RubyGems - awssume - Versions diffs - 0.2.0 → 0.3.0 - Mend

awssume 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/README.md +15 -0
data/exe/awssume +1 -0
data/lib/awssume.rb +2 -1
data/lib/awssume/adapter/aws_client.rb +13 -4
data/lib/awssume/configuration.rb +24 -4
data/lib/awssume/version.rb +1 -1
metadata +13 -13

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 212f7aaedae4c35df3b09703d54b30afe1f45f10
-  data.tar.gz: ceb6f94683edac9b55b773fe0193dfd0639da81b
+  metadata.gz: 17c2f5df473de43d443a7dc2774415683c458cbc
+  data.tar.gz: f0becdfff548d13be22f5c520f3cfc0061e147b1
 SHA512:
-  metadata.gz: ac0a93d4f5dd18cab39b1d58fc3bee8c45470a7cfa6ec4d2a96c809c66e165157c9320e3fa491151934b543ee89cb6769dc68b4909c12b68604722e7277b72dc
-  data.tar.gz: d3b8f945ce685b992b77155cb94c996961a329761d4b9da3d67ecce34e04b5282de0dffd899db0f0e2ceb37c6721f74fab9cc56159871b27f7bac0d812816c96
+  metadata.gz: eebeef825ab3c35b834a9fb2c04aa94467802241c77a0bcb52cd2a6b26b0187f5275370b9f5007a3e3cb4e02b3ed3e3fac9fb1a44cc38148b6cab78c8db15a53
+  data.tar.gz: db803f864564ba657b708ac774f919bc03d5b7c86aee47b097375e482fc1f249f572592239047c749fa28a84692bbe037bb83e8498145350f9b149cde26b5fa6

data/.gitignore CHANGED Viewed

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/vendor/bundle/

data/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # Awssume
+[![Circle CI](https://circleci.com/gh/manheim/awssume.svg?style=svg)](https://circleci.com/gh/manheim/awssume)
 Assume a role, do a thing.
 This is a gem for assuming an AWS IAM role and using the returned temporary
@@ -62,6 +64,19 @@ functionality provided by the aws-sdk.
       awssume aws iam list-roles
 ```
+There are scenarios where you might want to [use an external id][aws_ext_id]
+in a condition on your assume role policy. For such cases, the gem will look
+for the ``AWS_ROLE_EXTERNAL_ID`` variable in your environment. If this variable
+is set the value will be sent allong in the STS Assume Role request.
+```
+  $ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
+    AWS_ROLE_EXTERNAL_ID=12345 \
+      awssume aws iam list-roles
+```
+[aws_ext_id]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run

data/exe/awssume CHANGED Viewed

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'awssume'
 Awssume.run

data/lib/awssume.rb CHANGED Viewed

@@ -10,7 +10,8 @@ module Awssume
     adapter = Awssume::Adapter::AwsClient.new(
       region:            config.region,
       role_arn:          config.role_arn,
-      role_session_name: config.role_session_name
+      role_session_name: config.role_session_name,
+      external_id:       config.external_id
     )
     aws_env = {
       'AWS_REGION'         => config.region,

data/lib/awssume/adapter/aws_client.rb CHANGED Viewed

@@ -11,10 +11,7 @@ module Awssume
       end
       def assume
-        sts_client.assume_role(
-          role_arn: config[:role_arn],
-          role_session_name: role_session_name
-        ).credentials.to_h
+        sts_client.assume_role(assume_role_params).credentials.to_h
       end
       def role_session_name
@@ -23,6 +20,18 @@ module Awssume
       private
+      def assume_role_params
+        p = {
+          role_arn: config[:role_arn],
+          role_session_name: role_session_name,
+          external_id: config[:external_id]
+        }
+        p.delete(:external_id) unless p[:external_id]
+        p
+      end
       def sts_client
         Aws::STS::Client.new(region: config[:region])
       end

data/lib/awssume/configuration.rb CHANGED Viewed

@@ -5,15 +5,29 @@ module Awssume
       "AwssumedSession#{Time.new.to_i}"
     end
+    # Defaults must have a value: a value passed in or a hardcoded default
+    # The utility will exit with an error if a value is missing for a default
     def self.defaults
       {
         region:            ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'],
         role_arn:          ENV['AWS_ROLE_ARN'],
-        role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name
+        role_session_name: ENV['AWS_ROLE_SESSION_NAME'] || default_session_name,
       }
     end
-    attr_accessor(*defaults.keys)
+    # Options are not required to have a value
+    # The utility will function without issue if an optional value is missing
+    def self.options
+      {
+        external_id: ENV['AWS_ROLE_EXTERNAL_ID']
+      }
+    end
+    def self.attrs
+      self.defaults.merge(self.options)
+    end
+    attr_accessor(*attrs.keys)
     def initialize(opts = {})
       attrs.each do |k, _|
@@ -24,9 +38,15 @@ module Awssume
     private
+    def is_optional(attr_key)
+      self.class.options.keys.include?(attr_key)
+    end
     def validate_attrs(attrs, attr_key)
       throwout_nils(attrs).fetch(attr_key) do
-        raise ArgumentError, missing_attr_error_msg(attr_key)
+        unless is_optional(attr_key)
+          raise ArgumentError, missing_attr_error_msg(attr_key)
+        end
       end
     end
@@ -43,7 +63,7 @@ module Awssume
     end
     def attrs
-      self.class.defaults
+      self.class.attrs
     end
   end
 end

data/lib/awssume/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Awssume
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,55 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: awssume
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - reppard
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-04-06 00:00:00.000000000 Z
+date: 2016-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: This is a gem for assuming an AWS IAM role and using the returned temporary
@@ -61,8 +61,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
+- .gitignore
+- .rspec
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -87,17 +87,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14.1
 signing_key:
 specification_version: 4
 summary: Assume a role, do a thing.