wdi_runas 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +15 -0
- data/.rubocop.yml +7 -0
- data/.travis.yml +6 -0
- data/CHANGELOG.md +107 -0
- data/Gemfile +17 -0
- data/LICENSE +201 -0
- data/README.md +157 -0
- data/Rakefile +19 -0
- data/certs/vancluever.pem +22 -0
- data/exe/wdi-runas +19 -0
- data/lib/aws_runas/cli.rb +67 -0
- data/lib/aws_runas/config.rb +61 -0
- data/lib/aws_runas/main.rb +104 -0
- data/lib/aws_runas/utils.rb +106 -0
- data/lib/aws_runas/version.rb +17 -0
- data/lib/aws_runas.rb +15 -0
- data/shell_profiles/sh.profile +23 -0
- data/spec/aws_runas/cli_spec.rb +59 -0
- data/spec/aws_runas/config_spec.rb +114 -0
- data/spec/aws_runas/main_spec.rb +208 -0
- data/spec/aws_runas/utils_spec.rb +197 -0
- data/spec/helpers/config_spec.rb +20 -0
- data/spec/helpers/files/aws_config +8 -0
- data/spec/helpers/files/aws_config_nomfa +7 -0
- data/spec/helpers/files/aws_config_noregion +6 -0
- data/spec/helpers/files/aws_config_nosource +6 -0
- data/spec/helpers/utils_spec.rb +36 -0
- data/spec/spec_helper.rb +34 -0
- data/wdi_runas.gemspec +45 -0
- metadata +183 -0
@@ -0,0 +1,208 @@
|
|
1
|
+
# Copyright 2015 Chris Marchesi
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'spec_helper'
|
16
|
+
require 'aws_runas/main'
|
17
|
+
|
18
|
+
MFA_ERROR = 'No mfa_serial in selected profile, session will be useless'.freeze
|
19
|
+
AWS_DEFAULT_CFG_PATH = "#{Dir.home}/.aws/config".freeze
|
20
|
+
AWS_DEFAULT_CREDENTIALS_PATH = "#{Dir.home}/.aws/credentials".freeze
|
21
|
+
AWS_LOCAL_CFG_PATH = "#{Dir.pwd}/aws_config".freeze
|
22
|
+
|
23
|
+
describe AwsRunAs::Main do
|
24
|
+
before(:context) do
|
25
|
+
@main = AwsRunAs::Main.new(
|
26
|
+
path: MOCK_AWS_CONFIGPATH,
|
27
|
+
profile: 'test-profile',
|
28
|
+
mfa_code: '123456'
|
29
|
+
)
|
30
|
+
end
|
31
|
+
|
32
|
+
describe '#sts_client' do
|
33
|
+
it 'returns a proper Aws::STS::Client object' do
|
34
|
+
expect(@main.sts_client.class.name).to eq('Aws::STS::Client')
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe '#assume_role' do
|
39
|
+
it 'calls out to Aws::AssumeRoleCredentials.new' do
|
40
|
+
expect(Aws::AssumeRoleCredentials).to receive(:new).and_call_original
|
41
|
+
@main.assume_role
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'calls out to Aws::STS::Client.get_session_token when no_role is set' do
|
45
|
+
expect_any_instance_of(Aws::STS::Client).to receive(:get_session_token).and_call_original
|
46
|
+
ENV.delete('AWS_SESSION_TOKEN')
|
47
|
+
@main = AwsRunAs::Main.new(
|
48
|
+
path: MOCK_AWS_CONFIGPATH,
|
49
|
+
profile: 'test-profile',
|
50
|
+
mfa_code: '123456',
|
51
|
+
no_role: true
|
52
|
+
)
|
53
|
+
@main.assume_role
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'raises exception when no_role is set and there is no mfa_serial' do
|
57
|
+
expect do
|
58
|
+
ENV.delete('AWS_SESSION_TOKEN')
|
59
|
+
@main = AwsRunAs::Main.new(
|
60
|
+
path: MOCK_AWS_NO_MFA_PATH,
|
61
|
+
profile: 'test-profile',
|
62
|
+
mfa_code: '123456',
|
63
|
+
no_role: true
|
64
|
+
)
|
65
|
+
@main.assume_role
|
66
|
+
end.to raise_error(MFA_ERROR)
|
67
|
+
end
|
68
|
+
|
69
|
+
it 'calls out to Aws::AssumeRoleCredentials.new with no MFA when AWS_SESSION_TOKEN is set' do
|
70
|
+
expect(Aws::AssumeRoleCredentials).to receive(:new).with(hash_including(serial_number: nil)).and_call_original
|
71
|
+
ENV.store('AWS_SESSION_TOKEN', 'foo')
|
72
|
+
@main.assume_role
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'with $HOME/.aws/config (test AWS_SDK_CONFIG_OPT_OUT)' do
|
76
|
+
before(:example) do
|
77
|
+
Aws.config.update(stub_responses: false)
|
78
|
+
allow(File).to receive(:exist?).with(AWS_LOCAL_CFG_PATH).and_return false
|
79
|
+
allow(File).to receive(:exist?).with(AWS_DEFAULT_CFG_PATH).and_return true
|
80
|
+
allow(File).to receive(:exist?).with(AWS_DEFAULT_CREDENTIALS_PATH).and_return false
|
81
|
+
allow(File).to receive(:read).with(AWS_DEFAULT_CFG_PATH).and_return File.read(MOCK_AWS_NO_SOURCE_PATH)
|
82
|
+
allow(IniFile).to receive(:load).with(AWS_DEFAULT_CFG_PATH).and_return IniFile.load(MOCK_AWS_NO_SOURCE_PATH)
|
83
|
+
allow(Aws::AssumeRoleCredentials).to receive(:new).and_return(
|
84
|
+
Aws::AssumeRoleCredentials.new(
|
85
|
+
role_arn: 'roleARN',
|
86
|
+
role_session_name: 'roleSessionName',
|
87
|
+
stub_responses: true
|
88
|
+
)
|
89
|
+
)
|
90
|
+
@main = AwsRunAs::Main.new(
|
91
|
+
profile: 'test-profile'
|
92
|
+
)
|
93
|
+
end
|
94
|
+
|
95
|
+
it 'assumes a role correctly' do
|
96
|
+
@main.assume_role
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
describe '#credentials_env' do
|
102
|
+
before do
|
103
|
+
allow_any_instance_of(AwsRunAs::Main).to receive(:sts_client).and_return(
|
104
|
+
Aws::STS::Client.new(
|
105
|
+
stub_responses: {
|
106
|
+
get_session_token: {
|
107
|
+
credentials: {
|
108
|
+
access_key_id: 'accessKeyIdType',
|
109
|
+
secret_access_key: 'accessKeySecretType',
|
110
|
+
session_token: 'tokenType',
|
111
|
+
expiration: Time.utc(2017, 'jul', 10, 19, 56, 11)
|
112
|
+
}
|
113
|
+
}
|
114
|
+
}
|
115
|
+
)
|
116
|
+
)
|
117
|
+
allow_any_instance_of(Aws::AssumeRoleCredentials).to receive(:expiration).and_return(
|
118
|
+
Time.utc(2017, 'jul', 10, 19, 56, 11)
|
119
|
+
)
|
120
|
+
end
|
121
|
+
subject(:env) do
|
122
|
+
ENV.delete('AWS_SESSION_TOKEN')
|
123
|
+
main = AwsRunAs::Main.new(
|
124
|
+
path: cfg_path,
|
125
|
+
profile: 'test-profile',
|
126
|
+
mfa_code: '123456',
|
127
|
+
no_role: no_role
|
128
|
+
)
|
129
|
+
main.assume_role
|
130
|
+
main.credentials_env
|
131
|
+
end
|
132
|
+
let(:no_role) { false }
|
133
|
+
let(:cfg_path) { MOCK_AWS_CONFIGPATH }
|
134
|
+
|
135
|
+
context 'with role assumed' do
|
136
|
+
it 'returns AWS_ACCESS_KEY_ID set in env' do
|
137
|
+
expect(env['AWS_ACCESS_KEY_ID']).to eq('accessKeyIdType')
|
138
|
+
end
|
139
|
+
it 'returns AWS_SECRET_ACCESS_KEY set in env' do
|
140
|
+
expect(env['AWS_SECRET_ACCESS_KEY']).to eq('accessKeySecretType')
|
141
|
+
end
|
142
|
+
it 'returns AWS_SESSION_TOKEN set in env' do
|
143
|
+
expect(env['AWS_SESSION_TOKEN']).to eq('tokenType')
|
144
|
+
end
|
145
|
+
it 'has AWS_RUNAS_PROFILE set to the profile in use' do
|
146
|
+
expect(env['AWS_RUNAS_PROFILE']).to eq('test-profile')
|
147
|
+
end
|
148
|
+
it 'has AWS_RUNAS_ASSUMED_ROLE_ARN set to the assumed role ARN' do
|
149
|
+
expect(env['AWS_RUNAS_ASSUMED_ROLE_ARN']).to eq('arn:aws:iam::123456789012:role/test-admin')
|
150
|
+
end
|
151
|
+
it 'has AWS_SESSION_EXPIRATION set in env' do
|
152
|
+
expect(env['AWS_SESSION_EXPIRATION']).to eq('2017-07-10 19:56:11 UTC')
|
153
|
+
end
|
154
|
+
it 'has AWS_SESSION_EXPIRATION_UNIX set in env' do
|
155
|
+
expect(env['AWS_SESSION_EXPIRATION_UNIX']).to eq('1499716571')
|
156
|
+
end
|
157
|
+
it 'has AWS_REGION set in env' do
|
158
|
+
expect(env['AWS_REGION']).to eq('us-west-1')
|
159
|
+
end
|
160
|
+
it 'has AWS_DEFAULT_REGION set in env' do
|
161
|
+
expect(env['AWS_DEFAULT_REGION']).to eq('us-west-1')
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
context 'with no role assumed' do
|
166
|
+
let(:no_role) { true }
|
167
|
+
|
168
|
+
it 'does not have AWS_RUNAS_ASSUMED_ROLE_ARN set' do
|
169
|
+
expect(env).to_not have_key('AWS_RUNAS_ASSUMED_ROLE_ARN')
|
170
|
+
end
|
171
|
+
it 'has AWS_SESSION_EXPIRATION set in env' do
|
172
|
+
expect(env['AWS_SESSION_EXPIRATION']).to eq('2017-07-10 19:56:11 UTC')
|
173
|
+
end
|
174
|
+
it 'has AWS_SESSION_EXPIRATION_UNIX set in env' do
|
175
|
+
expect(env['AWS_SESSION_EXPIRATION_UNIX']).to eq('1499716571')
|
176
|
+
end
|
177
|
+
it 'has AWS_REGION set in env' do
|
178
|
+
expect(env['AWS_REGION']).to eq('us-west-1')
|
179
|
+
end
|
180
|
+
it 'has AWS_DEFAULT_REGION set in env' do
|
181
|
+
expect(env['AWS_DEFAULT_REGION']).to eq('us-west-1')
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
context 'with no region in config' do
|
186
|
+
let(:cfg_path) { MOCK_AWS_NO_REGION_PATH }
|
187
|
+
|
188
|
+
it 'does not have AWS_REGION set in env' do
|
189
|
+
expect(env).to_not have_key('AWS_REGION')
|
190
|
+
end
|
191
|
+
it 'does not have AWS_DEFAULT_REGION set in env' do
|
192
|
+
expect(env).to_not have_key('AWS_DEFAULT_REGION')
|
193
|
+
end
|
194
|
+
end
|
195
|
+
end
|
196
|
+
|
197
|
+
describe '#handoff' do
|
198
|
+
before(:context) do
|
199
|
+
@env = @main.credentials_env
|
200
|
+
ENV.store('SHELL', '/bin/sh')
|
201
|
+
end
|
202
|
+
|
203
|
+
it 'execs a command when a command is specified' do
|
204
|
+
expect(@main).to receive(:exec).with(anything, '/usr/bin/foo', *['--bar', 'baz'])
|
205
|
+
@main.handoff(command: '/usr/bin/foo', argv: ['--bar', 'baz'], skip_prompt: false)
|
206
|
+
end
|
207
|
+
end
|
208
|
+
end
|
@@ -0,0 +1,197 @@
|
|
1
|
+
# Copyright 2016 Chris Marchesi
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'spec_helper'
|
16
|
+
require 'tmpdir'
|
17
|
+
|
18
|
+
describe AwsRunAs::Utils do
|
19
|
+
describe '::shell_profiles_dir' do
|
20
|
+
it 'returns an existent path' do
|
21
|
+
expect(File.directory?(AwsRunAs::Utils.shell_profiles_dir)).to be true
|
22
|
+
end
|
23
|
+
it 'returns a path correctly relative to spec file' do
|
24
|
+
expect(AwsRunAs::Utils.shell_profiles_dir).to eq(File.expand_path('../../../shell_profiles', __FILE__))
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
describe '::handoff_bash' do
|
29
|
+
context 'with RC file' do
|
30
|
+
before(:example) do
|
31
|
+
allow(IO).to receive(:read).with("#{ENV['HOME']}/.bashrc").and_return(BASHRC_FILE_CONTENTS)
|
32
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
33
|
+
end
|
34
|
+
it 'runs bash with a properly combined RC file' do
|
35
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV, '/bin/bash', '--rcfile', anything)
|
36
|
+
expect_any_instance_of(Tempfile).to receive(:write).with("#{BASHRC_FILE_CONTENTS}\n")
|
37
|
+
expect_any_instance_of(Tempfile).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
38
|
+
expect_any_instance_of(Tempfile).to receive(:write).with(BASHRC_EXPECTED_PROMPT)
|
39
|
+
AwsRunAs::Utils.handoff_bash(env: EXPECTED_ENV, path: '/bin/bash', message: 'AWS:rspec', skip_prompt: false)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
context 'without RC file' do
|
44
|
+
before(:example) do
|
45
|
+
allow(File).to receive(:exist?).with("#{ENV['HOME']}/.bashrc").and_return(false)
|
46
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
47
|
+
end
|
48
|
+
it 'runs bash (no RC file found)' do
|
49
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV, '/bin/bash', '--rcfile', anything)
|
50
|
+
expect_any_instance_of(Tempfile).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
51
|
+
expect_any_instance_of(Tempfile).to receive(:write).with(BASHRC_EXPECTED_PROMPT)
|
52
|
+
AwsRunAs::Utils.handoff_bash(env: EXPECTED_ENV, path: '/bin/bash', message: 'AWS:rspec', skip_prompt: false)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
context 'with skip_prompt enabled' do
|
57
|
+
before(:example) do
|
58
|
+
allow(IO).to receive(:read).with("#{ENV['HOME']}/.bashrc").and_return(BASHRC_FILE_CONTENTS)
|
59
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
60
|
+
end
|
61
|
+
it 'runs bash with a properly combined RC file, but no prompt modification' do
|
62
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV, '/bin/bash', '--rcfile', anything)
|
63
|
+
expect_any_instance_of(Tempfile).to receive(:write).with("#{BASHRC_FILE_CONTENTS}\n")
|
64
|
+
expect_any_instance_of(Tempfile).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
65
|
+
AwsRunAs::Utils.handoff_bash(env: EXPECTED_ENV, path: '/bin/bash', message: 'AWS:rspec', skip_prompt: true)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
describe '::handoff_zsh' do
|
71
|
+
context 'with RC file' do
|
72
|
+
before(:example) do
|
73
|
+
allow(IO).to receive(:read).with("#{ENV['HOME']}/.zshrc").and_return(ZSHRC_FILE_CONTENTS)
|
74
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
75
|
+
end
|
76
|
+
it 'runs zsh with a properly combined RC file, in special tmp dir' do
|
77
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV_ZSH, '/usr/bin/zsh')
|
78
|
+
expect(Dir).to receive(:mktmpdir).with('aws_runas_zsh') { test_mktmpdir }
|
79
|
+
expect_any_instance_of(File).to receive(:write).with("#{ZSHRC_FILE_CONTENTS}\n")
|
80
|
+
expect_any_instance_of(File).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
81
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_SETSUBST)
|
82
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_OLDPROMPT)
|
83
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_PROMPT)
|
84
|
+
env = EXPECTED_ENV.dup
|
85
|
+
AwsRunAs::Utils.handoff_zsh(env: env, path: '/usr/bin/zsh', message: 'AWS:rspec', skip_prompt: false)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
context 'without RC file' do
|
90
|
+
before(:example) do
|
91
|
+
allow(File).to receive(:exist?).with("#{ENV['HOME']}/.zshrc").and_return(false)
|
92
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
93
|
+
end
|
94
|
+
it 'runs zsh (no RC file found)' do
|
95
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV_ZSH, '/usr/bin/zsh')
|
96
|
+
expect(Dir).to receive(:mktmpdir).with('aws_runas_zsh') { test_mktmpdir }
|
97
|
+
expect_any_instance_of(File).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
98
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_SETSUBST)
|
99
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_OLDPROMPT)
|
100
|
+
expect_any_instance_of(File).to receive(:write).with(ZSHRC_EXPECTED_PROMPT)
|
101
|
+
env = EXPECTED_ENV.dup
|
102
|
+
AwsRunAs::Utils.handoff_zsh(env: env, path: '/usr/bin/zsh', message: 'AWS:rspec', skip_prompt: false)
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
context 'with skip_prompt enabled' do
|
107
|
+
before(:example) do
|
108
|
+
allow(IO).to receive(:read).with("#{ENV['HOME']}/.zshrc").and_return(ZSHRC_FILE_CONTENTS)
|
109
|
+
allow(IO).to receive(:read).with("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile").and_call_original
|
110
|
+
end
|
111
|
+
it 'runs zsh with a properly combined RC file, in special tmp dir' do
|
112
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV_ZSH, '/usr/bin/zsh')
|
113
|
+
expect(Dir).to receive(:mktmpdir).with('aws_runas_zsh') { test_mktmpdir }
|
114
|
+
expect_any_instance_of(File).to receive(:write).with("#{ZSHRC_FILE_CONTENTS}\n")
|
115
|
+
expect_any_instance_of(File).to receive(:write).with(IO.read("#{AwsRunAs::Utils.shell_profiles_dir}/sh.profile"))
|
116
|
+
env = EXPECTED_ENV.dup
|
117
|
+
AwsRunAs::Utils.handoff_zsh(env: env, path: '/usr/bin/zsh', message: 'AWS:rspec', skip_prompt: true)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
end
|
122
|
+
|
123
|
+
describe '::shell' do
|
124
|
+
context 'Non-Windows OS' do
|
125
|
+
context 'No $SHELL set' do
|
126
|
+
before(:context) do
|
127
|
+
ENV.delete('SHELL')
|
128
|
+
end
|
129
|
+
|
130
|
+
it 'returns /bin/sh as the shell' do
|
131
|
+
expect(AwsRunAs::Utils.shell).to eq '/bin/sh'
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
context 'With $SHELL set as /bin/bash' do
|
136
|
+
before(:context) do
|
137
|
+
ENV.store('SHELL', '/bin/bash')
|
138
|
+
end
|
139
|
+
|
140
|
+
it 'returns /bin/bash as the shell' do
|
141
|
+
expect(AwsRunAs::Utils.shell).to eq '/bin/bash'
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
context 'Windows OS' do
|
147
|
+
before(:context) do
|
148
|
+
ENV.delete('SHELL')
|
149
|
+
RbConfig::CONFIG.store('host_os', 'windows')
|
150
|
+
end
|
151
|
+
|
152
|
+
it 'returns cmd.exe as the shell' do
|
153
|
+
expect(AwsRunAs::Utils.shell).to eq 'cmd.exe'
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
describe '::compute_message' do
|
159
|
+
context 'no profile specified' do
|
160
|
+
it 'returns "AWS" with no profile' do
|
161
|
+
expect(AwsRunAs::Utils.compute_message(profile: nil)).to eq 'AWS'
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
context 'with profile as "rspec"' do
|
166
|
+
it 'returns "AWS:rspec", indicating that is the profile' do
|
167
|
+
expect(AwsRunAs::Utils.compute_message(profile: 'rspec')).to eq 'AWS:rspec'
|
168
|
+
end
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
describe '::handoff_to_shell' do
|
173
|
+
context 'with shell as bash' do
|
174
|
+
before(:example) do
|
175
|
+
allow(AwsRunAs::Utils).to receive(:shell).and_return('/bin/bash')
|
176
|
+
allow(AwsRunAs::Utils).to receive(:exit)
|
177
|
+
end
|
178
|
+
|
179
|
+
it 'Loads bash with the rspec profile prompt' do
|
180
|
+
expect(AwsRunAs::Utils).to receive(:handoff_bash).with(env: EXPECTED_ENV, path: '/bin/bash', message: 'AWS:rspec', skip_prompt: false)
|
181
|
+
AwsRunAs::Utils.handoff_to_shell(env: EXPECTED_ENV, profile: 'rspec', skip_prompt: false)
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
context 'with non-prompt supported shell' do
|
186
|
+
before(:example) do
|
187
|
+
allow(AwsRunAs::Utils).to receive(:shell).and_return('/bin/sh')
|
188
|
+
allow(AwsRunAs::Utils).to receive(:exit)
|
189
|
+
end
|
190
|
+
|
191
|
+
it 'starts a default shell without any args' do
|
192
|
+
expect(AwsRunAs::Utils).to receive(:system).with(EXPECTED_ENV, '/bin/sh')
|
193
|
+
AwsRunAs::Utils.handoff_to_shell(env: EXPECTED_ENV, profile: nil, skip_prompt: false)
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# Copyright 2015 Chris Marchesi
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'spec_helper'
|
16
|
+
|
17
|
+
MOCK_AWS_CONFIGPATH = File.expand_path('../files/aws_config', __FILE__)
|
18
|
+
MOCK_AWS_NO_MFA_PATH = File.expand_path('../files/aws_config_nomfa', __FILE__)
|
19
|
+
MOCK_AWS_NO_SOURCE_PATH = File.expand_path('../files/aws_config_nosource', __FILE__)
|
20
|
+
MOCK_AWS_NO_REGION_PATH = File.expand_path('../files/aws_config_noregion', __FILE__)
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'tmpdir'
|
3
|
+
|
4
|
+
MOCK_BASHRC_PATH = File.expand_path('../files/bashrc', __FILE__)
|
5
|
+
|
6
|
+
BASHRC_FILE_CONTENTS = <<EOS.freeze
|
7
|
+
foobar
|
8
|
+
EOS
|
9
|
+
|
10
|
+
ZSHRC_FILE_CONTENTS = <<EOS.freeze
|
11
|
+
bazqux
|
12
|
+
EOS
|
13
|
+
|
14
|
+
BASHRC_EXPECTED_PROMPT = "PS1=\"\\[\\e[\\$(aws_session_status_color)m\\](AWS:rspec)\\[\\e[0m\\] $PS1\"\n".freeze
|
15
|
+
ZSHRC_EXPECTED_PROMPT = "PROMPT=$'%{\\e[\\%}$(aws_session_status_color)m(AWS:rspec)%{\\e[0m%} $OLDPROMPT'\n".freeze
|
16
|
+
ZSHRC_EXPECTED_SETSUBST = "setopt PROMPT_SUBST\n".freeze
|
17
|
+
ZSHRC_EXPECTED_OLDPROMPT = "export OLDPROMPT=\"${PROMPT}\"\n".freeze
|
18
|
+
ZSH_MOCK_TMPDIR = "#{Dir.tmpdir}/aws_runas_zsh_rspec".freeze
|
19
|
+
|
20
|
+
EXPECTED_ENV = {
|
21
|
+
'AWS_ACCESS_KEY_ID' => 'AccessKeyId',
|
22
|
+
'AWS_SECRET_ACCESS_KEY' => 'SecretAccessKey',
|
23
|
+
'AWS_SESSION_TOKEN' => 'Token'
|
24
|
+
}.freeze
|
25
|
+
|
26
|
+
EXPECTED_ENV_ZSH = {
|
27
|
+
'AWS_ACCESS_KEY_ID' => 'AccessKeyId',
|
28
|
+
'AWS_SECRET_ACCESS_KEY' => 'SecretAccessKey',
|
29
|
+
'AWS_SESSION_TOKEN' => 'Token',
|
30
|
+
'ZDOTDIR' => ZSH_MOCK_TMPDIR
|
31
|
+
}.freeze
|
32
|
+
|
33
|
+
def test_mktmpdir
|
34
|
+
Dir.mkdir(ZSH_MOCK_TMPDIR)
|
35
|
+
ZSH_MOCK_TMPDIR
|
36
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# Copyright 2015 Chris Marchesi
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'simplecov'
|
16
|
+
require 'codecov'
|
17
|
+
SimpleCov.start do
|
18
|
+
add_filter '/vendor/'
|
19
|
+
add_filter '/spec/'
|
20
|
+
end
|
21
|
+
|
22
|
+
SimpleCov.formatter = SimpleCov::Formatter::Codecov if ENV['CI'] == 'true'
|
23
|
+
|
24
|
+
require 'aws-sdk'
|
25
|
+
|
26
|
+
RSpec.configure do |config|
|
27
|
+
config.color = true
|
28
|
+
|
29
|
+
config.mock_with :rspec do |mocks|
|
30
|
+
mocks.verify_partial_doubles = true
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
Aws.config.update(stub_responses: true)
|
data/wdi_runas.gemspec
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
# Copyright 2015 Chris Marchesi
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
lib = File.expand_path('../lib', __FILE__)
|
16
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
17
|
+
require 'aws_runas/version'
|
18
|
+
|
19
|
+
Gem::Specification.new do |spec|
|
20
|
+
spec.name = 'wdi_runas'
|
21
|
+
spec.version = AwsRunAs::VERSION
|
22
|
+
spec.authors = ['Chris Marchesi']
|
23
|
+
spec.email = %w(chrism@vancluevertech.com)
|
24
|
+
spec.description = 'Run a command or shell under an assumed AWS IAM role'
|
25
|
+
spec.summary = spec.description
|
26
|
+
spec.homepage = 'https://github.com/vancluever/aws-runas'
|
27
|
+
spec.license = 'Apache-2.0'
|
28
|
+
|
29
|
+
spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
30
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
31
|
+
spec.bindir = 'exe'
|
32
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
33
|
+
spec.require_paths = %w(lib)
|
34
|
+
|
35
|
+
spec.required_ruby_version = ['>= 2.2.6']
|
36
|
+
|
37
|
+
spec.add_dependency 'aws-sdk', '~> 2.6'
|
38
|
+
spec.add_dependency 'inifile', '~> 3.0'
|
39
|
+
spec.add_dependency 'trollop', '~> 2.1'
|
40
|
+
|
41
|
+
spec.add_development_dependency 'rake', '~> 10.4'
|
42
|
+
spec.add_development_dependency 'rspec', '~> 3.4'
|
43
|
+
spec.add_development_dependency 'simplecov', '~> 0.10'
|
44
|
+
spec.add_development_dependency 'codecov', '~> 0.1'
|
45
|
+
end
|