heroku-config 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8d09f67aa9118f360968ebac3deda4367589a820fff3f58c1cbb55dc8f12da0f
+  data.tar.gz: 7fbda965589b2a43c44d928e893a579f340db81b7fbde46791fb27c65377ce0c
+SHA512:
+  metadata.gz: eed2ef3cffa39a324c910771da3ccd45ab8d98856a36d3d45b380a93572fbf20cf0212eba620b7058caf9745e59f53059b4eea0b15585e35da9c44174722d1b3
+  data.tar.gz: 54399e1010245b85cdc57164d634b529ff6aaa79b93d326127db45588f699bbf86b5074c273e01261c47ef635ac082b303842ad767228f5aee7da771b7ef12fa

data/.gitignore

@@ -0,0 +1,16 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+_yardoc
+coverage
+doc/
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--color
+--format documentation

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
+
+## [0.1.0]
+- Initial release.

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+# Specify your gem dependencies in heroku-config.gemspec
+gemspec
+
+gem "codeclimate-test-reporter", group: :test, require: nil

data/Gemfile.lock

@@ -0,0 +1,86 @@
+PATH
+  remote: .
+  specs:
+    heroku-config (0.1.0)
+      activesupport
+      aws-sdk-core
+      aws-sdk-iam
+      memoist
+      rainbow
+      thor
+      zeitwerk
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (6.0.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.2)
+    aws-eventstream (1.0.3)
+    aws-partitions (1.240.0)
+    aws-sdk-core (3.78.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
+      aws-sigv4 (~> 1.1)
+      jmespath (~> 1.0)
+    aws-sdk-iam (1.31.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.1.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+    byebug (11.0.1)
+    cli_markdown (0.1.0)
+    codeclimate-test-reporter (1.0.9)
+      simplecov (<= 0.13)
+    concurrent-ruby (1.1.5)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    jmespath (1.4.0)
+    json (2.2.0)
+    memoist (0.16.1)
+    minitest (5.13.0)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-expectations (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.0)
+    simplecov (0.13.0)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    zeitwerk (2.2.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  byebug
+  cli_markdown
+  codeclimate-test-reporter
+  heroku-config!
+  rake
+  rspec
+
+BUNDLED WITH
+   2.0.2

data/Guardfile

@@ -0,0 +1,19 @@
+guard "bundler", cmd: "bundle" do
+  watch("Gemfile")
+  watch(/^.+\.gemspec/)
+end
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2019 Tung Nguyen
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,46 @@
+# HerokuConfig
+
+[![Gem Version](https://badge.fury.io/rb/heroku-config.png)](http://badge.fury.io/rb/heroku-config)
+
+Easily rotate AWS keys and heroku configs.
+
+## Usage
+
+    heroku-config aws-rotate APP
+
+## Example with Output
+
+    $ heroku-config aws-rotate protected-oasis-24054
+    => heroku config:get AWS_ACCESS_KEY_ID -a protected-oasis-24054
+    Updating access key for user: bob
+    Created new access key: AKIAXZ6ODJLQQEXAMPLE
+    => heroku config:set AWS_ACCESS_KEY_ID=AKIAXZ6ODJLQQEXAMPLE AWS_SECRET_ACCESS_KEY=sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE -a protected-oasis-24054
+    Setting heroku config variables
+    Setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and restarting protected-oasis-24054... done, v21
+
+    AWS_ACCESS_KEY_ID:     AKIAXZ6ODJLQQEXAMPLE
+    AWS_SECRET_ACCESS_KEY: sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE
+    Old access key deleted: AKIAXZ6ODJLQSGGE27KK
+    $
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem "heroku-config"
+
+And then execute:
+
+    bundle
+
+Or install it yourself as:
+
+    gem install heroku-config
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am "Add some feature"`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,14 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+task default: :spec
+
+RSpec::Core::RakeTask.new
+
+require_relative "lib/heroku-config"
+require "cli_markdown"
+desc "Generates cli reference docs as markdown"
+task :docs do
+  mkdir_p "docs/_includes"
+  CliMarkdown::Creator.create_all(cli_class: HerokuConfig::CLI, cli_name: "heroku-config")
+end

data/exe/heroku-config

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+# Trap ^C
+Signal.trap("INT") {
+  puts "\nCtrl-C detected. Exiting..."
+  sleep 0.1
+  exit
+}
+
+$:.unshift(File.expand_path("../../lib", __FILE__))
+require "heroku-config"
+require "heroku_config/cli"
+
+HerokuConfig::CLI.start(ARGV)

data/heroku-config.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "heroku_config/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "heroku-config"
+  spec.version       = HerokuConfig::VERSION
+  spec.authors       = ["Tung Nguyen"]
+  spec.email         = ["tongueroo@gmail.com"]
+  spec.summary       = "Heroku Config AWS Access Key Rotator"
+  spec.homepage      = "https://github.com/tongueroo/heroku-config"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport"
+  spec.add_dependency "aws-sdk-core" # for aws-sdk-sts
+  spec.add_dependency "aws-sdk-iam"
+  spec.add_dependency "memoist"
+  spec.add_dependency "rainbow"
+  spec.add_dependency "thor"
+  spec.add_dependency "zeitwerk"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "byebug"
+  spec.add_development_dependency "cli_markdown"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

data/lib/heroku-config.rb

@@ -0,0 +1 @@
+require_relative "heroku_config"

data/lib/heroku_config/autoloader.rb

@@ -0,0 +1,22 @@
+require "zeitwerk"
+
+module HerokuConfig
+  class Autoloader
+    class Inflector < Zeitwerk::Inflector
+      def camelize(basename, _abspath)
+        map = { cli: "CLI", version: "VERSION" }
+        map[basename.to_sym] || super
+      end
+    end
+
+    class << self
+      def setup
+        loader = Zeitwerk::Loader.new
+        loader.inflector = Inflector.new
+        loader.push_dir(File.dirname(__dir__)) # lib
+        loader.ignore("#{File.dirname(__dir__)}/heroku-config.rb")
+        loader.setup
+      end
+    end
+  end
+end

data/lib/heroku_config/aws_key.rb

@@ -0,0 +1,106 @@
+module HerokuConfig
+  class AwsKey < Base
+    include AwsServices
+    class MaxKeysError < StandardError; end
+
+    def initialize(options, access_key_id)
+      @options, @access_key_id = options, access_key_id
+      @app = options[:app]
+    end
+
+    def rotate
+      user_name = get_user_name
+
+      message = "Updating access key for user: #{user_name}"
+      message = "NOOP: #{message}" if ENV['HEROKU_CONFIG_TEST']
+      puts message.color(:green)
+      return false if @options[:noop]
+
+      check_max_keys_limit!(user_name)
+      new_key, new_secret = create_access_key(user_name)
+      wait_until_usable(new_key, new_secret)
+
+      update_heroku_config(new_key, new_secret)
+      delete_old_access_key(user_name)
+
+      true
+    end
+
+    def get_user_name
+      return "fakeuser" if @options[:noop]
+
+      resp = iam.get_access_key_last_used(
+        access_key_id: @access_key_id,
+      )
+      resp.user_name
+    end
+
+    def wait_until_usable(key, secret)
+      delay, retries = 5, 0
+      begin
+        sts.get_caller_identity
+        true
+      rescue Aws::STS::Errors::InvalidClientTokenId => e
+        puts "#{e.class}: #{e.message}"
+        retries += 1
+        if retries <= 20
+          puts "New IAM key not usable yet. Delaying for #{delay} seconds and retrying..."
+          sleep delay
+          retry
+        end
+      end
+    end
+
+    def delete_old_access_key(user_name)
+      resp = iam.list_access_keys(user_name: user_name)
+      access_keys = resp.access_key_metadata
+      # Important: Only delete if there are keys 2.
+      return if access_keys.size <= 1
+
+      old_key = access_keys.sort_by(&:create_date).first
+      iam.delete_access_key(user_name: user_name, access_key_id: old_key.access_key_id)
+      puts "Old access key deleted: #{old_key.access_key_id}"
+    end
+
+    def update_heroku_config(new_key, new_secret)
+      out = config.set(
+        "AWS_ACCESS_KEY_ID" => new_key,
+        "AWS_SECRET_ACCESS_KEY" => new_secret,
+      )
+      puts "Setting heroku config variables"
+      puts out
+    end
+
+    # Returns:
+    #
+    #   #<struct Aws::IAM::Types::AccessKey
+    #     user_name="tung",
+    #     access_key_id="AKIAXZ6ODJLQUU6O3FD2",
+    #     status="Active",
+    #     secret_access_key="8eEnLLdR7gQE9fkFiDVuemi3qPf3mBMXxEXAMPLE",
+    #     create_date=2019-08-13 21:14:35 UTC>>
+    #
+    def create_access_key(user_name)
+      resp = iam.create_access_key(
+        user_name: user_name,
+      )
+      access_key = resp.access_key
+      key, secret = access_key.access_key_id, access_key.secret_access_key
+      puts "Created new access key: #{key}"
+      [key, secret]
+    end
+
+  private
+    # Check if there are 2 keys, cannot rotate if there are 2 keys already.
+    # Raise error if there are 2 keys.
+    # Returns false if not at max limit
+    MAX_KEYS = 2
+    def check_max_keys_limit!(user_name)
+      resp = iam.list_access_keys(user_name: user_name)
+      return false if resp.access_key_metadata.size < MAX_KEYS # not at max limit
+
+      puts "ERROR: There are already 2 access keys for user: #{user_name.color(:green)}".color(:red)
+      raise MaxKeysError
+    end
+  end
+end

data/lib/heroku_config/aws_rotate.rb

@@ -0,0 +1,19 @@
+module HerokuConfig
+  class AwsRotate < Base
+    def initialize(options={})
+      @options = options
+      @app = options[:app]
+    end
+
+    def run
+      key_id = config.get("AWS_ACCESS_KEY_ID")
+      unless key_id
+        puts "WARN: No AWS_ACCESS_KEY_ID found for #{@app.color(:green)} app. Exiting."
+        exit 0
+      end
+
+      aws_key = AwsKey.new(@options, key_id)
+      aws_key.rotate
+    end
+  end
+end

data/lib/heroku_config/aws_services.rb

@@ -0,0 +1,18 @@
+require "aws-sdk-iam"
+require "aws-sdk-sts"
+
+module HerokuConfig
+  module AwsServices
+    extend Memoist
+
+    def iam
+      Aws::IAM::Client.new
+    end
+    memoize :iam
+
+    def sts
+      Aws::STS::Client.new
+    end
+    memoize :sts
+  end
+end

data/lib/heroku_config/base.rb

@@ -0,0 +1,10 @@
+module HerokuConfig
+  class Base
+    extend Memoist
+
+    def config
+      Config.new(@app)
+    end
+    memoize :config
+  end
+end

data/lib/heroku_config/cli.rb

@@ -0,0 +1,29 @@
+module HerokuConfig
+  class CLI < Command
+    class_option :verbose, type: :boolean
+    class_option :noop, type: :boolean
+
+    desc "aws-rotate APP", "Say aws_rotate to APP"
+    long_desc Help.text(:aws_rotate)
+    def aws_rotate(app)
+      AwsRotate.new(options.merge(app: app)).run
+    end
+
+    desc "completion *PARAMS", "Prints words for auto-completion."
+    long_desc Help.text("completion")
+    def completion(*params)
+      Completer.new(CLI, *params).run
+    end
+
+    desc "completion_script", "Generates a script that can be eval to setup auto-completion."
+    long_desc Help.text("completion_script")
+    def completion_script
+      Completer::Script.generate
+    end
+
+    desc "version", "prints version"
+    def version
+      puts VERSION
+    end
+  end
+end

data/lib/heroku_config/command.rb

@@ -0,0 +1,82 @@
+require "thor"
+
+# Override thor's long_desc identation behavior
+# https://github.com/erikhuda/thor/issues/398
+class Thor
+  module Shell
+    class Basic
+      def print_wrapped(message, options = {})
+        message = "\n#{message}" unless message[0] == "\n"
+        stdout.puts message
+      end
+    end
+  end
+end
+
+module HerokuConfig
+  class Command < Thor
+    class << self
+      def dispatch(m, args, options, config)
+        # Allow calling for help via:
+        #   heroku-config command help
+        #   heroku-config command -h
+        #   heroku-config command --help
+        #   heroku-config command -D
+        #
+        # as well thor's normal way:
+        #
+        #   heroku-config help command
+        help_flags = Thor::HELP_MAPPINGS + ["help"]
+        if args.length > 1 && !(args & help_flags).empty?
+          args -= help_flags
+          args.insert(-2, "help")
+        end
+
+        #   heroku-config version
+        #   heroku-config --version
+        #   heroku-config -v
+        version_flags = ["--version", "-v"]
+        if args.length == 1 && !(args & version_flags).empty?
+          args = ["version"]
+        end
+
+        super
+      end
+
+      # Override command_help to include the description at the top of the
+      # long_description.
+      def command_help(shell, command_name)
+        meth = normalize_command_name(command_name)
+        command = all_commands[meth]
+        alter_command_description(command)
+        super
+      end
+
+      def alter_command_description(command)
+        return unless command
+
+        # Add description to beginning of long_description
+        long_desc = if command.long_description
+            "#{command.description}\n\n#{command.long_description}"
+          else
+            command.description
+          end
+
+        # add reference url to end of the long_description
+        unless website.empty?
+          full_command = [command.ancestor_name, command.name].compact.join('-')
+          url = "#{website}/reference/heroku-config-#{full_command}"
+          long_desc += "\n\nHelp also available at: #{url}"
+        end
+
+        command.long_description = long_desc
+      end
+      private :alter_command_description
+
+      # meant to be overriden
+      def website
+        ""
+      end
+    end
+  end
+end

data/lib/heroku_config/completer/script.rb

@@ -0,0 +1,6 @@
+class HerokuConfig::Completer::Script
+  def self.generate
+    bash_script = File.expand_path("script.sh", File.dirname(__FILE__))
+    puts "source #{bash_script}"
+  end
+end

data/lib/heroku_config/completer/script.sh

@@ -0,0 +1,10 @@
+_heroku-config() {
+  COMPREPLY=()
+  local word="${COMP_WORDS[COMP_CWORD]}"
+  local words=("${COMP_WORDS[@]}")
+  unset words[0]
+  local completion=$(heroku-config completion ${words[@]})
+  COMPREPLY=( $(compgen -W "$completion" -- "$word") )
+}
+
+complete -F _heroku-config heroku-config

data/lib/heroku_config/completer.rb

@@ -0,0 +1,159 @@
+=begin
+Code Explanation:
+
+There are 3 types of things to auto-complete:
+
+  1. command: the command itself
+  2. parameters: command parameters.
+  3. options: command options
+
+Here's an example:
+
+  mycli hello name --from me
+
+  * command: hello
+  * parameters: name
+  * option: --from
+
+When command parameters are done processing, the remaining completion words will be options.  We can tell that the command params are completed based on the method arity.
+
+## Arity
+
+For example, say you had a method for a CLI command with the following form:
+
+  ufo scale service count --cluster development
+
+It's equivalent ruby method:
+
+  scale(service, count) = has an arity of 2
+
+So typing:
+
+  ufo scale service count [TAB] # there are 3 parameters including the "scale" command according to Thor's CLI processing.
+
+So the completion should only show options, something like this:
+
+  --noop --verbose --cluster
+
+## Splat Arguments
+
+When the ruby method has a splat argument, it's arity is negative.  Here are some example methods and their arities.
+
+   ship(service) = 1
+   scale(service, count) = 2
+   ships(*services) = -1
+   foo(example, *rest) = -2
+
+Fortunately, negative and positive arity values are processed the same way. So we take simply take the absolute value of the arity and process it the same.
+
+Here are some test cases, hit TAB after typing the command:
+
+  heroku-config completion
+  heroku-config completion hello
+  heroku-config completion hello name
+  heroku-config completion hello name --
+  heroku-config completion hello name --noop
+
+  heroku-config completion
+  heroku-config completion sub:goodbye
+  heroku-config completion sub:goodbye name
+
+## Subcommands and Thor::Group Registered Commands
+
+Sometimes the commands are not simple thor commands but are subcommands or Thor::Group commands. A good specific example is the ufo tool.
+
+  * regular command: ufo ship
+  * subcommand: ufo docker
+  * Thor::Group command: ufo init
+
+Auto-completion accounts for each of these type of commands.
+=end
+module HerokuConfig
+  class Completer
+    def initialize(command_class, *params)
+      @params = params
+      @current_command = @params[0]
+      @command_class = command_class # CLI initiall
+    end
+
+    def run
+      if subcommand?(@current_command)
+        subcommand_class = @command_class.subcommand_classes[@current_command]
+        @params.shift # destructive
+        Completer.new(subcommand_class, *@params).run # recursively use subcommand
+        return
+      end
+
+      # full command has been found!
+      unless found?(@current_command)
+        puts all_commands
+        return
+      end
+
+      # will only get to here if command aws found (above)
+      arity = @command_class.instance_method(@current_command).arity.abs
+      if @params.size > arity or thor_group_command?
+        puts options_completion
+      else
+        puts params_completion
+      end
+    end
+
+    def subcommand?(command)
+      @command_class.subcommands.include?(command)
+    end
+
+    # hacky way to detect that command is a registered Thor::Group command
+    def thor_group_command?
+      command_params(raw=true) == [[:rest, :args]]
+    end
+
+    def found?(command)
+      public_methods = @command_class.public_instance_methods(false)
+      command && public_methods.include?(command.to_sym)
+    end
+
+    # all top-level commands
+    def all_commands
+      commands = @command_class.all_commands.reject do |k,v|
+        v.is_a?(Thor::HiddenCommand)
+      end
+      commands.keys
+    end
+
+    def command_params(raw=false)
+      params = @command_class.instance_method(@current_command).parameters
+      # Example:
+      # >> Sub.instance_method(:goodbye).parameters
+      # => [[:req, :name]]
+      # >>
+      raw ? params : params.map!(&:last)
+    end
+
+    def params_completion
+      offset = @params.size - 1
+      offset_params = command_params[offset..-1]
+      command_params[offset..-1].first
+    end
+
+    def options_completion
+      used = ARGV.select { |a| a.include?('--') } # so we can remove used options
+
+      method_options = @command_class.all_commands[@current_command].options.keys
+      class_options = @command_class.class_options.keys
+
+      all_options = method_options + class_options + ['help']
+
+      all_options.map! { |o| "--#{o.to_s.gsub('_','-')}" }
+      filtered_options = all_options - used
+      filtered_options.uniq
+    end
+
+    # Useful for debugging. Using puts messes up completion.
+    def log(msg)
+      File.open("/tmp/complete.log", "a") do |file|
+        file.puts(msg)
+      end
+    end
+  end
+end

data/lib/heroku_config/config.rb

@@ -0,0 +1,72 @@
+require 'open3'
+
+module HerokuConfig
+  class Config
+    def initialize(app)
+      @app = app
+      check_heroku_cli_installed!
+    end
+
+    def get(name)
+      return "fakevalue" if ENV['HEROKU_CONFIG_TEST']
+      sh "heroku config:get #{name} -a #{@app}"
+    end
+
+    def set(*params)
+      case params.size
+      when 1 # Hash
+        set_many(params.first)
+      when 2 # 2 Strings
+        set_one(name, value)
+      else
+        raise "ERROR: #{params.class} is a class that is not supported"
+      end
+    end
+
+    def set_one(name, value)
+      sh "heroku config:set #{name} #{value} -a #{@app}"
+    end
+
+    # Example:
+    #
+    #      set(a: 1, b: 2)
+    #      =>
+    #      heroku config:set a=1 b=2 -a APP
+    #
+    def set_many(hash)
+      args = hash.map { |k,v| "#{k}=#{v}" }.join(' ')
+      sh "heroku config:set #{args} -a #{@app}", include_stderr: true
+    end
+
+  private
+    def sh(command, include_stderr: false)
+      puts "=> #{command}"
+      stdout, stderr, status = Open3.capture3(command)
+
+      out = stdout.strip
+      unless status.success?
+        puts "ERROR: #{stderr}".color(:red)
+        if stderr.empty?
+          puts "STDOUT: #{stdout}"
+        end
+        exit 1
+      end
+      if include_stderr
+        stderr + "\n" + out
+      else
+        out
+      end
+    end
+
+    def check_heroku_cli_installed!
+      return if heroku_cli_installed?
+
+      puts "The heroku cli is not installed. Please install the heroku cli: https://devcenter.heroku.com/articles/heroku-cli"
+      exit 1
+    end
+
+    def heroku_cli_installed?
+      system("type heroku > /dev/null 2>&1")
+    end
+  end
+end

data/lib/heroku_config/help/aws_rotate.md

@@ -0,0 +1,18 @@
+## Examples
+
+    heroku-config aws-rotate APP
+
+## Example with Output
+
+    $ heroku-config aws-rotate protected-oasis-24054
+    => heroku config:get AWS_ACCESS_KEY_ID -a protected-oasis-24054
+    Updating access key for user: bob
+    Created new access key: AKIAXZ6ODJLQQEXAMPLE
+    => heroku config:set AWS_ACCESS_KEY_ID=AKIAXZ6ODJLQQEXAMPLE AWS_SECRET_ACCESS_KEY=sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE -a protected-oasis-24054
+    Setting heroku config variables
+    Setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and restarting protected-oasis-24054... done, v21
+
+    AWS_ACCESS_KEY_ID:     AKIAXZ6ODJLQQEXAMPLE
+    AWS_SECRET_ACCESS_KEY: sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE
+    Old access key deleted: AKIAXZ6ODJLQSGGE27KK
+    $

data/lib/heroku_config/help/completion.md

@@ -0,0 +1,20 @@
+## Examples
+
+    heroku-config completion
+
+Prints words for TAB auto-completion.
+
+    heroku-config completion
+    heroku-config completion hello
+    heroku-config completion hello name
+
+To enable, TAB auto-completion add the following to your profile:
+
+    eval $(heroku-config completion_script)
+
+Auto-completion example usage:
+
+    heroku-config [TAB]
+    heroku-config hello [TAB]
+    heroku-config hello name [TAB]
+    heroku-config hello name --[TAB]

data/lib/heroku_config/help/completion_script.md

@@ -0,0 +1,3 @@
+To use, add the following to your `~/.bashrc` or `~/.profile`
+
+    eval $(heroku-config completion_script)

data/lib/heroku_config/help.rb

@@ -0,0 +1,9 @@
+module HerokuConfig::Help
+  class << self
+    def text(namespaced_command)
+      path = namespaced_command.to_s.gsub(':','/')
+      path = File.expand_path("../help/#{path}.md", __FILE__)
+      IO.read(path) if File.exist?(path)
+    end
+  end
+end

data/lib/heroku_config/version.rb

@@ -0,0 +1,3 @@
+module HerokuConfig
+  VERSION = "0.1.0"
+end

data/lib/heroku_config.rb

@@ -0,0 +1,11 @@
+$:.unshift(File.expand_path("../", __FILE__))
+require "heroku_config/version"
+require "memoist"
+require "rainbow/ext/string"
+
+require "heroku_config/autoloader"
+HerokuConfig::Autoloader.setup
+
+module HerokuConfig
+  class Error < StandardError; end
+end

data/spec/lib/cli_spec.rb

@@ -0,0 +1,13 @@
+describe HerokuConfig::CLI do
+  before(:all) do
+    @args = "APP --noop"
+  end
+
+  describe "heroku-config" do
+    it "aws-rotate" do
+      out = execute("exe/heroku-config aws-rotate #{@args}")
+      puts out
+      expect(out).to include("NOOP: Updating access key for user: fakeuser")
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,29 @@
+ENV["HEROKU_CONFIG_TEST"] = "1"
+
+# CodeClimate test coverage: https://docs.codeclimate.com/docs/configuring-test-coverage
+# require 'simplecov'
+# SimpleCov.start
+
+require "pp"
+require "byebug"
+root = File.expand_path("../", File.dirname(__FILE__))
+require "#{root}/lib/heroku-config"
+
+module Helper
+  def execute(cmd)
+    puts "Running: #{cmd}" if show_command?
+    out = `#{cmd}`
+    puts out if show_command?
+    out
+  end
+
+  # Added SHOW_COMMAND because DEBUG is also used by other libraries like
+  # bundler and it shows its internal debugging logging also.
+  def show_command?
+    ENV['DEBUG'] || ENV['SHOW_COMMAND']
+  end
+end
+
+RSpec.configure do |c|
+  c.include Helper
+end

metadata

@@ -0,0 +1,245 @@
+--- !ruby/object:Gem::Specification
+name: heroku-config
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tung Nguyen
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-11-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-iam
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: memoist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: zeitwerk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cli_markdown
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- tongueroo@gmail.com
+executables:
+- heroku-config
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/heroku-config
+- heroku-config.gemspec
+- lib/heroku-config.rb
+- lib/heroku_config.rb
+- lib/heroku_config/autoloader.rb
+- lib/heroku_config/aws_key.rb
+- lib/heroku_config/aws_rotate.rb
+- lib/heroku_config/aws_services.rb
+- lib/heroku_config/base.rb
+- lib/heroku_config/cli.rb
+- lib/heroku_config/command.rb
+- lib/heroku_config/completer.rb
+- lib/heroku_config/completer/script.rb
+- lib/heroku_config/completer/script.sh
+- lib/heroku_config/config.rb
+- lib/heroku_config/help.rb
+- lib/heroku_config/help/aws_rotate.md
+- lib/heroku_config/help/completion.md
+- lib/heroku_config/help/completion_script.md
+- lib/heroku_config/version.rb
+- spec/lib/cli_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/tongueroo/heroku-config
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: Heroku Config AWS Access Key Rotator
+test_files:
+- spec/lib/cli_spec.rb
+- spec/spec_helper.rb