Class: Dev::Aws::Credentials
- Defined in:
- lib/firespring_dev_commands/aws/credentials.rb
Overview
Class contains methods for interacting with your Aws credentials
Constant Summary collapse
- CONFIG_FILE =
The local file where temporary credentials are stored
"#{Dev::Aws::CONFIG_DIR}/credentials".freeze
Class Method Summary collapse
-
.config_ini ⇒ Object
Returns the config ini file associated with this object.
Instance Method Summary collapse
-
#active?(profile = Dev::Aws::Profile.new.current) ⇒ Boolean
Whether or not the current credentials are still active.
-
#base_setup! ⇒ Object
Setup base Aws credential settings.
-
#export! ⇒ Object
Export our current credentials into the ruby environment.
-
#export_container_credentials! ⇒ Object
Exports the credentials if there is an active credentials uri.
-
#export_profile_credentials! ⇒ Object
Exports the credentials if there is a configured aws profile.
-
#logged_in_account ⇒ Object
The account the profile is currently logged in to.
-
#logged_in_arn ⇒ Object
The arn of the currently logged in identity.
-
#logged_in_region ⇒ Object
The region associated with the current login.
-
#logged_in_role ⇒ Object
The role the current identity is using.
-
#write!(account, creds) ⇒ Object
Write Aws account specific settings to the credentials file.
Class Method Details
.config_ini ⇒ Object
Returns the config ini file associated with this object
15 16 17 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 15 def self.config_ini IniFile.new(filename: CONFIG_FILE, default: 'default') end |
Instance Method Details
#active?(profile = Dev::Aws::Profile.new.current) ⇒ Boolean
Whether or not the current credentials are still active
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 40 def active?(profile = Dev::Aws::Profile.new.current) # If there is a metadata uri then we are in an AWS env - assume we are good return true if ENV.fetch('ECS_CONTAINER_METADATA_URI', nil) # Otherwise there should either be an aws config directory or access key configured return false unless File.exist?(Dev::Aws::CONFIG_DIR) || ENV.fetch('AWS_ACCESS_KEY_ID', nil) # TODO: I'd prefer to still validate creds if using a METADATA_URI # However this appears to require additional permissions which might not be present. Is there a better check here? # return false if !ENV.fetch('ECS_CONTAINER_METADATA_URI', nil) && !(File.exist?(Dev::Aws::CONFIG_DIR) || ENV.fetch('AWS_ACCESS_KEY_ID', nil)) # Check for expired credentials begin ::Aws::STS::Client.new(profile:).get_caller_identity rescue return false end # Check for invalid credentials begin # TODO: Is there a better check we can do here? ::Aws::SSM::Client.new(profile:).describe_parameters(max_results: 1) rescue return false end # If the credentials are valid, make sure they are set in the ruby process environment for use later export! true end |
#base_setup! ⇒ Object
Setup base Aws credential settings
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 72 def base_setup! # Make the base config directory FileUtils.mkdir_p(Dev::Aws::CONFIG_DIR) puts puts 'Configuring default credential values' # Write access key / secret key in the credentials file credini = self.class.config_ini defaultini = credini['default'] access_key_default = defaultini['aws_access_key_id'] defaultini['aws_access_key_id'] = Dev::Common.new.ask('AWS Access Key ID', access_key_default) secret_key_default = defaultini['aws_secret_access_key'] defaultini['aws_secret_access_key'] = Dev::Common.new.ask('AWS Secret Access Key', secret_key_default) credini.write end |
#export! ⇒ Object
Export our current credentials into the ruby environment
106 107 108 109 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 106 def export! export_profile_credentials! export_container_credentials! end |
#export_container_credentials! ⇒ Object
Exports the credentials if there is an active credentials uri
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 112 def export_container_credentials! # If we already have creds defined, don't do anything return if ENV.fetch('AWS_ACCESS_KEY_ID', nil) # If a container credentials url is not present, don't do anything ecs_creds = ENV.fetch('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI', nil) return unless ecs_creds # Otherwise query the local creds, parse the json response, and store in the environment response = Net::HTTP.get_response(URI.parse("http://169.254.170.2#{ecs_creds}")) raise 'Error getting container credentials' unless response.is_a?(Net::HTTPSuccess) creds = JSON.parse(response.body) ENV['AWS_ACCESS_KEY_ID'] = creds['AccessKeyId'] ENV['AWS_SECRET_ACCESS_KEY'] = creds['SecretAccessKey'] ENV['AWS_SESSION_TOKEN'] = creds['Token'] ENV['AWS_DEFAULT_REGION'] = logged_in_region end |
#export_profile_credentials! ⇒ Object
Exports the credentials if there is a configured aws profile
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 132 def export_profile_credentials! # If we already have creds defined, don't do anything return if ENV.fetch('AWS_ACCESS_KEY_ID', nil) # If a profile config file is not present, don't do anything return unless File.exist?(CONFIG_FILE) # Otherwise load access key / secret key / session token from the credentials file into the environment credini = self.class.config_ini profile_credentials = credini[Dev::Aws::Profile.new.current] return unless profile_credentials ENV['AWS_ACCESS_KEY_ID'] = profile_credentials['aws_access_key_id'] ENV['AWS_SECRET_ACCESS_KEY'] = profile_credentials['aws_secret_access_key'] ENV['AWS_SESSION_TOKEN'] = profile_credentials['aws_session_token'] ENV['AWS_DEFAULT_REGION'] = logged_in_region end |
#logged_in_account ⇒ Object
The account the profile is currently logged in to
20 21 22 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 20 def logged_in_account ::Aws::STS::Client.new.get_caller_identity.account end |
#logged_in_arn ⇒ Object
The arn of the currently logged in identity
25 26 27 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 25 def logged_in_arn ::Aws::STS::Client.new.get_caller_identity.arn end |
#logged_in_region ⇒ Object
The region associated with the current login
35 36 37 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 35 def logged_in_region ::Aws::STS::Client.new.send(:config).region end |
#logged_in_role ⇒ Object
The role the current identity is using
30 31 32 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 30 def logged_in_role logged_in_arn.split(%r{/})[1] end |
#write!(account, creds) ⇒ Object
Write Aws account specific settings to the credentials file
93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/firespring_dev_commands/aws/credentials.rb', line 93 def write!(account, creds) # Write access key / secret key / session token in the credentials file credini = self.class.config_ini defaultini = credini[account] defaultini['aws_access_key_id'] = creds.access_key_id defaultini['aws_secret_access_key'] = creds.secret_access_key defaultini['aws_session_token'] = creds.session_token credini.write end |