awssume 0.3.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/README.md +14 -2
- data/Rakefile +6 -1
- data/lib/awssume.rb +2 -1
- data/lib/awssume/adapter/aws_client.rb +4 -1
- data/lib/awssume/configuration.rb +2 -1
- data/lib/awssume/version.rb +1 -1
- metadata +13 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f5b2f4724c8cf4695843ee6682235531f3baf7ec
|
4
|
+
data.tar.gz: 97de699e604d22c9d6ce0f517e2d1f312f9e7727
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f8082eede35e521f86bb281d709169ae91cbf365dd92c0b48db4288774b522f1c37d4a09d2d79968476fce50b88fbec8588175ccc94773e558657f4dadae4abb
|
7
|
+
data.tar.gz: b67343095b3e9f89246a142d79087fda0b29b086570e1aad8af335792e6dd9e93bfd769d7f313738fcb1c0ecaa713ae824f4b3943cc1695772ad16f9acb933fc
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -48,7 +48,7 @@ You can configure env vars to authenticate with AWS:
|
|
48
48
|
```
|
49
49
|
|
50
50
|
If AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY aren't set then other
|
51
|
-
authentication options are checked(such as instance profiles). This is
|
51
|
+
authentication options are checked (such as instance profiles). This is
|
52
52
|
functionality provided by the aws-sdk.
|
53
53
|
|
54
54
|
```
|
@@ -67,7 +67,7 @@ functionality provided by the aws-sdk.
|
|
67
67
|
There are scenarios where you might want to [use an external id][aws_ext_id]
|
68
68
|
in a condition on your assume role policy. For such cases, the gem will look
|
69
69
|
for the ``AWS_ROLE_EXTERNAL_ID`` variable in your environment. If this variable
|
70
|
-
is set the value will be sent
|
70
|
+
is set the value will be sent along in the STS Assume Role request.
|
71
71
|
|
72
72
|
```
|
73
73
|
$ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
|
@@ -77,6 +77,18 @@ is set the value will be sent allong in the STS Assume Role request.
|
|
77
77
|
|
78
78
|
[aws_ext_id]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
79
79
|
|
80
|
+
It's also possible to request credentials that
|
81
|
+
[last longer than the default of one hour](https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role-sessions/)
|
82
|
+
if the role you're assuming is configured to support them (``MaxSessionDuration``
|
83
|
+
greater than 3600 seconds). Here's an example of assuming 12-hour (43200 second; the maximum)
|
84
|
+
credentials for a _really_ long-running command:
|
85
|
+
|
86
|
+
```
|
87
|
+
$ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
|
88
|
+
AWS_ROLE_DURATION_SECONDS=43200 \
|
89
|
+
awssume really-long-running-command
|
90
|
+
```
|
91
|
+
|
80
92
|
## Development
|
81
93
|
|
82
94
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
data/Rakefile
CHANGED
data/lib/awssume.rb
CHANGED
@@ -11,7 +11,8 @@ module Awssume
|
|
11
11
|
region: config.region,
|
12
12
|
role_arn: config.role_arn,
|
13
13
|
role_session_name: config.role_session_name,
|
14
|
-
external_id: config.external_id
|
14
|
+
external_id: config.external_id,
|
15
|
+
duration_seconds: config.duration_seconds,
|
15
16
|
)
|
16
17
|
aws_env = {
|
17
18
|
'AWS_REGION' => config.region,
|
@@ -24,10 +24,13 @@ module Awssume
|
|
24
24
|
p = {
|
25
25
|
role_arn: config[:role_arn],
|
26
26
|
role_session_name: role_session_name,
|
27
|
-
external_id: config[:external_id]
|
27
|
+
external_id: config[:external_id],
|
28
|
+
duration_seconds: config[:duration_seconds],
|
28
29
|
}
|
29
30
|
|
30
31
|
p.delete(:external_id) unless p[:external_id]
|
32
|
+
p.delete(:duration_seconds) \
|
33
|
+
if p[:duration_seconds].nil? || p[:duration_seconds] == 0
|
31
34
|
|
32
35
|
p
|
33
36
|
end
|
@@ -19,7 +19,8 @@ module Awssume
|
|
19
19
|
# The utility will function without issue if an optional value is missing
|
20
20
|
def self.options
|
21
21
|
{
|
22
|
-
external_id:
|
22
|
+
external_id: ENV['AWS_ROLE_EXTERNAL_ID'],
|
23
|
+
duration_seconds: ENV['AWS_ROLE_DURATION_SECONDS'].to_i
|
23
24
|
}
|
24
25
|
end
|
25
26
|
|
data/lib/awssume/version.rb
CHANGED
metadata
CHANGED
@@ -1,55 +1,55 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awssume
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- reppard
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-08-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '10.0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '10.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aws-sdk
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
description: This is a gem for assuming an AWS IAM role and using the returned temporary
|
@@ -61,8 +61,8 @@ executables:
|
|
61
61
|
extensions: []
|
62
62
|
extra_rdoc_files: []
|
63
63
|
files:
|
64
|
-
- .gitignore
|
65
|
-
- .rspec
|
64
|
+
- ".gitignore"
|
65
|
+
- ".rspec"
|
66
66
|
- Gemfile
|
67
67
|
- LICENSE.txt
|
68
68
|
- README.md
|
@@ -87,17 +87,17 @@ require_paths:
|
|
87
87
|
- lib
|
88
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
89
89
|
requirements:
|
90
|
-
- -
|
90
|
+
- - ">="
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: '0'
|
93
93
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
|
-
- -
|
95
|
+
- - ">="
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: '0'
|
98
98
|
requirements: []
|
99
99
|
rubyforge_project:
|
100
|
-
rubygems_version: 2.
|
100
|
+
rubygems_version: 2.4.8
|
101
101
|
signing_key:
|
102
102
|
specification_version: 4
|
103
103
|
summary: Assume a role, do a thing.
|