firespring_dev_commands 1.4.3 → 1.5.0.pre.alpha.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c6ea353daa4f8fc8157720f6023afdfc136444f029effffc346324cef4de3bf
-  data.tar.gz: 7f1d10ee1fa396ad27427d6d6acebfe9f8449680179945c227ea29d6d63b6600
+  metadata.gz: c00aad2781f73b860860758fa26f0976413ec9917c472a702e4dc93caeffe725
+  data.tar.gz: bad9dce8ab37b9e3a71ba479f05fd23405c0ab91abad53ef1f57f2b5f7daf073
 SHA512:
-  metadata.gz: 7aa966411494e77d23fd21f908950347b4ee2d67ccc8041f332071700a20c29fca6396b73ec32fe5bc0177ee9b14bd65edc072737e2b9372490a9233e47bb2a4
-  data.tar.gz: ead151951a9e1fff0d7b01397c7ee5d309f99f9dca13ca66ebf2137ba8ba025374bfafd943286367210e3e2978bf921907321c55e48e7fcbacc0784d7586b838
+  metadata.gz: 1818bc0df7bc48e264a95b4a091e0b02776ae9e5fb3f56a06b6e2d39d0bf6aa9ca3275a9af6aba06bd62a139c999951a18fd9859a41601910d6bc986680be4bc
+  data.tar.gz: 3259dd964ab887e049166cba3552e3cdc87f9b9e67170acc48363daf3f1495543fd691dbd5be51c63d3cbe44c15ecebbc784f5f4df826fcec452bbbb06caedc8

data/lib/firespring_dev_commands/aws/account.rb

@@ -4,13 +4,13 @@ module Dev
     class Account
       # Config object for setting top level Aws account config options
       # TODO: registry is deprecated and should be removed on the next major release
-      Config = Struct.new(:root, :children, :default, :registry, :ecr_registry_ids, :login_to_account_ecr_registry)
+      Config = Struct.new(:root, :children, :default, :registry, :ecr_registry_ids, :login_to_account_ecr_registry, :default_login_role_name)
 
       # Instantiates a new top level config object if one hasn't already been created
       # Yields that config object to any given block
       # Returns the resulting config object
       def self.config
-        @config ||= Config.new
+        @config ||= Config.new(default_login_role_name: Dev::Aws::DEFAULT_LOGIN_ROLE_NAME)
         yield(@config) if block_given?
         @config
       end
@@ -81,8 +81,13 @@ module Dev
         region_default = defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
         defaultini['region'] = Dev::Common.new.ask('Default region name', region_default)
 
-        mfa_default = defaultini['mfa_serial'] || ENV['AWS_MFA_ARN'] || "arn:aws:iam::#{root.id}:mfa/#{ENV.fetch('USERNAME', nil)}"
-        defaultini['mfa_serial'] = Dev::Common.new.ask('Default mfa arn', mfa_default)
+        # NOTE: We had an old config for "mfa_serial" which included the entire arn. We deprecated that config since
+        #       it made it much more difficult to switch between different root accounts.
+        mfa_name_default = defaultini['mfa_serial']&.split(%r{mfa/})&.last || ENV['AWS_MFA_ARN']&.split(%r{mfa/})&.last || ENV.fetch('USERNAME', nil)
+        defaultini['mfa_serial_name'] = Dev::Common.new.ask('Default mfa name', mfa_name_default)
+        # TODO: Eventually, we should delete the mfa_serial entry from the config. Leaving it for now because some projects
+        #       may be using older versions of the dev_commands library
+        # defaultini.delete('mfa_serial')
 
         session_name_default = defaultini['role_session_name'] || "#{ENV.fetch('USERNAME', nil)}_cli"
         defaultini['role_session_name'] = Dev::Common.new.ask('Default session name', session_name_default)
@@ -119,8 +124,13 @@ module Dev
         region_default = profileini['region'] || defaultini['region'] || ENV['AWS_DEFAULT_REGION'] || Dev::Aws::DEFAULT_REGION
         profileini['region'] = Dev::Common.new.ask('Default region name', region_default)
 
-        role_default = profileini['role_arn'] || "arn:aws:iam::#{account}:role/ReadonlyAccessRole"
-        profileini['role_arn'] = Dev::Common.new.ask('Default role arn', role_default)
+        # NOTE: We had an old config for "role_arn" which included the entire arn. We deprecated that config since
+        #       it made it much more difficult to switch between different accounts.
+        role_name_default = profileini['role_name'] || profileini['role_arn']&.split(%r{role/})&.last || self.class.config.default_login_role_name
+        profileini['role_name'] = Dev::Common.new.ask('Default role name', role_name_default)
+        # TODO: Eventually, we should delete the role_arn entry from the config. Leaving it for now because some projects
+        #       may be using older versions of the dev_commands library
+        # profileini.delete('role_arn')
 
         cfgini.write
       end

data/lib/firespring_dev_commands/aws/credentials.rb

@@ -75,6 +75,8 @@ module Dev
         credini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/credentials", default: 'default')
         defaultini = credini['default']
 
+        # TODO: Should we allow for multiple sets of base credentials? How do I use this for both FDP and SBF?
+
         access_key_default = defaultini['aws_access_key_id']
         defaultini['aws_access_key_id'] = Dev::Common.new.ask('AWS Access Key ID', access_key_default)
 

data/lib/firespring_dev_commands/aws/login.rb

@@ -31,28 +31,32 @@ module Dev
       # Temporary credentials are written back to the credentials file
       def authorize!(account)
         # Make sure the account has been set up
-        cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
-        unless cfgini.has_section?("profile #{account}")
-          Dev::Aws::Account.new.write!(account)
-          cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
-        end
+        cfgini = setup_cfgini
 
         defaultini = cfgini['default']
         profileini = cfgini["profile #{account}"]
 
-        serial = profileini['mfa_serial'] || defaultini['mfa_serial']
-        role = profileini['role_arn'] || defaultini['role_arn']
+        region = profileini['region'] || defaultini['region'] || Dev::Aws::DEFAULT_REGION
+
+        serial = profileini['mfa_serial_name'] || defaultini['mfa_serial_name']
+        serial = "arn:aws:iam::#{Dev::Aws::Account.new.roo.id}:mfa/#{serial}" if serial
+        serial ||= profileini['mfa_serial'] || defaultini['mfa_serial']
+
+        role = profileini['role_name'] || defaultini['role_name']
+        role = "arn:aws:iam::#{account}:role/#{role}" if role
+        role ||= profileini['role_arn'] || defaultini['role_arn']
+
         session_name = profileini['role_session_name'] || defaultini['role_session_name']
         session_duration = profileini['session_duration'] || defaultini['session_duration']
 
         puts
-        puts "  Logging in to #{account} as #{role}".light_yellow
+        puts "  Logging in to #{account} in #{region} as #{role}".light_yellow
         puts
 
         code = ENV['AWS_TOKEN_CODE'] || Dev::Common.new.ask("Enter the MFA code for the #{ENV.fetch('USERNAME', '')} user serial #{serial}")
         raise 'MFA is required' unless code.to_s.strip
 
-        sts = ::Aws::STS::Client.new(profile: 'default')
+        sts = ::Aws::STS::Client.new(profile: 'default', region: region)
         creds = sts.assume_role(
           serial_number: serial,
           role_arn: role,
@@ -65,9 +69,21 @@ module Dev
         Dev::Aws::Credentials.new.write!(account, creds)
       end
 
+      # Returns the config ini file
+      # Runs the setup for our current account if it's not already setup
+      def setup_cfgini
+        cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        unless cfgini.has_section?("profile #{account}")
+          Dev::Aws::Account.new.write!(account)
+          cfgini = IniFile.new(filename: "#{Dev::Aws::CONFIG_DIR}/config", default: 'default')
+        end
+        cfgini
+      end
+
       # Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image)
       # Authroizes the docker ruby library to pull/push images from the Aws container registry
-      def registry_logins!(registry_ids: Dev::Aws::Account.new.ecr_registry_ids, region: Dev::Aws::DEFAULT_REGION)
+      def registry_logins!(registry_ids: Dev::Aws::Account.new.ecr_registry_ids, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         return if registry_ids.empty?
 
         puts
@@ -77,7 +93,8 @@ module Dev
 
       # Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image)
       # Authroizes the docker ruby library to pull/push images from the Aws container registry
-      def registry_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: Dev::Aws::DEFAULT_REGION)
+      def registry_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         raise 'registry_id is required' if registry_id.to_s.strip.empty?
         raise 'region is required' if region.to_s.strip.empty?
 
@@ -92,7 +109,8 @@ module Dev
       # Authroizes the docker cli to pull/push images from the Aws container registry
       # (e.g. if docker compose needs to pull an image)
       # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
-      def docker_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: Dev::Aws::DEFAULT_REGION)
+      def docker_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         warn '[DEPRECATION] `Dev::Aws::Login#docker_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
         docker_cli_login!(registry: "#{registry_id}.dkr.ecr.#{region}.amazonaws.com", region: region)
         puts
@@ -110,7 +128,8 @@ module Dev
 
       # Authroizes the docker ruby library to pull/push images from the Aws container registry
       # @deprecated Please use {Dev::Aws::Login#registry_login!} instead
-      def ecr_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: Dev::Aws::DEFAULT_REGION)
+      def ecr_login!(registry_id: Dev::Aws::Account.new.ecr_registry_ids.first, region: nil)
+        region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION
         warn '[DEPRECATION] `Dev::Aws::Login#ecr_login!` is deprecated. Please use `Dev::Aws::Login#registry_login!` instead.'
         docker_lib_login!(registry_id: registry_id, region: region)
       end

data/lib/firespring_dev_commands/aws.rb

@@ -4,7 +4,10 @@ module Dev
     # The config dir for the user's AWS settings
     CONFIG_DIR = "#{Dir.home}/.aws".freeze
 
-    # The default region used if none have been configured in the AWS settings
+    # The default region used if none has been configured in the AWS settings
     DEFAULT_REGION = 'us-east-1'.freeze
+
+    # The default role name used if none has been configured when logging in
+    DEFAULT_LOGIN_ROLE_NAME = 'ReadonlyAccessRole'.freeze
   end
 end

data/lib/firespring_dev_commands/version.rb

@@ -6,6 +6,6 @@ module Dev
     # Use 'v.v.v.pre.alpha.v' for pre-release vesions
     # Use 'v.v.v.beta.v for beta versions
     # Use semantic versioning for any releases (https://semver.org/)
-    VERSION = '1.4.3'.freeze
+    VERSION = '1.5.0.pre.alpha.2'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: firespring_dev_commands
 version: !ruby/object:Gem::Version
-  version: 1.4.3
+  version: 1.5.0.pre.alpha.2
 platform: ruby
 authors:
 - Firespring
@@ -453,9 +453,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.1.6
 signing_key: