Class: Sfn::Callback::AwsMfa

Inherits:

Sfn::Callback

• Object
• Sfn::Callback
• Sfn::Callback::AwsMfa

Defined in:

lib/sfn/callback/aws_mfa.rb

Overview

Support for AWS MFA

Constant Summary

SESSION_STORE_ITEMS =

Items to cache in local file

[
  :aws_sts_session_token,
  :aws_sts_session_access_key_id,
  :aws_sts_session_secret_access_key,
  :aws_sts_session_token_expires,
]

Instance Attribute Summary

Attributes inherited from Sfn::Callback

#api, #arguments, #config, #ui

Instance Method Summary

• #after(*_) ⇒ Object (also: #failed)

  Store session token if available for later use.

• #after_config(*_) ⇒ Object

  Inject MFA related configuration into API provider credentials.

• #enabled? ⇒ TrueClass, FalseClass
• #load_stored_session ⇒ TrueClass, FalseClass

  Load stored configuration data into the api connection.

• #load_stored_values(path) ⇒ Hash

  Load stored values.

• #prompt_for_code ⇒ String

  Request MFA code from user.

• #quiet ⇒ Object

  Prevent callback output to user.

Methods inherited from Sfn::Callback

#initialize, #run_action

Constructor Details

This class inherits a constructor from Sfn::Callback

Instance Method Details

#after(*_) ⇒ Object Also known as: failed

Store session token if available for later use

# File 'lib/sfn/callback/aws_mfa.rb', line 32

def after(*_)
  if enabled?
    if api.connection.aws_sts_session_token
      path = config.fetch(:aws_mfa, :cache_file, ".sfn-aws")
      FileUtils.touch(path)
      File.chmod(0600, path)
      values = load_stored_values(path)
      SESSION_STORE_ITEMS.map do |key|
        values[key] = api.connection.data[key]
      end
      File.open(path, "w") do |file|
        file.puts MultiJson.dump(values)
      end
    end
  end
end

#after_config(*_) ⇒ Object

Inject MFA related configuration into API provider credentials

# File 'lib/sfn/callback/aws_mfa.rb', line 23

def after_config(*_)
  if enabled?
    load_stored_session
    api.connection.aws_sts_session_token_code = method(:prompt_for_code)
  end
end

#enabled? ⇒ TrueClass, FalseClass

Returns:

• (TrueClass, FalseClass)

# File 'lib/sfn/callback/aws_mfa.rb', line 52

def enabled?
  config.fetch(:aws_mfa, :status, "enabled").to_s == "enabled"
end

#load_stored_session ⇒ TrueClass, FalseClass

Load stored configuration data into the api connection

Returns:

• (TrueClass, FalseClass)

# File 'lib/sfn/callback/aws_mfa.rb', line 59

def load_stored_session
  path = config.fetch(:aws_mfa, :cache_file, ".sfn-aws")
  if File.exists?(path)
    values = load_stored_values(path)
    SESSION_STORE_ITEMS.each do |key|
      api.connection.data[key] = values[key]
    end
    if values[:aws_sts_session_token_expires]
      begin
        api.connection.data[:aws_sts_session_token_expires] = Time.parse(values[:aws_sts_session_token_expires])
      rescue
      end
    end
    true
  else
    false
  end
end

#load_stored_values(path) ⇒ Hash

Load stored values

Parameters:

• path (String)

Returns:

• (Hash)

# File 'lib/sfn/callback/aws_mfa.rb', line 82

def load_stored_values(path)
  begin
    if File.exists?(path)
      MultiJson.load(File.read(path)).to_smash
    else
      Smash.new
    end
  rescue MultiJson::ParseError
    Smash.new
  end
end

#prompt_for_code ⇒ String

Request MFA code from user

Returns:

• (String)

# File 'lib/sfn/callback/aws_mfa.rb', line 97

def prompt_for_code
  result = ui.ask "AWS MFA code", :valid => /^\d{6}$/
  result.strip
end

#quiet ⇒ Object

Prevent callback output to user

# File 'lib/sfn/callback/aws_mfa.rb', line 17

def quiet
  true
end