mydrive-aws-mfa 0.5.2 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: fc32e4eb8cb29f396af0187ef970d9b98552558c
-  data.tar.gz: d4810f09a4877d807b358bb7ff2c17b50a57e65b
+SHA256:
+  metadata.gz: c272882302abaecec8f71659b7ce8cc73b447cc0a8439aa44ef347056d37a679
+  data.tar.gz: bdb70dc1ab732d04b380d3f4cd22df09f40c219a71b9ecefb780f01d53faf054
 SHA512:
-  metadata.gz: a59069e8ad84b8c79ca51df4a666957fdbdc679f4210e52a482060788faa34f7c77e1f27fa1eb8776d9cf7c2ea0adc0f3e9ac75616fced535cafcd18c0e4ae20
-  data.tar.gz: eccced2cdc4e5ce34cfe26b33b2726448e3e4a04f005625991f8f16d10fba58fae47232223cc2589d53ad1517c57fc5743c52a0c1e5e3526d0e55d541c4b428f
+  metadata.gz: f6f5cce0cab0f4d803e07eb4014e700140ac289a8589b46f8bb122de636062f85a24de8487a1c162382e197133d8840428d8895b05d7daacc4810389c9255797
+  data.tar.gz: ca27d8f5078a4bb36fd628a513b79faaee617d96964bb0cd38401cfdc328e8b7626b860b582dadd142ec77d68ee0dbb9b27903edc1477f30dac5ee411560f72c

data/lib/aws_mfa.rb

@@ -59,10 +59,17 @@ class AwsMfa
   end
 
   def load_credentials(profile_config)
-    CredentialsLoader.new(mydrive_credentials_cache_dir).load_credentials(profile_config)
+    CredentialsLoader.new(
+      mydrive_credentials_cache_dir,
+      expiration_buffer_minutes: expiration_buffer_minutes
+    ).load_credentials(profile_config)
   end
 
   def execute_output(execution_output, credentials)
     CredentialsOutputExecutor.new.execute_output(execution_output, credentials)
   end
+
+  def expiration_buffer_minutes
+    ENV.fetch("MYDRIVE_MFA_TOKEN_EXPIRATION_BUFFER", 0).to_i
+  end
 end

data/lib/aws_mfa/credentials_loader.rb

@@ -1,19 +1,20 @@
-require 'io/console'
-require_relative 'errors'
-require_relative 'shell_command'
+require "io/console"
+require "json"
+require "time"
+require_relative "errors"
+require_relative "shell_command"
 
 class AwsMfa
   class CredentialsLoader
-    MFA_EXPIRATION_PERIOD_IN_SECONDS = 3600
-
-    def initialize(mydrive_credentials_cache_dir)
+    def initialize(mydrive_credentials_cache_dir, expiration_buffer_minutes: 0)
       @mydrive_credentials_cache_dir = mydrive_credentials_cache_dir
+      @expiration_buffer_seconds = expiration_buffer_minutes * 60
     end
 
     def load_credentials(profile_config)
       credentials_file = File.join(mydrive_credentials_cache_dir, build_credentials_file_name(profile_config))
 
-      if File.readable?(credentials_file) && token_not_expired?(credentials_file)
+      if File.readable?(credentials_file) && !token_expired?(credentials_file)
         credentials = File.read(credentials_file)
       else
         credentials = load_credentials_from_aws(profile_config)
@@ -32,9 +33,10 @@ class AwsMfa
       "#{source_profile}_#{profile_config.profile}_mfa_credentials"
     end
 
-    def token_not_expired?(credentials_file)
-      mtime = File.stat(credentials_file).mtime
-      Time.new - mtime < MFA_EXPIRATION_PERIOD_IN_SECONDS
+    def token_expired?(credentials_file)
+      credentials_file_content = JSON.parse(File.read(credentials_file))
+      expiration_time = Time.parse(credentials_file_content["Credentials"]["Expiration"])
+      Time.now.to_i + @expiration_buffer_seconds >= expiration_time.to_i
     end
 
     def load_credentials_from_aws(profile_config)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mydrive-aws-mfa
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.6.0
 platform: ruby
 authors:
 - MyDrive Solutions Ltd
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-12 00:00:00.000000000 Z
+date: 2018-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -91,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - aws-cli
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Run AWS commands with MFA (MyDrive fork)