Class: AwskeyringCommand

Inherits:

Thor

• Object
• Thor
• AwskeyringCommand

Defined in:

lib/awskeyring_command.rb

Overview

AWSkeyring command line interface.

Class Method Summary

• .exit_on_failure? ⇒ Boolean

  default to returning an error on failure.

Instance Method Summary

• #__version ⇒ Object

  print the version number.

• #add(account = nil) ⇒ Object

  Add an Account.

• #add_role(role = nil) ⇒ Object

  Add a role.

• #awskeyring(curr, prev) ⇒ Object

  autocomplete.

• #console(account = nil) ⇒ Object

  Open the AWS Console.

• #env(account = nil) ⇒ Object

  Print Env vars.

• #exec(account, *command) ⇒ Object

  execute an external command with env set.

• #import(account = nil) ⇒ Object

  Import an Account.

• #initialise ⇒ Object

  initialise the keychain.

• #json(account) ⇒ Object

  Print JSON for use with credential_process.

• #list ⇒ Object

  list the accounts.

• #list_role ⇒ Object

  List roles.

• #remove(account = nil) ⇒ Object

  Remove an account.

• #remove_role(role = nil) ⇒ Object

  remove a role.

• #remove_token(account = nil) ⇒ Object

  remove a session token.

• #rotate(account = nil) ⇒ Object

  rotate Account keys.

• #token(account = nil, role = nil, code = nil) ⇒ Object

  generate a sessiopn token.

• #update(account = nil) ⇒ Object

  Update an Account.

Class Method Details

.exit_on_failure? ⇒ Boolean

default to returning an error on failure.

Returns:

• (Boolean)

# File 'lib/awskeyring_command.rb', line 32

def self.exit_on_failure?
  true
end

Instance Method Details

#__version ⇒ Object

print the version number

# File 'lib/awskeyring_command.rb', line 39

def __version
  puts "Awskeyring v#{Awskeyring::VERSION}"
  if !options['no-remote'] && Awskeyring::VERSION != Awskeyring.latest_version
    puts "the latest version v#{Awskeyring.latest_version}"
  end
  puts "Homepage #{Awskeyring::HOMEPAGE}"
end

#add(account = nil) ⇒ Object

Add an Account

# File 'lib/awskeyring_command.rb', line 187

def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
  )
  key = ask_check(
    existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring.method(:access_key_not_exists)
  )
  secret = ask_check(
    existing: options[:secret], message: I18n.t('message.secret'),
    flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
  )
  mfa = ask_check(
    existing: options[:mfa], message: I18n.t('message.mfa'),
    flags: 'optional', validator: Awskeyring::Validate.method(:mfa_arn)
  )
  Awskeyring::Awsapi.verify_cred(key: key, secret: secret, token: nil) unless options['no-remote']
  Awskeyring.add_account(
    account: account,
    key: key,
    secret: secret,
    mfa: mfa
  )
  puts I18n.t('message.addaccount', account: account)
end

#add_role(role = nil) ⇒ Object

Add a role

# File 'lib/awskeyring_command.rb', line 243

def add_role(role = nil)
  role = ask_check(
    existing: role, message: I18n.t('message.role'),
    validator: Awskeyring.method(:role_not_exists)
  )
  arn = ask_check(
    existing: options[:arn], message: I18n.t('message.arn'),
    validator: Awskeyring.method(:role_arn_not_exists)
  )

  Awskeyring.add_role(
    role: role,
    arn: arn
  )
  puts I18n.t('message.addrole', role: role)
end

#awskeyring(curr, prev) ⇒ Object

autocomplete

# File 'lib/awskeyring_command.rb', line 417

def awskeyring(curr, prev)
  comp_line = ENV['COMP_LINE']
  unless comp_line
    exec_name = File.basename($PROGRAM_NAME)
    warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
    exit 1
  end

  curr, comp_len, sub_cmd = comp_type(comp_line: comp_line, curr: curr, prev: prev)
  print_auto_resp(curr, comp_len, sub_cmd)
end

#console(account = nil) ⇒ Object

Open the AWS Console

# File 'lib/awskeyring_command.rb', line 383

def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  cred = age_check_and_get(account: account, no_token: options['no-token'])

  path = options[:path] || 'console'

  begin
    login_url = Awskeyring::Awsapi.get_login_url(
      key: cred[:key],
      secret: cred[:secret],
      token: cred[:token],
      path: path,
      user: ENV['USER']
    )
  rescue Aws::Errors::ServiceError => e
    warn e.to_s
    exit 1
  end

  if options['no-open']
    puts login_url
  else
    pid = Process.spawn("open \"#{login_url}\"")
    Process.wait pid
  end
end

#env(account = nil) ⇒ Object

Print Env vars

# File 'lib/awskeyring_command.rb', line 94

def env(account = nil)
  if options['unset']
    put_env_string(account: nil, key: nil, secret: nil, token: nil)
  else
    account = ask_check(
      existing: account, message: I18n.t('message.account'),
      validator: Awskeyring.method(:account_exists),
      limited_to: Awskeyring.list_account_names
    )
    cred = age_check_and_get(account: account, no_token: options['no-token'])
    put_env_string(cred)
  end
end

#exec(account, *command) ⇒ Object

execute an external command with env set

# File 'lib/awskeyring_command.rb', line 164

def exec(account, *command)
  if command.empty?
    warn I18n.t('message.exec')
    exit 1
  end
  cred = age_check_and_get(account: account, no_token: options['no-token'])
  env_vars = Awskeyring::Awsapi.get_env_array(cred)
  begin
    pid = Process.spawn(env_vars, command.join(' '))
    Process.wait pid
    $CHILD_STATUS
  rescue Errno::ENOENT => e
    warn e.to_s
    exit 1
  end
end

#import(account = nil) ⇒ Object

Import an Account

# File 'lib/awskeyring_command.rb', line 128

def import(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
  )
  new_creds = Awskeyring::Awsapi.get_credentials_from_file(account: account)
  unless options['no-remote']
    Awskeyring::Awsapi.verify_cred(
      key: new_creds[:key],
      secret: new_creds[:secret],
      token: new_creds[:token]
    )
  end
  if new_creds[:token].nil?
    Awskeyring.add_account(
      account: new_creds[:account],
      key: new_creds[:key],
      secret: new_creds[:secret],
      mfa: ''
    )
    puts I18n.t('message.addaccount', account: account)
  else
    Awskeyring.add_token(
      account: new_creds[:account],
      key: new_creds[:key],
      secret: new_creds[:secret],
      token: new_creds[:token],
      expiry: new_creds[:expiry].to_i.to_s,
      role: nil
    )
    puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
  end
end

#initialise ⇒ Object

initialise the keychain

# File 'lib/awskeyring_command.rb', line 50

def initialise
  unless Awskeyring.prefs.empty?
    puts I18n.t('message.initialise', file: Awskeyring::PREFS_FILE)
    exit 1
  end

  keychain = ask_check(
    existing: options[:keychain],
    flags: 'optional',
    message: I18n.t('message.keychain'),
    validator: Awskeyring::Validate.method(:account_name)
  )
  keychain = 'awskeyring' if keychain.empty?

  puts I18n.t('message.newkeychain')
  Awskeyring.init_keychain(awskeyring: keychain)

  exec_name = File.basename($PROGRAM_NAME)

  puts I18n.t('message.addkeychain', keychain: keychain, exec_name: exec_name)
end

#json(account) ⇒ Object

Print JSON for use with credential_process

# File 'lib/awskeyring_command.rb', line 111

def json(account)
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
  )
  cred = age_check_and_get(account: account, no_token: options['no-token'])
  expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
  puts Awskeyring::Awsapi.get_cred_json(
    key: cred[:key],
    secret: cred[:secret],
    token: cred[:token],
    expiry: (expiry || Time.new + Awskeyring::Awsapi::ONE_HOUR).iso8601
  )
end

#list ⇒ Object

list the accounts

# File 'lib/awskeyring_command.rb', line 74

def list
  puts Awskeyring.list_account_names.join("\n")
end

#list_role ⇒ Object

List roles

# File 'lib/awskeyring_command.rb', line 82

def list_role
  if options['detail']
    puts Awskeyring.list_role_names_plus.join("\n")
  else
    puts Awskeyring.list_role_names.join("\n")
  end
end

#remove(account = nil) ⇒ Object

Remove an account

# File 'lib/awskeyring_command.rb', line 262

def remove(account = nil)
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  Awskeyring.delete_account(account: account, message: I18n.t('message.delaccount', account: account))
end

#remove_role(role = nil) ⇒ Object

remove a role

# File 'lib/awskeyring_command.rb', line 283

def remove_role(role = nil)
  role = ask_check(
    existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
    limited_to: Awskeyring.list_role_names
  )
  Awskeyring.delete_role(role_name: role, message: I18n.t('message.delrole', role: role))
end

#remove_token(account = nil) ⇒ Object

remove a session token

# File 'lib/awskeyring_command.rb', line 272

def remove_token(account = nil)
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
    limited_to: Awskeyring.list_token_names
  )
  Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
end

#rotate(account = nil) ⇒ Object

rotate Account keys

# File 'lib/awskeyring_command.rb', line 293

def rotate(account = nil) # rubocop:disable Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  cred = Awskeyring.get_valid_creds(account: account, no_token: true)

  begin
    new_key = Awskeyring::Awsapi.rotate(
      account: cred[:account],
      key: cred[:key],
      secret: cred[:secret],
      key_message: I18n.t('message.rotate', account: account)
    )
  rescue Aws::Errors::ServiceError => e
    warn e.to_s
    exit 1
  end

  Awskeyring.update_account(
    account: account,
    key: new_key[:key],
    secret: new_key[:secret]
  )

  puts I18n.t('message.upaccount', account: account)
end

#token(account = nil, role = nil, code = nil) ⇒ Object

generate a sessiopn token

# File 'lib/awskeyring_command.rb', line 328

def token(account = nil, role = nil, code = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  role ||= options[:role]
  if role
    role = ask_check(
      existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
      limited_to: Awskeyring.list_role_names
    )
  end
  code ||= options[:code]
  if code
    code = ask_check(
      existing: code, message: I18n.t('message.code'), validator: Awskeyring::Validate.method(:mfa_code)
    )
  end
  item_hash = age_check_and_get(account: account, no_token: true)

  begin
    new_creds = Awskeyring::Awsapi.get_token(
      code: code,
      role_arn: (Awskeyring.get_role_arn(role_name: role) if role),
      duration: default_duration(options[:duration], role, code),
      mfa: item_hash[:mfa],
      key: item_hash[:key],
      secret: item_hash[:secret],
      user: ENV['USER']
    )
    Awskeyring.delete_token(account: account, message: '# Removing STS credentials')
  rescue Aws::Errors::ServiceError => e
    warn e.to_s
    exit 1
  end

  Awskeyring.add_token(
    account: account,
    key: new_creds[:key],
    secret: new_creds[:secret],
    token: new_creds[:token],
    expiry: new_creds[:expiry].to_i.to_s,
    role: role
  )

  puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
end

#update(account = nil) ⇒ Object

Update an Account

# File 'lib/awskeyring_command.rb', line 217

def update(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  key = ask_check(
    existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring.method(:access_key_not_exists)
  )
  secret = ask_check(
    existing: options[:secret], message: I18n.t('message.secret'),
    flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
  )
  Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
  Awskeyring.update_account(
    account: account,
    key: key,
    secret: secret
  )
  puts I18n.t('message.upaccount', account: account)
end