awssume 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/README.md +15 -0
- data/exe/awssume +1 -0
- data/lib/awssume.rb +2 -1
- data/lib/awssume/adapter/aws_client.rb +13 -4
- data/lib/awssume/configuration.rb +24 -4
- data/lib/awssume/version.rb +1 -1
- metadata +13 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17c2f5df473de43d443a7dc2774415683c458cbc
|
4
|
+
data.tar.gz: f0becdfff548d13be22f5c520f3cfc0061e147b1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eebeef825ab3c35b834a9fb2c04aa94467802241c77a0bcb52cd2a6b26b0187f5275370b9f5007a3e3cb4e02b3ed3e3fac9fb1a44cc38148b6cab78c8db15a53
|
7
|
+
data.tar.gz: db803f864564ba657b708ac774f919bc03d5b7c86aee47b097375e482fc1f249f572592239047c749fa28a84692bbe037bb83e8498145350f9b149cde26b5fa6
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# Awssume
|
2
2
|
|
3
|
+
[![Circle CI](https://circleci.com/gh/manheim/awssume.svg?style=svg)](https://circleci.com/gh/manheim/awssume)
|
4
|
+
|
3
5
|
Assume a role, do a thing.
|
4
6
|
|
5
7
|
This is a gem for assuming an AWS IAM role and using the returned temporary
|
@@ -62,6 +64,19 @@ functionality provided by the aws-sdk.
|
|
62
64
|
awssume aws iam list-roles
|
63
65
|
```
|
64
66
|
|
67
|
+
There are scenarios where you might want to [use an external id][aws_ext_id]
|
68
|
+
in a condition on your assume role policy. For such cases, the gem will look
|
69
|
+
for the ``AWS_ROLE_EXTERNAL_ID`` variable in your environment. If this variable
|
70
|
+
is set the value will be sent allong in the STS Assume Role request.
|
71
|
+
|
72
|
+
```
|
73
|
+
$ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
|
74
|
+
AWS_ROLE_EXTERNAL_ID=12345 \
|
75
|
+
awssume aws iam list-roles
|
76
|
+
```
|
77
|
+
|
78
|
+
[aws_ext_id]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
79
|
+
|
65
80
|
## Development
|
66
81
|
|
67
82
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
data/exe/awssume
CHANGED
data/lib/awssume.rb
CHANGED
@@ -10,7 +10,8 @@ module Awssume
|
|
10
10
|
adapter = Awssume::Adapter::AwsClient.new(
|
11
11
|
region: config.region,
|
12
12
|
role_arn: config.role_arn,
|
13
|
-
role_session_name: config.role_session_name
|
13
|
+
role_session_name: config.role_session_name,
|
14
|
+
external_id: config.external_id
|
14
15
|
)
|
15
16
|
aws_env = {
|
16
17
|
'AWS_REGION' => config.region,
|
@@ -11,10 +11,7 @@ module Awssume
|
|
11
11
|
end
|
12
12
|
|
13
13
|
def assume
|
14
|
-
sts_client.assume_role(
|
15
|
-
role_arn: config[:role_arn],
|
16
|
-
role_session_name: role_session_name
|
17
|
-
).credentials.to_h
|
14
|
+
sts_client.assume_role(assume_role_params).credentials.to_h
|
18
15
|
end
|
19
16
|
|
20
17
|
def role_session_name
|
@@ -23,6 +20,18 @@ module Awssume
|
|
23
20
|
|
24
21
|
private
|
25
22
|
|
23
|
+
def assume_role_params
|
24
|
+
p = {
|
25
|
+
role_arn: config[:role_arn],
|
26
|
+
role_session_name: role_session_name,
|
27
|
+
external_id: config[:external_id]
|
28
|
+
}
|
29
|
+
|
30
|
+
p.delete(:external_id) unless p[:external_id]
|
31
|
+
|
32
|
+
p
|
33
|
+
end
|
34
|
+
|
26
35
|
def sts_client
|
27
36
|
Aws::STS::Client.new(region: config[:region])
|
28
37
|
end
|
@@ -5,15 +5,29 @@ module Awssume
|
|
5
5
|
"AwssumedSession#{Time.new.to_i}"
|
6
6
|
end
|
7
7
|
|
8
|
+
# Defaults must have a value: a value passed in or a hardcoded default
|
9
|
+
# The utility will exit with an error if a value is missing for a default
|
8
10
|
def self.defaults
|
9
11
|
{
|
10
12
|
region: ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'],
|
11
13
|
role_arn: ENV['AWS_ROLE_ARN'],
|
12
|
-
role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name
|
14
|
+
role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name,
|
13
15
|
}
|
14
16
|
end
|
15
17
|
|
16
|
-
|
18
|
+
# Options are not required to have a value
|
19
|
+
# The utility will function without issue if an optional value is missing
|
20
|
+
def self.options
|
21
|
+
{
|
22
|
+
external_id: ENV['AWS_ROLE_EXTERNAL_ID']
|
23
|
+
}
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.attrs
|
27
|
+
self.defaults.merge(self.options)
|
28
|
+
end
|
29
|
+
|
30
|
+
attr_accessor(*attrs.keys)
|
17
31
|
|
18
32
|
def initialize(opts = {})
|
19
33
|
attrs.each do |k, _|
|
@@ -24,9 +38,15 @@ module Awssume
|
|
24
38
|
|
25
39
|
private
|
26
40
|
|
41
|
+
def is_optional(attr_key)
|
42
|
+
self.class.options.keys.include?(attr_key)
|
43
|
+
end
|
44
|
+
|
27
45
|
def validate_attrs(attrs, attr_key)
|
28
46
|
throwout_nils(attrs).fetch(attr_key) do
|
29
|
-
|
47
|
+
unless is_optional(attr_key)
|
48
|
+
raise ArgumentError, missing_attr_error_msg(attr_key)
|
49
|
+
end
|
30
50
|
end
|
31
51
|
end
|
32
52
|
|
@@ -43,7 +63,7 @@ module Awssume
|
|
43
63
|
end
|
44
64
|
|
45
65
|
def attrs
|
46
|
-
self.class.
|
66
|
+
self.class.attrs
|
47
67
|
end
|
48
68
|
end
|
49
69
|
end
|
data/lib/awssume/version.rb
CHANGED
metadata
CHANGED
@@ -1,55 +1,55 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: awssume
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- reppard
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-10-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ~>
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '10.0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ~>
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '10.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - '>='
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - '>='
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aws-sdk
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - '>='
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - '>='
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
description: This is a gem for assuming an AWS IAM role and using the returned temporary
|
@@ -61,8 +61,8 @@ executables:
|
|
61
61
|
extensions: []
|
62
62
|
extra_rdoc_files: []
|
63
63
|
files:
|
64
|
-
-
|
65
|
-
-
|
64
|
+
- .gitignore
|
65
|
+
- .rspec
|
66
66
|
- Gemfile
|
67
67
|
- LICENSE.txt
|
68
68
|
- README.md
|
@@ -87,17 +87,17 @@ require_paths:
|
|
87
87
|
- lib
|
88
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
89
89
|
requirements:
|
90
|
-
- -
|
90
|
+
- - '>='
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: '0'
|
93
93
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
|
-
- -
|
95
|
+
- - '>='
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: '0'
|
98
98
|
requirements: []
|
99
99
|
rubyforge_project:
|
100
|
-
rubygems_version: 2.
|
100
|
+
rubygems_version: 2.0.14.1
|
101
101
|
signing_key:
|
102
102
|
specification_version: 4
|
103
103
|
summary: Assume a role, do a thing.
|