oneaws 0.4.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -0
- data/lib/oneaws/cli.rb +7 -1
- data/lib/oneaws/client.rb +39 -21
- data/lib/oneaws/version.rb +1 -1
- data/oneaws.gemspec +3 -1
- metadata +35 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4703d2dc9224791ac0371ddd739ab899e62920749111148b46c3a664c7952e77
|
|
4
|
+
data.tar.gz: 2b34d7a1278a18d71409754fdbc303781f29f440610108c138a02cfbf75e42b2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cbbb5ac0988de0813939b348f79aaa97fba800d9ac0ec38faf39e56a6410c780cf95824eb9f018cd7fb6c83a8aacd720f9f6ed00dd3a05b183243cc3a8c5bd23
|
|
7
|
+
data.tar.gz: db5971dde56056811590806fdc4fa5133e99830f3f76e3afeb1bb6b780ce6ebe1f657fdafc0e52f70db0100746fced72398c77729196e659a125a8ba2f7f25f9
|
data/README.md
CHANGED
|
@@ -37,3 +37,19 @@ oneaws
|
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
`-u` オプションをつけていると `~/.aws/credentials` に追記されます(default: true)。
|
|
40
|
+
|
|
41
|
+
### ONEAWS_MFA_DEVICE
|
|
42
|
+
|
|
43
|
+
MFA デバイスを複数登録している場合、以下のようにデバイスの選択を求められます。
|
|
44
|
+
|
|
45
|
+
```
|
|
46
|
+
Available MFA devices:
|
|
47
|
+
1. OneLogin Protect (ID: ***)
|
|
48
|
+
2. OneLogin Auth (ID: ***)
|
|
49
|
+
|
|
50
|
+
Select MFA device (1-2):
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
デバイスの選択が面倒な場合は、環境変数 `ONEAWS_MFA_DEVICE` を指定することで、指定した番号のデバイスを自動で選択できます。上記を例にすると、`1. OneLogin Protect` を選ぶ場合は `ONEAWS_MFA_DEVICE=1` と指定します。
|
|
54
|
+
|
|
55
|
+
ワンタイムパスワードが必要なデバイスを選択した場合、 `--otp` オプションでワンタイムパスワードを指定することができます。
|
data/lib/oneaws/cli.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Oneaws
|
|
|
10
10
|
option :update_aws_credentials, aliases: "-u", type: :boolean, default: true
|
|
11
11
|
option :profile, aliases: "-p", type: :string, default: "oneaws"
|
|
12
12
|
option :eval, type: :string, enum: ["bash", "fish"]
|
|
13
|
+
option :otp, type: :string
|
|
13
14
|
def getkey
|
|
14
15
|
client = Client.new
|
|
15
16
|
|
|
@@ -19,7 +20,7 @@ module Oneaws
|
|
|
19
20
|
app_id: ENV['ONELOGIN_APP_ID'],
|
|
20
21
|
subdomain: ENV['ONELOGIN_SUBDOMAIN'],
|
|
21
22
|
}
|
|
22
|
-
credential = client.issue_credential(params)
|
|
23
|
+
credential = client.issue_credential(params, options[:otp])
|
|
23
24
|
|
|
24
25
|
if options["update_aws_credentials"]
|
|
25
26
|
credential_file = File.expand_path(find_credentials)
|
|
@@ -52,6 +53,11 @@ module Oneaws
|
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
|
|
56
|
+
desc 'version', 'Show version'
|
|
57
|
+
def version
|
|
58
|
+
puts Oneaws::VERSION
|
|
59
|
+
end
|
|
60
|
+
|
|
55
61
|
private
|
|
56
62
|
|
|
57
63
|
# AWS の credential を以下の順番で存在チェックをする
|
data/lib/oneaws/client.rb
CHANGED
|
@@ -15,12 +15,12 @@ module Oneaws
|
|
|
15
15
|
})
|
|
16
16
|
|
|
17
17
|
@aws = Aws::STS::Client.new(
|
|
18
|
-
credentials:
|
|
18
|
+
credentials: nil,
|
|
19
19
|
region: ENV['AWS_REGION'] || 'ap-northeast-1',
|
|
20
20
|
)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
def issue_credential(options)
|
|
23
|
+
def issue_credential(options, otp = nil)
|
|
24
24
|
username = options[:username]
|
|
25
25
|
password = options[:password]
|
|
26
26
|
app_id = options[:app_id]
|
|
@@ -31,30 +31,17 @@ module Oneaws
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
mfa = response.mfa
|
|
34
|
+
mfa_device = select_mfa_device(mfa)
|
|
34
35
|
|
|
35
|
-
if mfa.devices.length == 1
|
|
36
|
-
mfa_device = mfa.devices.first
|
|
37
|
-
else
|
|
38
|
-
puts "\nAvailable MFA devices:"
|
|
39
|
-
mfa.devices.each_with_index do |device, index|
|
|
40
|
-
puts "#{index + 1}. #{device.type} (ID: #{device.id})"
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
print "\nSelect MFA device (1-#{mfa.devices.length}): "
|
|
44
|
-
selection = STDIN.gets.chomp.to_i
|
|
45
|
-
|
|
46
|
-
if selection < 1 || selection > mfa.devices.length
|
|
47
|
-
raise MfaDeviceNotFoundError.new("Invalid device selection.")
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
mfa_device = mfa.devices[selection - 1]
|
|
51
|
-
end
|
|
52
|
-
|
|
53
36
|
device_types_that_do_not_require_token = [
|
|
54
37
|
"OneLogin Protect"
|
|
55
38
|
]
|
|
56
39
|
|
|
57
|
-
otp_token =
|
|
40
|
+
otp_token = if device_types_that_do_not_require_token.include?(mfa_device.type)
|
|
41
|
+
nil
|
|
42
|
+
elsif otp
|
|
43
|
+
otp
|
|
44
|
+
else
|
|
58
45
|
print "input OTP of #{mfa_device.type}: "
|
|
59
46
|
STDIN.noecho(&:gets)
|
|
60
47
|
end
|
|
@@ -83,5 +70,36 @@ module Oneaws
|
|
|
83
70
|
}
|
|
84
71
|
@aws.assume_role_with_saml(params)[:credentials]
|
|
85
72
|
end
|
|
73
|
+
|
|
74
|
+
private
|
|
75
|
+
|
|
76
|
+
def select_mfa_device(mfa)
|
|
77
|
+
if mfa.devices.length == 1
|
|
78
|
+
return mfa.devices.first
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
if selection = ENV["ONEAWS_MFA_DEVICE"] &.to_i
|
|
82
|
+
if selection <= 0
|
|
83
|
+
warn "ONEAWS_MFA_DEVICE must be >= 1"
|
|
84
|
+
exit 1
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
return mfa.devices[selection - 1]
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
puts "\nAvailable MFA devices:"
|
|
91
|
+
mfa.devices.each_with_index do |device, index|
|
|
92
|
+
puts "#{index + 1}. #{device.type} (ID: #{device.id})"
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
print "\nSelect MFA device (1-#{mfa.devices.length}): "
|
|
96
|
+
selection = STDIN.gets.chomp.to_i
|
|
97
|
+
|
|
98
|
+
if selection < 1 || selection > mfa.devices.length
|
|
99
|
+
raise MfaDeviceNotFoundError.new("Invalid device selection.")
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
mfa.devices[selection - 1]
|
|
103
|
+
end
|
|
86
104
|
end
|
|
87
105
|
end
|
data/lib/oneaws/version.rb
CHANGED
data/oneaws.gemspec
CHANGED
|
@@ -24,8 +24,10 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
25
25
|
spec.require_paths = ['lib']
|
|
26
26
|
|
|
27
|
-
spec.add_dependency 'aws-sdk-core'
|
|
27
|
+
spec.add_dependency 'aws-sdk-core'
|
|
28
28
|
spec.add_dependency 'inifile'
|
|
29
29
|
spec.add_dependency 'onelogin', '~> 1.6'
|
|
30
30
|
spec.add_dependency 'thor'
|
|
31
|
+
spec.add_dependency 'base64'
|
|
32
|
+
spec.add_dependency 'logger'
|
|
31
33
|
end
|
metadata
CHANGED
|
@@ -1,29 +1,28 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oneaws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Koya
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-04-23 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: aws-sdk-core
|
|
15
14
|
requirement: !ruby/object:Gem::Requirement
|
|
16
15
|
requirements:
|
|
17
|
-
- - "
|
|
16
|
+
- - ">="
|
|
18
17
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
18
|
+
version: '0'
|
|
20
19
|
type: :runtime
|
|
21
20
|
prerelease: false
|
|
22
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
22
|
requirements:
|
|
24
|
-
- - "
|
|
23
|
+
- - ">="
|
|
25
24
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
25
|
+
version: '0'
|
|
27
26
|
- !ruby/object:Gem::Dependency
|
|
28
27
|
name: inifile
|
|
29
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -66,6 +65,34 @@ dependencies:
|
|
|
66
65
|
- - ">="
|
|
67
66
|
- !ruby/object:Gem::Version
|
|
68
67
|
version: '0'
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: base64
|
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '0'
|
|
75
|
+
type: :runtime
|
|
76
|
+
prerelease: false
|
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - ">="
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: '0'
|
|
82
|
+
- !ruby/object:Gem::Dependency
|
|
83
|
+
name: logger
|
|
84
|
+
requirement: !ruby/object:Gem::Requirement
|
|
85
|
+
requirements:
|
|
86
|
+
- - ">="
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
version: '0'
|
|
89
|
+
type: :runtime
|
|
90
|
+
prerelease: false
|
|
91
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
92
|
+
requirements:
|
|
93
|
+
- - ">="
|
|
94
|
+
- !ruby/object:Gem::Version
|
|
95
|
+
version: '0'
|
|
69
96
|
description: Issue temporary credentials using OneLogin and AWS STS.
|
|
70
97
|
email:
|
|
71
98
|
- ykky@pepabo.com
|
|
@@ -93,7 +120,6 @@ metadata:
|
|
|
93
120
|
homepage_uri: https://github.com/pepabo/oneaws
|
|
94
121
|
source_code_uri: https://github.com/pepabo/oneaws
|
|
95
122
|
changelog_uri: https://github.com/pepabo/oneaws
|
|
96
|
-
post_install_message:
|
|
97
123
|
rdoc_options: []
|
|
98
124
|
require_paths:
|
|
99
125
|
- lib
|
|
@@ -108,8 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
108
134
|
- !ruby/object:Gem::Version
|
|
109
135
|
version: '0'
|
|
110
136
|
requirements: []
|
|
111
|
-
rubygems_version: 3.
|
|
112
|
-
signing_key:
|
|
137
|
+
rubygems_version: 3.6.2
|
|
113
138
|
specification_version: 4
|
|
114
139
|
summary: Issue temporary credentials using OneLogin and AWS STS.
|
|
115
140
|
test_files: []
|