
605
|
def unbundle
|
|
582
606
|
to_delete = ENV.keys.select { |elem| elem.start_with?('BUNDLER_ORIG_') }
|
|
583
607
|
bundled_env = to_delete.map { |elem| elem[('BUNDLER_ORIG_'.length)..] }
|
data/man/awskeyring.5
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
|
3
3
|
.
|
|
4
|
-
.TH "AWSKEYRING" "5" "
|
|
4
|
+
.TH "AWSKEYRING" "5" "June 2021" "" ""
|
|
5
5
|
.
|
|
6
6
|
.SH "NAME"
|
|
7
7
|
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
|
|
@@ -189,10 +189,10 @@ rotate ACCOUNT:
|
|
|
189
189
|
Rotate access keys for an ACCOUNT
|
|
190
190
|
.
|
|
191
191
|
.TP
|
|
192
|
-
token ACCOUNT [ROLE] [
|
|
192
|
+
token ACCOUNT [ROLE] [CODE]:
|
|
193
193
|
.
|
|
194
194
|
.IP
|
|
195
|
-
Create an STS Token from a ROLE or an
|
|
195
|
+
Create an STS Token from a ROLE or an mfa CODE
|
|
196
196
|
.
|
|
197
197
|
.br
|
|
198
198
|
.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awskeyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tristan Morgan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-iam
|
|
@@ -93,8 +93,8 @@ licenses:
|
|
|
93
93
|
metadata:
|
|
94
94
|
bug_tracker_uri: https://github.com/servian/awskeyring/issues
|
|
95
95
|
changelog_uri: https://github.com/servian/awskeyring/blob/main/CHANGELOG.md
|
|
96
|
-
documentation_uri: https://rubydoc.info/gems/awskeyring/1.8.
|
|
97
|
-
source_code_uri: https://github.com/servian/awskeyring/tree/v1.8.
|
|
96
|
+
documentation_uri: https://rubydoc.info/gems/awskeyring/1.8.5
|
|
97
|
+
source_code_uri: https://github.com/servian/awskeyring/tree/v1.8.5
|
|
98
98
|
wiki_uri: https://github.com/servian/awskeyring/wiki
|
|
99
99
|
post_install_message:
|
|
100
100
|
rdoc_options: []
|