firespring_dev_commands 1.4.2.pre.alpha.2 → 1.5.0.pre.alpha.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f98e476af7eb463c6aec3f428f52127dc0e02a438ef25ca5c5c0888c11f1701
-  data.tar.gz: a81b1d7a9cd65d60883c86ab4a1a19b248e6029cb56c0d67e4d3bedd8f96c3c9
+  metadata.gz: ea3652c102b7a6ec3395c7b524db518655b574a6050d8f740f2c20daedf63aed
+  data.tar.gz: 162e4aa151f14b901b7fcfea1c2b8e3cb1b20ab3de2d9102d00a35b0754e5773
 SHA512:
-  metadata.gz: 7a44b94c2a92e8a4c6438f654dced3b76cea73238b12b24380a4af8ac12348520e9c26a1fa587de30bb6df97fc1663bb3715ea05aa94032bc81d621ae37a307f
-  data.tar.gz: ae5c4d7f48bc4c31322e0c9e8770710bf037237973b62423e5470da74e4301a0fe56204abe89110e3e2d4d736a80af53988bbec3db9f32f17b03f403b2d5e6b8
+  metadata.gz: 724282fb3154de07595863a899f29b1ffeea0e5fda1d3d2aa5fb31fd3e17f57bfbc0e9baaf534c4a0e259b8b95b051ba05b6d7072d1cdd4bc544799f665e519a
+  data.tar.gz: b60bf002f396a052f0814838940dcb441d95c263a4001bdbdcd18878d0d1a8ee0b7f1a8b5b4026ce43664a92666ab93b23a27e0d9d765669f827171c377d4d3d

data/README.md

@@ -11,7 +11,7 @@ gem 'firespring_dev_commands', '~> 0.0.1'
   * This is not common
   * It is mostly used for testing local changes before the gem is released
 ```
-gem 'firespring_dev_commands', path: '/path/to/firespring/dev-commands-ruby'
+gem 'firespring_dev_commands', path: '/path/to/dev_commands'
 ```
 
 * Add the following to your Rakefile

data/lib/firespring_dev_commands/aws/account.rb

@@ -3,13 +3,13 @@ module Dev
     # Class containing useful methods for interacting with the Aws account
     class Account
       # Config object for setting top level Aws account config options
-      Config = Struct.new(:root, :children, :default, :registry)
+      Config = Struct.new(:root, :children, :default, :registry, :default_login_role_name)
 
       # Instantiates a new top level config object if one hasn't already been created
       # Yields that config object to any given block
       # Returns the resulting config object
       def self.config
-        @config ||= Config.new
+        @config ||= Config.new(default_login_role_name: Dev::Aws::DEFAULT_LOGIN_ROLE_NAME)
         yield(@config) if block_given?
         @config
       end
@@ -55,7 +55,7 @@ module Dev
 
       # Look up the account name for the given account id
       def name_by_account(account)
-        all.find { |it| it.id == account }&.name
+        all.find { |it| it.id == account }.name
       end
 
       # Setup base Aws settings
@@ -73,8 +73,13 @@ module Dev
         region_default = defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
         defaultini['region'] = Dev::Common.new.ask('Default region name', region_default)
 
-        mfa_default = defaultini['mfa_serial'] || ENV['AWS_MFA_ARN'] || "arn:aws:iam::#{root}:mfa/#{ENV.fetch('USERNAME', nil)}"
-        defaultini['mfa_serial'] = Dev::Common.new.ask('Default mfa arn', mfa_default)
+        # NOTE: We had an old config for "mfa_serial" which included the entire arn. We deprecated that config since
+        #       it made it much more difficult to switch between different root accounts.
+        mfa_name_default = defaultini['mfa_serial']&.split(%r{mfa/})&.last || ENV['AWS_MFA_ARN']&.split(%r{mfa/})&.last || ENV.fetch('USERNAME', nil)
+        defaultini['mfa_serial_name'] = Dev::Common.new.ask('Default mfa name', mfa_name_default)
+        # TODO: Eventually, we should delete the mfa_serial entry from the config. Leaving it for now because some projects
+        #       may be using older versions of the dev_commands library
+        # defaultini.delete('mfa_serial')
 
         session_name_default = defaultini['role_session_name'] || "#{ENV.fetch('USERNAME', nil)}_cli"
         defaultini['role_session_name'] = Dev::Common.new.ask('Default session name', session_name_default)
@@ -111,8 +116,13 @@ module Dev
         region_default = profileini['region'] || defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
         profileini['region'] = Dev::Common.new.ask('Default region name', region_default)
 
-        role_default = profileini['role_arn'] || "arn:aws:iam::#{account}:role/ReadonlyAccessRole"
-        profileini['role_arn'] = Dev::Common.new.ask('Default role arn', role_default)
+        # NOTE: We had an old config for "role_arn" which included the entire arn. We deprecated that config since
+        #       it made it much more difficult to switch between different accounts.
+        role_name_default = profileini['role_name'] || profileini['role_arn']&.split(%r{role/})&.last || self.class.config.default_login_role_name
+        profileini['role_name'] = Dev::Common.new.ask('Default role name', role_name_default)
+        # TODO: Eventually, we should delete the role_arn entry from the config. Leaving it for now because some projects
+        #       may be using older versions of the dev_commands library
+        # profileini.delete('role_arn')
 
         cfgini.write
       end

data/lib/firespring_dev_commands/aws/credentials.rb

@@ -16,16 +16,6 @@ module Dev
         ::Aws::STS::Client.new.get_caller_identity.account
       end
 
-      # The arn of the currently logged in identity
-      def logged_in_arn
-        ::Aws::STS::Client.new.get_caller_identity.arn
-      end
-
-      # The role the current identity is using
-      def logged_in_role
-        logged_in_arn.split(%r{/})[1]
-      end
-
       # The region associated with the current login
       def logged_in_region
         ::Aws::STS::Client.new.send(:config).region
@@ -75,6 +65,8 @@ module Dev
         credini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/credentials", default: 'default')
         defaultini = credini['default']
 
+        # TODO: Should we allow for multiple sets of base credentials? How do I use this for both FDP and SBF?
+
         access_key_default = defaultini['aws_access_key_id']
         defaultini['aws_access_key_id'] = Dev::Common.new.ask('AWS Access Key ID', access_key_default)
 

data/lib/firespring_dev_commands/aws/login.rb

@@ -31,28 +31,32 @@ module Dev
       # Temporary credentials are written back to the credentials file
       def authorize!(account)
         # Make sure the account has been set up
-        cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
-        unless cfgini.has_section?("profile #{account}")
-          Dev::Aws::Account.new.write!(account)
-          cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
-        end
+        cfgini = setup_cfgini
 
         defaultini = cfgini['default']
         profileini = cfgini["profile #{account}"]
 
-        serial = profileini['mfa_serial'] || defaultini['mfa_serial']
-        role = profileini['role_arn'] || defaultini['role_arn']
+        region = profileini['region'] || defaultini['region'] || Dev::Aws::DEFAULT_REGION
+
+        serial = profileini['mfa_serial_name'] || defaultini['mfa_serial_name']
+        serial = "arn:aws:iam::#{Dev::Aws::Account.new.roo.id}:mfa/#{serial}" if serial
+        serial ||= profileini['mfa_serial'] || defaultini['mfa_serial']
+
+        role = profileini['role_name'] || defaultini['role_name']
+        role = "arn:aws:iam::#{account}:role/#{role}" if role
+        role ||= profileini['role_arn'] || defaultini['role_arn']
+
         session_name = profileini['role_session_name'] || defaultini['role_session_name']
         session_duration = profileini['session_duration'] || defaultini['session_duration']
 
         puts
-        puts "  Logging in to #{account} as #{role}".light_yellow
+        puts "  Logging in to #{account} in #{region} as #{role}".light_yellow
         puts
 
         code = ENV['AWS_TOKEN_CODE'] || Dev::Common.new.ask("Enter the MFA code for the #{ENV.fetch('USERNAME', '')} user serial #{serial}")
         raise 'MFA is required' unless code.to_s.strip
 
-        sts = ::Aws::STS::Client.new(profile: 'default')
+        sts = ::Aws::STS::Client.new(profile: 'default', region: region)
         creds = sts.assume_role(
           serial_number: serial,
           role_arn: role,
@@ -65,9 +69,21 @@ module Dev
         Dev::Aws::Credentials.new.write!(account, creds)
       end
 
+      # Returns the config ini file
+      # Runs the setup for our current account if it's not already setup
+      def setup_cfgini
+        cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        unless cfgini.has_section?("profile #{account}")
+          Dev::Aws::Account.new.write!(account)
+          cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        end
+        cfgini
+      end
+
       # Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image)
       # Authroizes the docker ruby library to pull/push images from the Aws container registry
-      def registry_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+      def registry_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         raise 'registry_id is required' if registry_id.to_s.strip.empty?
         raise 'region is required' if region.to_s.strip.empty?
 
@@ -82,7 +98,8 @@ module Dev
       # Authroizes the docker cli to pull/push images from the Aws container registry
       # (e.g. if docker compose needs to pull an image)
       # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
-      def docker_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+      def docker_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         warn '[DEPRECATION] `Dev::Aws::Login#docker_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
         docker_cli_login!(registry: "#{registry_id}.dkr.ecr.#{region}.amazonaws.com", region: region)
       end
@@ -100,7 +117,8 @@ module Dev
 
       # Authroizes the docker ruby library to pull/push images from the Aws container registry
       # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
-      def ecr_login!(registry_id: Dev::Aws::Account.new.registry, region: Dev::Aws::DEFAULT_REGION)
+      def ecr_login!(registry_id: Dev::Aws::Account.new.registry, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         warn '[DEPRECATION] `Dev::Aws::Login#ecr_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
         docker_lib_login!(registry_id: registry_id, region: region)
       end

data/lib/firespring_dev_commands/aws/profile.rb

@@ -33,10 +33,8 @@ module Dev
       # Print the profile info for the current account
       def info
         Dev::Aws::Credentials.new.export!
-        current_role = Dev::Aws::Credentials.new.logged_in_role
-        current_account_name = Dev::Aws::Account.new.name_by_account(current)
         puts
-        puts "  Currently logged in as #{current_role} to the #{current_account_name} (#{current}) account".light_yellow
+        puts "  Currently logged in to the #{Dev::Aws::Account.new.name_by_account(current)} (#{current})".light_yellow
         puts
         puts '  To use this profile in your local aws cli, you must either pass the profile as a command line argument ' \
              'or export the corresponding aws variable:'.light_white

data/lib/firespring_dev_commands/aws.rb

@@ -4,7 +4,10 @@ module Dev
     # The config dir for the user's AWS settings
     CONFIG_DIR = "#{Dir.home}/.aws".freeze
 
-    # The default region used if none have been configured in the AWS settings
+    # The default region used if none has been configured in the AWS settings
     DEFAULT_REGION = 'us-east-1'.freeze
+
+    # The default role name used if none has been configured when logging in
+    DEFAULT_LOGIN_ROLE_NAME = 'ReadonlyAccessRole'.freeze
   end
 end

data/lib/firespring_dev_commands/version.rb

@@ -6,6 +6,6 @@ module Dev
     # Use 'v.v.v.pre.alpha.v' for pre-release vesions
     # Use 'v.v.v.beta.v for beta versions
     # Use semantic versioning for any releases (https://semver.org/)
-    VERSION = '1.4.2.pre.alpha.2'.freeze
+    VERSION = '1.5.0.pre.alpha.1'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firespring_dev_commands
 version: !ruby/object:Gem::Version
-  version: 1.4.2.pre.alpha.2
+  version: 1.5.0.pre.alpha.1
 platform: ruby
 authors:
 - Firespring
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-04 00:00:00.000000000 Z
+date: 2023-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport