Module: Awsecrets
- Defined in:
- lib/awsecrets.rb,
lib/awsecrets/version.rb
Constant Summary collapse
- VERSION =
'1.14.0'
Class Method Summary collapse
- .current_region ⇒ Object
- .generate_session_name ⇒ Object
- .load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false) ⇒ Object
- .load_config ⇒ Object
- .load_env ⇒ Object
- .load_method_args ⇒ Object
- .load_options ⇒ Object
- .load_yaml ⇒ Object
- .role_creds(args) ⇒ Object
- .set_aws_config ⇒ Object
Class Method Details
.current_region ⇒ Object
148 149 150 151 152 |
# File 'lib/awsecrets.rb', line 148 def self.current_region = 'http://169.254.169.254/latest/meta-data/' az = Net::HTTP.get(URI.parse( + 'placement/availability-zone')) az[0...-1] end |
.generate_session_name ⇒ Object
144 145 146 |
# File 'lib/awsecrets.rb', line 144 def self.generate_session_name "awsecrets-session-#{Time.now.to_i}" end |
.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false) ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/awsecrets.rb', line 9 def self.load(profile: nil, region: nil, secrets_path: nil, disable_load_secrets: false) @profile = profile @region = region @secrets_path = secrets_path @disable_load_secrets = disable_load_secrets @disable_load_secrets = true if secrets_path == false @credentials = nil @access_key_id = nil @secret_access_key = nil @session_token = nil @role_arn = nil @external_id = nil @source_profile = nil @role_session_name = nil # 1. Command Line Options if load_method_args # 2. Environment Variables load_env # 3. YAML file (secrets.yml) load_yaml # 4. The AWS credentials file # load_creds # 5. The CLI configuration file load_config set_aws_config end |
.load_config ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/awsecrets.rb', line 100 def self.load_config @region ||= if AWSConfig[@profile] && AWSConfig[@profile]['region'] AWSConfig[@profile]['region'] elsif AWSConfig['default'] AWSConfig['default']['region'] end @role_arn ||= AWSConfig[@profile]['role_arn'] if AWSConfig[@profile] @role_session_name ||= AWSConfig[@profile]['role_session_name'] if AWSConfig[@profile] @external_id ||= AWSConfig[@profile]['external_id'] if AWSConfig[@profile] @source_profile ||= AWSConfig[@profile]['source_profile'] if AWSConfig[@profile] end |
.load_env ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/awsecrets.rb', line 58 def self.load_env @region ||= ENV['AWS_REGION'] @region ||= ENV['AWS_DEFAULT_REGION'] @profile ||= ENV['AWS_PROFILE'] @secrets_path ||= ENV['AWS_SECRETS_PATH'] return if @access_key_id return unless ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY'] @access_key_id ||= ENV['AWS_ACCESS_KEY_ID'] @secret_access_key ||= ENV['AWS_SECRET_ACCESS_KEY'] @session_token ||= ENV['AWS_SESSION_TOKEN'] end |
.load_method_args ⇒ Object
39 40 41 42 43 |
# File 'lib/awsecrets.rb', line 39 def self.load_method_args return false unless @profile @region ||= AWSConfig[@profile]['region'] if AWSConfig[@profile]['region'] true end |
.load_options ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/awsecrets.rb', line 45 def self. opt = OptionParser.new opt.on('--profile PROFILE') { |v| @profile ||= v } opt.on('--region REGION') { |v| @region ||= v } opt.on('--secrets_path SECRETS_PATH') { |v| @secrets_path ||= v } begin opt.parse!(ARGV) rescue OptionParser::InvalidOption end return unless @profile @region ||= AWSConfig[@profile]['region'] end |
.load_yaml ⇒ Object
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/awsecrets.rb', line 70 def self.load_yaml return if @disable_load_secrets @secrets_path ||= 'secrets.yml' creds = YAML.load_file(@secrets_path) if File.exist?(File.(@secrets_path)) @region ||= creds['region'] if creds && creds.include?('region') return if @access_key_id return unless creds && creds.include?('aws_access_key_id') && creds.include?('aws_secret_access_key') @access_key_id ||= creds['aws_access_key_id'] @secret_access_key ||= creds['aws_secret_access_key'] @session_token ||= creds['aws_session_token'] if creds.include?('aws_session_token') @role_arn ||= creds['role_arn'] if creds.include?('role_arn') @external_id ||= creds['external_id'] if creds.include?('external_id') @role_session_name ||= creds['role_session_name'] if creds.include?('role_session_name') return unless @role_arn @role_session_name ||= generate_session_name @credentials ||= role_creds( client: Aws::STS::Client.new( region: @region, access_key_id: @access_key_id, secret_access_key: @secret_access_key ), role_arn: @role_arn, role_session_name: @role_session_name, external_id: @external_id ) end |
.role_creds(args) ⇒ Object
154 155 156 |
# File 'lib/awsecrets.rb', line 154 def self.role_creds(args) Aws::AssumeRoleCredentials.new(args) end |
.set_aws_config ⇒ Object
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/awsecrets.rb', line 113 def self.set_aws_config @region ||= self.current_region Aws.config[:region] = @region if @role_arn && @source_profile @role_session_name ||= generate_session_name region = if AWSConfig[@source_profile.name] && AWSConfig[@source_profile.name]['region'] AWSConfig[@source_profile.name]['region'] else AWSConfig['default']['region'] end @credentials ||= role_creds( client: Aws::STS::Client.new( region: region, credentials: Aws::SharedCredentials.new(profile_name: @source_profile.name) ), role_arn: @role_arn, role_session_name: @role_session_name, external_id: @external_id ) end @credentials ||= Aws::SharedCredentials.new(profile_name: @profile) if @profile @credentials ||= Aws::SharedCredentials.new(profile_name: 'default') if AWSConfig['default'] && !@access_key_id @credentials ||= Aws::Credentials.new(@access_key_id, @secret_access_key, @session_token) if @access_key_id @credentials ||= Aws::InstanceProfileCredentials.new Aws.config[:credentials] = @credentials end |