Class: Dev::Aws::Login
- Defined in:
- lib/firespring_dev_commands/aws/login.rb
Overview
Class containing methods for helping a user log in to aws
Instance Method Summary collapse
-
#authorize!(account) ⇒ Object
Authorize your local credentials User is prompted for an MFA code Temporary credentials are written back to the credentials file.
-
#login!(account = nil) ⇒ Object
Main interface for logging in to an AWS account If an account is not specified the user is given an account selection menu If account registries have been configured, the user is also logged in to the docker registries.
-
#registry_login!(registry_id: nil, region: nil) ⇒ Object
Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image) Authroizes the docker ruby library to pull/push images from the Aws container registry.
-
#registry_logins!(registry_ids: nil, region: nil) ⇒ Object
Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image) Authroizes the docker ruby library to pull/push images from the Aws container registry.
-
#setup_cfgini(account) ⇒ Object
Returns the config ini file Runs the setup for our current account if it’s not already setup.
Instance Method Details
#authorize!(account) ⇒ Object
Authorize your local credentials User is prompted for an MFA code Temporary credentials are written back to the credentials file
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/firespring_dev_commands/aws/login.rb', line 32 def (account) # Make sure the account has been set up cfgini = setup_cfgini(account) defaultini = cfgini['default'] profileini = cfgini["profile #{account}"] region = profileini['region'] || defaultini['region'] || Dev::Aws::DEFAULT_REGION # Explicitly set the region to the one we are logging in to. Then return if we are already logged in. # This is to fix an issue where you are attempting to log in to an account in a different region. # Without this fix it would still be attempting to use the old region until the process exited ENV['AWS_DEFAULT_REGION'] = region return if Dev::Aws::Credentials.new.active?(account) serial = profileini['mfa_serial_name'] || defaultini['mfa_serial_name'] serial = "arn:aws:iam::#{Dev::Aws::Account.new.root.id}:mfa/#{serial}" if serial serial ||= profileini['mfa_serial'] || defaultini['mfa_serial'] role = profileini['role_arn'] || defaultini['role_arn'] # NOTE: We supported role name for a period of time but we are switching back to role_arn. # Leaving this here for a period of time until it can be deprecated role ||= "arn:aws:iam::#{account}:role/#{profileini['role_name'] || defaultini['role_name']}" # TODO: role_name is deprecated. Eventually, we should remove the above line session_name = profileini['role_session_name'] || defaultini['role_session_name'] session_duration = profileini['session_duration'] || defaultini['session_duration'] puts puts " Logging in to #{account} in #{region} as #{role}".light_yellow puts code = ENV['AWS_TOKEN_CODE'] || Dev::Common.new.ask("Enter the MFA code for the #{ENV.fetch('USERNAME', 'no_username_found')} user serial #{serial}") raise 'MFA is required' unless code.to_s.strip sts = ::Aws::STS::Client.new(profile: 'default', region:) creds = sts.assume_role( serial_number: serial, role_arn: role, role_session_name: session_name, token_code: code, duration_seconds: session_duration ).credentials puts Dev::Aws::Credentials.new.write!(account, creds) end |
#login!(account = nil) ⇒ Object
Main interface for logging in to an AWS account If an account is not specified the user is given an account selection menu If account registries have been configured, the user is also logged in to the docker registries
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/firespring_dev_commands/aws/login.rb', line 12 def login!(account = nil) # If more than one child account has been configured, have the user select the account they want to log in to account ||= Dev::Aws::Account.new.select # Authorize if our creds are not active (account) # Ensure the local env is pointed to the profile we selected Dev::Aws::Profile.new.write!(account) # Load credentials into the ENV for subprocesses Dev::Aws::Credentials.new.export! # Login in to all configured docker registries registry_logins! end |
#registry_login!(registry_id: nil, region: nil) ⇒ Object
Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image) Authroizes the docker ruby library to pull/push images from the Aws container registry
105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/firespring_dev_commands/aws/login.rb', line 105 def registry_login!(registry_id: nil, region: nil) registry_id ||= Dev::Aws::Account.new.ecr_registry_ids.first region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION raise 'registry_id is required' if registry_id.to_s.strip.empty? raise 'region is required' if region.to_s.strip.empty? registry = "#{registry_id}.dkr.ecr.#{region}.amazonaws.com" docker_cli_login!(registry:, region:) docker_lib_login!(registry_id:, region:) ENV['ECR_REGISTRY_ID'] ||= registry_id ENV['ECR_REGISTRY'] ||= registry end |
#registry_logins!(registry_ids: nil, region: nil) ⇒ Object
Authroizes the docker cli to pull/push images from the Aws container registry (e.g. if docker compose needs to pull an image) Authroizes the docker ruby library to pull/push images from the Aws container registry
93 94 95 96 97 98 99 100 101 |
# File 'lib/firespring_dev_commands/aws/login.rb', line 93 def registry_logins!(registry_ids: nil, region: nil) registry_ids ||= Dev::Aws::Account.new.ecr_registry_ids region ||= Dev::Aws::Credentials.new.logged_in_region || Dev::Aws::DEFAULT_REGION return if registry_ids.empty? puts registry_ids.each { |id| registry_login!(registry_id: id, region:) } puts end |
#setup_cfgini(account) ⇒ Object
Returns the config ini file Runs the setup for our current account if it’s not already setup
82 83 84 85 86 87 88 89 |
# File 'lib/firespring_dev_commands/aws/login.rb', line 82 def setup_cfgini(account) cfgini = Dev::Aws::Account.config_ini unless cfgini.has_section?("profile #{account}") Dev::Aws::Account.new.write!(account) cfgini = Dev::Aws::Account.config_ini end cfgini end |