awssume 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 212f7aaedae4c35df3b09703d54b30afe1f45f10
-  data.tar.gz: ceb6f94683edac9b55b773fe0193dfd0639da81b
+  metadata.gz: 17c2f5df473de43d443a7dc2774415683c458cbc
+  data.tar.gz: f0becdfff548d13be22f5c520f3cfc0061e147b1
 SHA512:
-  metadata.gz: ac0a93d4f5dd18cab39b1d58fc3bee8c45470a7cfa6ec4d2a96c809c66e165157c9320e3fa491151934b543ee89cb6769dc68b4909c12b68604722e7277b72dc
-  data.tar.gz: d3b8f945ce685b992b77155cb94c996961a329761d4b9da3d67ecce34e04b5282de0dffd899db0f0e2ceb37c6721f74fab9cc56159871b27f7bac0d812816c96
+  metadata.gz: eebeef825ab3c35b834a9fb2c04aa94467802241c77a0bcb52cd2a6b26b0187f5275370b9f5007a3e3cb4e02b3ed3e3fac9fb1a44cc38148b6cab78c8db15a53
+  data.tar.gz: db803f864564ba657b708ac774f919bc03d5b7c86aee47b097375e482fc1f249f572592239047c749fa28a84692bbe037bb83e8498145350f9b149cde26b5fa6

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/vendor/bundle/

data/README.md

@@ -1,5 +1,7 @@
 # Awssume
 
+[![Circle CI](https://circleci.com/gh/manheim/awssume.svg?style=svg)](https://circleci.com/gh/manheim/awssume)
+
 Assume a role, do a thing.
 
 This is a gem for assuming an AWS IAM role and using the returned temporary
@@ -62,6 +64,19 @@ functionality provided by the aws-sdk.
       awssume aws iam list-roles
 ```
 
+There are scenarios where you might want to [use an external id][aws_ext_id]
+in a condition on your assume role policy. For such cases, the gem will look
+for the ``AWS_ROLE_EXTERNAL_ID`` variable in your environment. If this variable
+is set the value will be sent allong in the STS Assume Role request.
+
+```
+  $ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
+    AWS_ROLE_EXTERNAL_ID=12345 \
+      awssume aws iam list-roles
+```
+
+[aws_ext_id]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run

data/exe/awssume

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
 
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'awssume'
 Awssume.run

data/lib/awssume.rb

@@ -10,7 +10,8 @@ module Awssume
     adapter = Awssume::Adapter::AwsClient.new(
       region:            config.region,
       role_arn:          config.role_arn,
-      role_session_name: config.role_session_name
+      role_session_name: config.role_session_name,
+      external_id:       config.external_id
     )
     aws_env = {
       'AWS_REGION'         => config.region,

data/lib/awssume/adapter/aws_client.rb

@@ -11,10 +11,7 @@ module Awssume
       end
 
       def assume
-        sts_client.assume_role(
-          role_arn: config[:role_arn],
-          role_session_name: role_session_name
-        ).credentials.to_h
+        sts_client.assume_role(assume_role_params).credentials.to_h
       end
 
       def role_session_name
@@ -23,6 +20,18 @@ module Awssume
 
       private
 
+      def assume_role_params
+        p = {
+          role_arn: config[:role_arn],
+          role_session_name: role_session_name,
+          external_id: config[:external_id]
+        }
+
+        p.delete(:external_id) unless p[:external_id]
+
+        p
+      end
+
       def sts_client
         Aws::STS::Client.new(region: config[:region])
       end

data/lib/awssume/configuration.rb

@@ -5,15 +5,29 @@ module Awssume
       "AwssumedSession#{Time.new.to_i}"
     end
 
+    # Defaults must have a value: a value passed in or a hardcoded default
+    # The utility will exit with an error if a value is missing for a default
     def self.defaults
       {
         region:            ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'],
         role_arn:          ENV['AWS_ROLE_ARN'],
-        role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name
+        role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name,
       }
     end
 
-    attr_accessor(*defaults.keys)
+    # Options are not required to have a value
+    # The utility will function without issue if an optional value is missing
+    def self.options
+      {
+        external_id: ENV['AWS_ROLE_EXTERNAL_ID']
+      }
+    end
+
+    def self.attrs
+      self.defaults.merge(self.options)
+    end
+
+    attr_accessor(*attrs.keys)
 
     def initialize(opts = {})
       attrs.each do |k, _|
@@ -24,9 +38,15 @@ module Awssume
 
     private
 
+    def is_optional(attr_key)
+      self.class.options.keys.include?(attr_key)
+    end
+
     def validate_attrs(attrs, attr_key)
       throwout_nils(attrs).fetch(attr_key) do
-        raise ArgumentError, missing_attr_error_msg(attr_key)
+        unless is_optional(attr_key)
+          raise ArgumentError, missing_attr_error_msg(attr_key)
+        end
       end
     end
 
@@ -43,7 +63,7 @@ module Awssume
     end
 
     def attrs
-      self.class.defaults
+      self.class.attrs
     end
   end
 end

data/lib/awssume/version.rb

@@ -1,3 +1,3 @@
 module Awssume
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,55 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: awssume
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - reppard
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-04-06 00:00:00.000000000 Z
+date: 2016-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: This is a gem for assuming an AWS IAM role and using the returned temporary
@@ -61,8 +61,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
+- .gitignore
+- .rspec
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -87,17 +87,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14.1
 signing_key: 
 specification_version: 4
 summary: Assume a role, do a thing.