Class: Aws::Session::Credentials::Cli

Inherits:

Thor

• Object
• Thor
• Aws::Session::Credentials::Cli

Defined in:

lib/aws/session/credentials/cli.rb

Overview

Command line interface

Instance Method Summary

• #assume_role ⇒ Object
• #configure ⇒ Object
• #configure_role ⇒ Object
• #list_profiles ⇒ Object
• #list_roles ⇒ Object
• #list_source_profiles ⇒ Object
• #new ⇒ Object
• #shell_env(shell_name = '') ⇒ Object
• #version ⇒ Object

Instance Method Details

#assume_role ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 104

def assume_role
  cli_opts = options.transform_keys { |key| key.sub(/-/, '_') }

  if cli_opts['role_alias']
    cf = Config.new(path: cli_opts['config_file'])
    rl = cf.role(cli_opts['role_alias'].to_sym)
    cli_opts = rl.to_h.deep_stringify_keys.deep_merge(cli_opts)
  end

  cli_opts['role_arn'] ||= make_role_arn(cli_opts['role_account'], cli_opts['role_name'])

  SessionManager.new.assume_role(cli_opts.deep_symbolize_keys)
end

#configure ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 155

def configure
  cli_opts = options.transform_keys { |key| key.sub(/-/, '_') }
  cli_opts['source_profile'] ||= ask('Source profile (leave blank for "default"):')
  cli_opts['aws_access_key_id'] ||= ask('AWS Access Key ID:')
  cli_opts['aws_secret_access_key'] ||= ask('AWS Secret Access Key:', echo: false)
  puts '' # BUG: No LF printed when echo is set to false
  cli_opts['aws_region'] ||= ask('AWS region:')
  cli_opts['duration'] ||= ask('Session duration (in seconds):').to_i

  puts ''
  if yes?('Configure MFA (y/n)?')
    cli_opts['mfa_device'] ||= ask('MFA device ARN:')
    puts ''
    if yes?('Configure Yubikey (y/n)?')
      cli_opts['oath_credential'] ||= ask('OATH credential name:')
    end
  end

  cli_opts['source_profile'] = 'default' if cli_opts['source_profile'].empty?

  prof = Profile.new(cli_opts.except('config_file', 'source_profile'))
  cf = Config.new(path: cli_opts['config_file'])
  cf.set_profile(cli_opts[:source_profile], prof)
end

#configure_role ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 229

def configure_role
  cli_opts = options.transform_keys { |key| key.sub(/-/, '_') }
  cli_opts['role_alias'] ||= ask('Provide an alias for this role:')

  if cli_opts['role_account'] && cli_opts['role_name']
    cli_opts['role_arn'] = make_role_arn(cli_opts['role_account'], cli_opts['role_name'])
  elsif !cli_opts['role_arn']
    puts ''
    if yes?('Provide role account and name instead of role ARN (y/n)?')
      account = ask('Role account ID:')
      role_name = ask('Name of role:')
      cli_opts['role_arn'] = make_role_arn(account, role_name)
    else
      cli_opts['role_arn'] = ask('Role ARN:')
    end
  end

  unless cli_opts['role_session_name']
    if yes?('Customise role session name (y/n)?')
      cli_opts['role_session_name'] = ask('Role session name:')
    else
      account, role_name = split_role_arn(cli_opts['role_arn'])
      cli_opts['role_session_name'] = "#{role_name}@#{account}"
    end
  end

  cli_opts['profile'] ||= ask('Profile to use when assuming role (leave blank to use "default"):')
  cli_opts['profile'] = 'default' if cli_opts['profile'].empty?

  cli_opts['duration'] ||= ask('Duration in seconds of assumed role:')

  rl = Role.new(cli_opts.except('config_file'))
  cf = Config.new(path: cli_opts['config_file'])
  cf.set_role(cli_opts[:role_alias], rl)
end

#list_profiles ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 266

def list_profiles
  store = CredentialFile.new

  puts "Profiles located in #{store.path}:"
  store.print_profiles(self)
end

#list_roles ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 278

def list_roles
  store = Config.new(path: options['config-file'])

  puts "Profiles located in #{store.path}:"
  store.print_roles(self)
end

#list_source_profiles ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 290

def list_source_profiles
  store = Config.new(path: options['config-file'])

  puts "Profiles located in #{store.path}:"
  store.print_profiles(self)
end

#new ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 54

def new
  cli_opts = options.transform_keys { |key| key.sub(/-/, '_') }
  SessionManager.new.new_session(cli_opts.deep_symbolize_keys)
end

#shell_env(shell_name = '') ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 303

def shell_env(shell_name = '')
  prof = CredentialFile.new.profile(options['profile'])
  case shell_name
  when 'bash'
    puts <<-EOF
export AWS_ACCESS_KEY_ID="#{prof.aws_access_key_id}"
export AWS_SECRET_ACCESS_KEY="#{prof.aws_secret_access_key}"
export AWS_SESSION_TOKEN="#{prof.aws_session_token}"
EOF
  when 'powershell'
    puts <<-EOF
$Env:AWS_ACCESS_KEY_ID = "#{prof.aws_access_key_id}"
$Env:AWS_SECRET_ACCESS_KEY = "#{prof.aws_secret_access_key}"
$Env:AWS_SESSION_TOKEN = "#{prof.aws_session_token}"
EOF
  when ''
    raise "Please specify a shell. Currently supported shells are: bash and powershell"
  else
    raise "Unsupported shell '#{shell_name}'"
  end
end

#version ⇒ Object

# File 'lib/aws/session/credentials/cli.rb', line 326

def version
  puts "aws-session-credentials #{Aws::Session::Credentials::VERSION}"
end