awssume 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/README.md +14 -2
- data/Rakefile +6 -1
- data/lib/awssume.rb +2 -1
- data/lib/awssume/adapter/aws_client.rb +4 -1
- data/lib/awssume/configuration.rb +2 -1
- data/lib/awssume/version.rb +1 -1
- metadata +13 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f5b2f4724c8cf4695843ee6682235531f3baf7ec
|
|
4
|
+
data.tar.gz: 97de699e604d22c9d6ce0f517e2d1f312f9e7727
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f8082eede35e521f86bb281d709169ae91cbf365dd92c0b48db4288774b522f1c37d4a09d2d79968476fce50b88fbec8588175ccc94773e558657f4dadae4abb
|
|
7
|
+
data.tar.gz: b67343095b3e9f89246a142d79087fda0b29b086570e1aad8af335792e6dd9e93bfd769d7f313738fcb1c0ecaa713ae824f4b3943cc1695772ad16f9acb933fc
|
data/.gitignore
CHANGED
data/README.md
CHANGED
|
@@ -48,7 +48,7 @@ You can configure env vars to authenticate with AWS:
|
|
|
48
48
|
```
|
|
49
49
|
|
|
50
50
|
If AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY aren't set then other
|
|
51
|
-
authentication options are checked(such as instance profiles). This is
|
|
51
|
+
authentication options are checked (such as instance profiles). This is
|
|
52
52
|
functionality provided by the aws-sdk.
|
|
53
53
|
|
|
54
54
|
```
|
|
@@ -67,7 +67,7 @@ functionality provided by the aws-sdk.
|
|
|
67
67
|
There are scenarios where you might want to [use an external id][aws_ext_id]
|
|
68
68
|
in a condition on your assume role policy. For such cases, the gem will look
|
|
69
69
|
for the ``AWS_ROLE_EXTERNAL_ID`` variable in your environment. If this variable
|
|
70
|
-
is set the value will be sent
|
|
70
|
+
is set the value will be sent along in the STS Assume Role request.
|
|
71
71
|
|
|
72
72
|
```
|
|
73
73
|
$ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
|
|
@@ -77,6 +77,18 @@ is set the value will be sent allong in the STS Assume Role request.
|
|
|
77
77
|
|
|
78
78
|
[aws_ext_id]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
|
79
79
|
|
|
80
|
+
It's also possible to request credentials that
|
|
81
|
+
[last longer than the default of one hour](https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role-sessions/)
|
|
82
|
+
if the role you're assuming is configured to support them (``MaxSessionDuration``
|
|
83
|
+
greater than 3600 seconds). Here's an example of assuming 12-hour (43200 second; the maximum)
|
|
84
|
+
credentials for a _really_ long-running command:
|
|
85
|
+
|
|
86
|
+
```
|
|
87
|
+
$ AWS_ROLE_ARN=arn::aws::iam::123456789012:role/RoletoAssume \
|
|
88
|
+
AWS_ROLE_DURATION_SECONDS=43200 \
|
|
89
|
+
awssume really-long-running-command
|
|
90
|
+
```
|
|
91
|
+
|
|
80
92
|
## Development
|
|
81
93
|
|
|
82
94
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
data/Rakefile
CHANGED
data/lib/awssume.rb
CHANGED
|
@@ -11,7 +11,8 @@ module Awssume
|
|
|
11
11
|
region: config.region,
|
|
12
12
|
role_arn: config.role_arn,
|
|
13
13
|
role_session_name: config.role_session_name,
|
|
14
|
-
external_id: config.external_id
|
|
14
|
+
external_id: config.external_id,
|
|
15
|
+
duration_seconds: config.duration_seconds,
|
|
15
16
|
)
|
|
16
17
|
aws_env = {
|
|
17
18
|
'AWS_REGION' => config.region,
|
|
@@ -24,10 +24,13 @@ module Awssume
|
|
|
24
24
|
p = {
|
|
25
25
|
role_arn: config[:role_arn],
|
|
26
26
|
role_session_name: role_session_name,
|
|
27
|
-
external_id: config[:external_id]
|
|
27
|
+
external_id: config[:external_id],
|
|
28
|
+
duration_seconds: config[:duration_seconds],
|
|
28
29
|
}
|
|
29
30
|
|
|
30
31
|
p.delete(:external_id) unless p[:external_id]
|
|
32
|
+
p.delete(:duration_seconds) \
|
|
33
|
+
if p[:duration_seconds].nil? || p[:duration_seconds] == 0
|
|
31
34
|
|
|
32
35
|
p
|
|
33
36
|
end
|
|
@@ -19,7 +19,8 @@ module Awssume
|
|
|
19
19
|
# The utility will function without issue if an optional value is missing
|
|
20
20
|
def self.options
|
|
21
21
|
{
|
|
22
|
-
external_id:
|
|
22
|
+
external_id: ENV['AWS_ROLE_EXTERNAL_ID'],
|
|
23
|
+
duration_seconds: ENV['AWS_ROLE_DURATION_SECONDS'].to_i
|
|
23
24
|
}
|
|
24
25
|
end
|
|
25
26
|
|
data/lib/awssume/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,55 +1,55 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: awssume
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- reppard
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-08-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '10.0'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '10.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rspec
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: aws-sdk
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- -
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '0'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- -
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
description: This is a gem for assuming an AWS IAM role and using the returned temporary
|
|
@@ -61,8 +61,8 @@ executables:
|
|
|
61
61
|
extensions: []
|
|
62
62
|
extra_rdoc_files: []
|
|
63
63
|
files:
|
|
64
|
-
- .gitignore
|
|
65
|
-
- .rspec
|
|
64
|
+
- ".gitignore"
|
|
65
|
+
- ".rspec"
|
|
66
66
|
- Gemfile
|
|
67
67
|
- LICENSE.txt
|
|
68
68
|
- README.md
|
|
@@ -87,17 +87,17 @@ require_paths:
|
|
|
87
87
|
- lib
|
|
88
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
89
89
|
requirements:
|
|
90
|
-
- -
|
|
90
|
+
- - ">="
|
|
91
91
|
- !ruby/object:Gem::Version
|
|
92
92
|
version: '0'
|
|
93
93
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
94
94
|
requirements:
|
|
95
|
-
- -
|
|
95
|
+
- - ">="
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
97
|
version: '0'
|
|
98
98
|
requirements: []
|
|
99
99
|
rubyforge_project:
|
|
100
|
-
rubygems_version: 2.
|
|
100
|
+
rubygems_version: 2.4.8
|
|
101
101
|
signing_key:
|
|
102
102
|
specification_version: 4
|
|
103
103
|
summary: Assume a role, do a thing.
|