RubyGems - stackup - Versions diffs - 0.9.4 → 0.9.5 - Mend

stackup 0.9.4 → 0.9.5

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0417b69fa907567e0d594b25e7284aa932bcf99d
-  data.tar.gz: 88e68a2f9db98a05d06fb79c92a8ddf2120b314f
+  metadata.gz: c0d5247909e33849cd8ebd01a050d97d446e1e27
+  data.tar.gz: c791ab2604455fb5786ca2c6c3162fa9520e7e87
 SHA512:
-  metadata.gz: 7296e7ccd88e3e4b46ed560e48323ed19fddc64bcc47210ae5a7ca2c4553a30f6cac3bc5dae5dbe13ebc2ad64fd195949a8848e5517f1863773b123d5923c4d6
-  data.tar.gz: f6d1e3ec94f38f358897c4f23b21d808860202adee83717b79cfaee3be42dcad6c1f1c47dd133f30d002fb5d61fc36199ad59dbc0f4eb1e7e09bb6b06f39fe0b
+  metadata.gz: 10b971d636c818efe634cca634a30fffe672517b2e05fa46648f7e17eada5320e94f15bac14125917bc8527978068a4f582f00cc154319f4c2c045e0c37446b7
+  data.tar.gz: de309273aa1a1c05a968e4ae12793a35a027d87360bc7612e627f001a828d77d4f84f1ce350c5b941def64f46205c292a791411198d64a3e2b9b4cd9cc0e5a91

data/CHANGES.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## 0.9.4 (2016-09-26)
+* Add `--with-role` option, to assume a role for stack operations.
 ## 0.9.4 (2016-09-03)
 * Support multiple parameters files.

data/README.md CHANGED Viewed

@@ -116,3 +116,12 @@ Replace "latest" with a specific version for added safety.
 The default working-directory within the container is `/cwd`;
 hence the volume mount to make files available from the host system.
+## AWS credentials
+The stackup command-line looks for AWS credentials in the [standard environment variables](https://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs).
+You can also use the `--with-role` option to temporarily assume a different IAM role, for stack operations:
+    $ stackup myapp-test up -t template.json \
+      --with-role arn:aws:iam::862905684840:role/deployment

data/bin/stackup CHANGED Viewed

@@ -5,6 +5,7 @@ $LOAD_PATH << File.expand_path("../../lib", __FILE__)
 require "clamp"
 require "console_logger"
 require "multi_json"
+require "securerandom"
 require "stackup"
 require "stackup/differ"
 require "stackup/version"
@@ -26,15 +27,15 @@ Clamp do
     unless arg =~ /^[a-z]{2}-[a-z]+-\d$/
       fail ArgumentError, "#{arg.inspect} doesn't look like a region"
     end
-    Aws.config.update(:region => arg)
     arg
   end
+  option ["--with-role"], "ROLE_ARN", "assume this role",
+    :attribute_name => :role_arn
   option ["--retry-limit"], "N", "maximum number of retries for API calls",
     :environment_variable => "AWS_API_RETRY_LIMIT" do |arg|
-    Integer(arg).tap do |value|
-      Aws.config.update(:retry_limit => value)
-    end
+    Integer(arg)
   end
   option ["--[no-]wait"], :flag, "wait for stack updates to complete",
@@ -80,8 +81,34 @@ Clamp do
     puts format_data(data)
   end
+  def role_arn=(arg)
+    unless arg =~ %r{^arn:aws:iam::\d+:role/}
+      fail ArgumentError, "#{arg.inspect} doesn't look like a role ARN"
+    end
+    @role_arn = arg
+  end
   def stackup
-    Stackup(:logger => logger, :log_level => :debug)
+    Stackup(aws_config)
+  end
+  def base_aws_config
+    {
+      :log_level => :debug,
+      :logger => logger,
+      :region => region,
+      :retry_limit => retry_limit
+    }.reject { |_k, v| v.nil? }
+  end
+  def aws_config
+    return base_aws_config unless role_arn
+    assumed_credentials = Aws::AssumeRoleCredentials.new(
+      :client => Aws::STS::Client.new(base_aws_config),
+      :role_arn => role_arn,
+      :role_session_name => "stackup-#{SecureRandom.hex(8)}"
+    )
+    base_aws_config.merge(:credentials => assumed_credentials)
   end
   def stack

data/lib/stackup/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Stackup
-  VERSION = "0.9.4"
+  VERSION = "0.9.5"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: stackup
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.9.5
 platform: ruby
 authors:
 - Mike Williams
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-03 00:00:00.000000000 Z
+date: 2016-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-resources
@@ -59,14 +59,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.5
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.5
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement