oneaws 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/gem_push.yml +41 -0
- data/README.md +2 -0
- data/lib/oneaws/cli.rb +7 -1
- data/lib/oneaws/client.rb +26 -19
- data/lib/oneaws/version.rb +1 -1
- metadata +4 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 788200b7dc82c41386583de0d60c217089aff1f4626a41d2ab6258494fe5c191
|
|
4
|
+
data.tar.gz: 0ab327dab1fc9436aae74a499019465e057bc5cc8e489be8eed881502b5c1b4b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4b7482679da2c5bdc073254a7f9684daf1410942a1c1e67bd3cde51e6138eef577a0ba43e1fb63bb390b65903eb983d4e10bed88e221181fcaff872ecebbe19e
|
|
7
|
+
data.tar.gz: b2b298391418345c48417c9a17353e01fe4d4c5dedabc51718337ee880725dd747057e3d72c3fa6ff07852149047271d12396bbf53dba79f47f98c4952ac685c
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
name: Publish gem to rubygems.org
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags:
|
|
6
|
+
- 'v*'
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
push:
|
|
13
|
+
if: github.repository == 'pepabo/oneaws'
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
|
|
16
|
+
environment:
|
|
17
|
+
name: rubygems.org
|
|
18
|
+
url: https://rubygems.org/gems/oneaws
|
|
19
|
+
|
|
20
|
+
permissions:
|
|
21
|
+
contents: write
|
|
22
|
+
id-token: write
|
|
23
|
+
|
|
24
|
+
steps:
|
|
25
|
+
# Set up
|
|
26
|
+
- name: Harden Runner
|
|
27
|
+
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
28
|
+
with:
|
|
29
|
+
egress-policy: audit
|
|
30
|
+
|
|
31
|
+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
32
|
+
|
|
33
|
+
- name: Set up Ruby
|
|
34
|
+
uses: ruby/setup-ruby@fb404b9557c186e349162b0d8efb06e2bc36edea # v1.232.0
|
|
35
|
+
with:
|
|
36
|
+
bundler-cache: true
|
|
37
|
+
ruby-version: ruby
|
|
38
|
+
|
|
39
|
+
# Release
|
|
40
|
+
- name: Publish to RubyGems
|
|
41
|
+
uses: rubygems/release-gem@9e85cb11501bebc2ae661c1500176316d3987059 # v1
|
data/README.md
CHANGED
data/lib/oneaws/cli.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Oneaws
|
|
|
10
10
|
option :update_aws_credentials, aliases: "-u", type: :boolean, default: true
|
|
11
11
|
option :profile, aliases: "-p", type: :string, default: "oneaws"
|
|
12
12
|
option :eval, type: :string, enum: ["bash", "fish"]
|
|
13
|
+
option :otp, type: :string
|
|
13
14
|
def getkey
|
|
14
15
|
client = Client.new
|
|
15
16
|
|
|
@@ -19,7 +20,7 @@ module Oneaws
|
|
|
19
20
|
app_id: ENV['ONELOGIN_APP_ID'],
|
|
20
21
|
subdomain: ENV['ONELOGIN_SUBDOMAIN'],
|
|
21
22
|
}
|
|
22
|
-
credential = client.issue_credential(params)
|
|
23
|
+
credential = client.issue_credential(params, options[:otp])
|
|
23
24
|
|
|
24
25
|
if options["update_aws_credentials"]
|
|
25
26
|
credential_file = File.expand_path(find_credentials)
|
|
@@ -52,6 +53,11 @@ module Oneaws
|
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
|
|
56
|
+
desc 'version', 'Show version'
|
|
57
|
+
def version
|
|
58
|
+
puts Oneaws::VERSION
|
|
59
|
+
end
|
|
60
|
+
|
|
55
61
|
private
|
|
56
62
|
|
|
57
63
|
# AWS の credential を以下の順番で存在チェックをする
|
data/lib/oneaws/client.rb
CHANGED
|
@@ -20,7 +20,7 @@ module Oneaws
|
|
|
20
20
|
)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
def issue_credential(options)
|
|
23
|
+
def issue_credential(options, otp = nil)
|
|
24
24
|
username = options[:username]
|
|
25
25
|
password = options[:password]
|
|
26
26
|
app_id = options[:app_id]
|
|
@@ -31,29 +31,36 @@ module Oneaws
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
mfa = response.mfa
|
|
34
|
-
mfa_device = select_mfa_device(mfa)
|
|
35
|
-
|
|
36
|
-
device_types_that_do_not_require_token = [
|
|
37
|
-
"OneLogin Protect"
|
|
38
|
-
]
|
|
39
|
-
|
|
40
|
-
otp_token = unless device_types_that_do_not_require_token.include?(mfa_device.type)
|
|
41
|
-
print "input OTP of #{mfa_device.type}: "
|
|
42
|
-
STDIN.noecho(&:gets)
|
|
43
|
-
end
|
|
44
34
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
35
|
+
if mfa # mfa required
|
|
36
|
+
mfa_device = select_mfa_device(mfa)
|
|
37
|
+
|
|
38
|
+
device_types_that_do_not_require_token = [
|
|
39
|
+
"OneLogin Protect"
|
|
40
|
+
]
|
|
41
|
+
|
|
42
|
+
otp_token = if device_types_that_do_not_require_token.include?(mfa_device.type)
|
|
43
|
+
nil
|
|
44
|
+
elsif otp
|
|
45
|
+
otp
|
|
46
|
+
else
|
|
47
|
+
print "input OTP of #{mfa_device.type}: "
|
|
48
|
+
STDIN.noecho(&:gets)
|
|
49
|
+
end
|
|
50
50
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
response = @onelogin.get_saml_assertion_verifying(app_id, mfa_device.id, mfa.state_token, nil, nil, true)
|
|
51
|
+
response = @onelogin.get_saml_assertion_verifying(app_id, mfa_device.id, mfa.state_token, otp_token, nil, false)
|
|
52
|
+
|
|
54
53
|
if response.nil?
|
|
55
54
|
raise SamlRequestError.new("#{@onelogin.error} #{@onelogin.error_description}")
|
|
56
55
|
end
|
|
56
|
+
|
|
57
|
+
while response.type != "success" do
|
|
58
|
+
sleep 1
|
|
59
|
+
response = @onelogin.get_saml_assertion_verifying(app_id, mfa_device.id, mfa.state_token, nil, nil, true)
|
|
60
|
+
if response.nil?
|
|
61
|
+
raise SamlRequestError.new("#{@onelogin.error} #{@onelogin.error_description}")
|
|
62
|
+
end
|
|
63
|
+
end
|
|
57
64
|
end
|
|
58
65
|
|
|
59
66
|
saml_assertion = response.saml_response
|
data/lib/oneaws/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oneaws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Koya
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: aws-sdk-core
|
|
@@ -102,6 +101,7 @@ executables:
|
|
|
102
101
|
extensions: []
|
|
103
102
|
extra_rdoc_files: []
|
|
104
103
|
files:
|
|
104
|
+
- ".github/workflows/gem_push.yml"
|
|
105
105
|
- ".gitignore"
|
|
106
106
|
- CODE_OF_CONDUCT.md
|
|
107
107
|
- Gemfile
|
|
@@ -121,7 +121,6 @@ metadata:
|
|
|
121
121
|
homepage_uri: https://github.com/pepabo/oneaws
|
|
122
122
|
source_code_uri: https://github.com/pepabo/oneaws
|
|
123
123
|
changelog_uri: https://github.com/pepabo/oneaws
|
|
124
|
-
post_install_message:
|
|
125
124
|
rdoc_options: []
|
|
126
125
|
require_paths:
|
|
127
126
|
- lib
|
|
@@ -136,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
136
135
|
- !ruby/object:Gem::Version
|
|
137
136
|
version: '0'
|
|
138
137
|
requirements: []
|
|
139
|
-
rubygems_version: 3.
|
|
140
|
-
signing_key:
|
|
138
|
+
rubygems_version: 3.6.7
|
|
141
139
|
specification_version: 4
|
|
142
140
|
summary: Issue temporary credentials using OneLogin and AWS STS.
|
|
143
141
|
test_files: []
|