Class: AwskeyringCommand

Inherits:

Thor

• Object
• Thor
• AwskeyringCommand

Defined in:

lib/awskeyring_command.rb

Overview

AWSkeyring command line interface.

Class Method Summary

• .exit_on_failure? ⇒ Boolean

  default to returning an error on failure.

Instance Method Summary

• #__version ⇒ Object

  print the version number.

• #add(account = nil) ⇒ Object

  Add an Account.

• #add_role(role = nil) ⇒ Object

  Add a role.

• #autocomplete(curr, prev = nil) ⇒ Object

  autocomplete.

• #console(account = nil) ⇒ Object

  Open the AWS Console.

• #decode(key = nil) ⇒ Object

  decode account numbers.

• #default ⇒ Object

  default command to run.

• #env(account = nil) ⇒ Object

  Print Env vars.

• #exec(account, *exec) ⇒ Object

  execute an external command with env set.

• #import(account = nil) ⇒ Object

  Import an Account.

• #initialise ⇒ Object

  initialise the keychain.

• #json(account) ⇒ Object

  Print JSON for use with credential_process.

• #list ⇒ Object

  list the accounts.

• #list_role ⇒ Object

  List roles.

• #remove(account = nil) ⇒ Object

  Remove an account.

• #remove_role(role = nil) ⇒ Object

  remove a role.

• #remove_token(token = nil) ⇒ Object

  remove a session token.

• #rotate(account = nil) ⇒ Object

  rotate Account keys.

• #token(account = nil, role = nil, code = nil) ⇒ Object

  generate a sessiopn token.

• #update(account = nil) ⇒ Object

  Update an Account.

Class Method Details

.exit_on_failure? ⇒ Boolean

default to returning an error on failure.

Returns:

• (Boolean)

# File 'lib/awskeyring_command.rb', line 29

def self.exit_on_failure?
  true
end

Instance Method Details

#__version ⇒ Object

print the version number

# File 'lib/awskeyring_command.rb', line 46

def __version
  puts "Awskeyring v#{Awskeyring::VERSION}"
  if !options['no-remote'] && Awskeyring.latest_version != Awskeyring::VERSION
    puts "the latest version v#{Awskeyring.latest_version}"
  end
  puts "Homepage #{Awskeyring::HOMEPAGE}"
end

#add(account = nil) ⇒ Object

Add an Account

# File 'lib/awskeyring_command.rb', line 233

def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
  )
  key = ask_check(
    existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring.method(:access_key_not_exists)
  )
  secret = ask_check(
    existing: options[:secret], message: I18n.t('message.secret'),
    flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
  )
  mfa = ask_check(
    existing: options[:mfa], message: I18n.t('message.mfa'),
    flags: 'optional', validator: Awskeyring::Validate.method(:mfa_arn)
  )
  Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
  Awskeyring.add_account(
    account: account,
    key: key,
    secret: secret,
    mfa: mfa
  )
  puts I18n.t('message.addaccount', account: account)
end

#add_role(role = nil) ⇒ Object

Add a role

# File 'lib/awskeyring_command.rb', line 288

def add_role(role = nil)
  role = ask_check(
    existing: role, message: I18n.t('message.role'),
    validator: Awskeyring.method(:role_not_exists)
  )
  arn = ask_check(
    existing: options[:arn], message: I18n.t('message.arn'),
    validator: Awskeyring.method(:role_arn_not_exists)
  )

  Awskeyring.add_role(
    role: role,
    arn: arn
  )
  puts I18n.t('message.addrole', role: role)
end

#autocomplete(curr, prev = nil) ⇒ Object

autocomplete

# File 'lib/awskeyring_command.rb', line 463

def autocomplete(curr, prev = nil)
  curr, prev = fix_args(curr, prev)
  comp_line = ENV.fetch('COMP_LINE', nil)
  comp_point_str = ENV.fetch('COMP_POINT', nil)
  unless comp_line && comp_point_str
    exec_name = File.basename($PROGRAM_NAME)
    warn I18n.t('message.awskeyring', path: $PROGRAM_NAME, bin: exec_name)
    exit 1
  end

  comp_lines = comp_line[0..(comp_point_str.to_i)].split

  comp_type, sub_cmd = comp_type(comp_lines: comp_lines, prev: prev, curr: curr)
  list = fetch_auto_resp(comp_type, sub_cmd)
  puts list.select { |elem| elem.start_with?(curr) }.sort!.join("\n")
end

#console(account = nil) ⇒ Object

Open the AWS Console

# File 'lib/awskeyring_command.rb', line 421

def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  cred = age_check_and_get(account: account, no_token: options['no-token'])

  path = options[:path] || 'console'

  login_url = Awskeyring::Awsapi.get_login_url(
    key: cred[:key],
    secret: cred[:secret],
    token: cred[:token],
    path: path,
    user: ENV.fetch('USER', 'awskeyring')
  )

  if options['no-open']
    puts login_url
  else
    spawn_cmd = options[:browser] ? "open -a \"#{options[:browser]}\" \"#{login_url}\"" : "open \"#{login_url}\""
    pid = Process.spawn(spawn_cmd)
    Process.wait pid
    exit 1 if Process.last_status.exitstatus.positive?
  end
end

#decode(key = nil) ⇒ Object

decode account numbers

# File 'lib/awskeyring_command.rb', line 452

def decode(key = nil)
  key = ask_check(
    existing: key, message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
  )

  puts Awskeyring::Awsapi.get_account_id(key: key)
end

#default ⇒ Object

default command to run

# File 'lib/awskeyring_command.rb', line 35

def default
  if Awskeyring.prefs.empty?
    invoke :initialise
  else
    invoke :help
  end
end

#env(account = nil) ⇒ Object

Print Env vars

# File 'lib/awskeyring_command.rb', line 115

def env(account = nil)
  if options[:test]
    account ||= 'fakeaccount'
    cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
    put_env_string(cred)
  elsif options[:unset]
    put_env_string(account: nil, key: nil, secret: nil, token: nil)
  else
    output_safe(options[:force])
    account = ask_check(
      existing: account, message: I18n.t('message.account'),
      validator: Awskeyring.method(:account_exists),
      limited_to: Awskeyring.list_account_names
    )
    cred = age_check_and_get(account: account, no_token: options['no-token'])
    put_env_string(cred)
  end
end

#exec(account, *exec) ⇒ Object

execute an external command with env set

# File 'lib/awskeyring_command.rb', line 205

def exec(account, *exec) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  if exec.empty?
    warn I18n.t('message.exec')
    exit 1
  end
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  cred = age_check_and_get(account: account, no_token: options['no-token'])
  env_vars = Awskeyring::Awsapi.get_env_array(cred)
  unbundle if options['no-bundle']
  begin
    pid = Process.spawn(env_vars, exec.join(' '))
    Process.wait pid
    exit 1 if Process.last_status.exitstatus.positive?
  rescue Errno::ENOENT => e
    warn e
    exit 1
  end
end

#import(account = nil) ⇒ Object

Import an Account

# File 'lib/awskeyring_command.rb', line 168

def import(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_not_exists)
  )
  new_creds = Awskeyring::Awsapi.get_credentials_from_file(account: account)
  unless options['no-remote']
    Awskeyring::Awsapi.verify_cred(
      key: new_creds[:key],
      secret: new_creds[:secret],
      token: new_creds[:token]
    )
  end
  if new_creds[:token].nil?
    Awskeyring.add_account(
      account: new_creds[:account],
      key: new_creds[:key],
      secret: new_creds[:secret],
      mfa: ''
    )
    puts I18n.t('message.addaccount', account: account)
  else
    Awskeyring.add_token(
      account: new_creds[:account],
      key: new_creds[:key],
      secret: new_creds[:secret],
      token: new_creds[:token],
      expiry: new_creds[:expiry].to_i.to_s,
      role: nil
    )
    puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
  end
end

#initialise ⇒ Object

initialise the keychain

# File 'lib/awskeyring_command.rb', line 57

def initialise
  unless Awskeyring.prefs.empty?
    puts I18n.t('message.initialise', file: Awskeyring::PREFS_FILE)
    exit 1
  end

  keychain = ask_check(
    existing: options[:keychain],
    flags: 'optional',
    message: I18n.t('message.keychain'),
    validator: Awskeyring::Validate.method(:account_name)
  )
  keychain = 'awskeyring' if keychain.empty?

  puts I18n.t('message.newkeychain')
  Awskeyring.init_keychain(awskeyring: keychain)

  exec_name = File.basename($PROGRAM_NAME)

  puts I18n.t('message.addkeychain', keychain: keychain, exec_name: exec_name)
end

#json(account) ⇒ Object

Print JSON for use with credential_process

# File 'lib/awskeyring_command.rb', line 139

def json(account) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  if options[:test]
    cred = Awskeyring::Awsapi.gen_test_credentials(account: account)
    puts Awskeyring::Awsapi.get_cred_json(
      key: cred[:key],
      secret: cred[:secret],
      token: cred[:token],
      expiry: (Time.new + Awskeyring::Awsapi::TWELVE_HOUR).iso8601
    )
  else
    output_safe(options[:force])
    account = ask_check(
      existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
      limited_to: Awskeyring.list_account_names
    )
    cred = age_check_and_get(account: account, no_token: options['no-token'])
    expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
    puts Awskeyring::Awsapi.get_cred_json(
      key: cred[:key],
      secret: cred[:secret],
      token: cred[:token],
      expiry: (expiry || (Time.new + Awskeyring::Awsapi::ONE_HOUR)).iso8601
    )
  end
end

#list ⇒ Object

list the accounts

# File 'lib/awskeyring_command.rb', line 82

def list
  if Awskeyring.list_account_names.empty?
    warn I18n.t('message.missing_account', bin: File.basename($PROGRAM_NAME))
    exit 1
  end
  if options[:detail]
    puts Awskeyring.list_account_names_plus.join("\n")
  else
    puts Awskeyring.list_account_names.join("\n")
  end
end

#list_role ⇒ Object

List roles

# File 'lib/awskeyring_command.rb', line 97

def list_role
  if Awskeyring.list_role_names.empty?
    warn I18n.t('message.missing_role', bin: File.basename($PROGRAM_NAME))
    exit 1
  end
  if options[:detail]
    puts Awskeyring.list_role_names_plus.join("\n")
  else
    puts Awskeyring.list_role_names.join("\n")
  end
end

#remove(account = nil) ⇒ Object

Remove an account

# File 'lib/awskeyring_command.rb', line 307

def remove(account = nil)
  account = ask_check(
    existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  Awskeyring.delete_account(account: account, message: I18n.t('message.delaccount', account: account))
end

#remove_role(role = nil) ⇒ Object

remove a role

# File 'lib/awskeyring_command.rb', line 327

def remove_role(role = nil)
  role = ask_check(
    existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
    limited_to: Awskeyring.list_role_names
  )
  Awskeyring.delete_role(role_name: role, message: I18n.t('message.delrole', role: role))
end

#remove_token(token = nil) ⇒ Object

remove a session token

# File 'lib/awskeyring_command.rb', line 317

def remove_token(token = nil)
  token = ask_check(
    existing: token, message: I18n.t('message.account'), validator: Awskeyring.method(:token_exists),
    limited_to: Awskeyring.list_token_names
  )
  Awskeyring.delete_token(account: token, message: I18n.t('message.deltoken', account: token))
end

#rotate(account = nil) ⇒ Object

rotate Account keys

# File 'lib/awskeyring_command.rb', line 337

def rotate(account = nil) # rubocop:disable Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  cred = Awskeyring.get_valid_creds(account: account, no_token: true)

  begin
    new_key = Awskeyring::Awsapi.rotate(
      account: cred[:account],
      key: cred[:key],
      secret: cred[:secret],
      key_message: I18n.t('message.rotate', account: account)
    )
  rescue Aws::Errors::ServiceError => e
    warn e
    exit 1
  end

  Awskeyring.update_account(
    account: account,
    key: new_key[:key],
    secret: new_key[:secret]
  )

  puts I18n.t('message.upaccount', account: account)
end

#token(account = nil, role = nil, code = nil) ⇒ Object

generate a sessiopn token

# File 'lib/awskeyring_command.rb', line 371

def token(account = nil, role = nil, code = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  account = ask_check(
    existing: account,
    message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  if role
    role = ask_check(
      existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
      limited_to: Awskeyring.list_role_names
    )
  end
  code ||= options[:code]
  if code
    code = ask_check(
      existing: code, message: I18n.t('message.code'), validator: Awskeyring::Validate.method(:mfa_code)
    )
  end
  item_hash = age_check_and_get(account: account, no_token: true)

  new_creds = Awskeyring::Awsapi.get_token(
    code: code,
    role_arn: (Awskeyring.get_role_arn(role_name: role) if role),
    duration: default_duration(options[:duration], role, code),
    mfa: item_hash[:mfa],
    key: item_hash[:key],
    secret: item_hash[:secret],
    user: ENV.fetch('USER', 'awskeyring')
  )
  Awskeyring.delete_token(account: account, message: '# Removing STS credentials')

  Awskeyring.add_token(
    account: account,
    key: new_creds[:key],
    secret: new_creds[:secret],
    token: new_creds[:token],
    expiry: new_creds[:expiry].to_i.to_s,
    role: role
  )

  puts I18n.t('message.addtoken', account: account, time: Time.at(new_creds[:expiry].to_i))
end

#update(account = nil) ⇒ Object

Update an Account

# File 'lib/awskeyring_command.rb', line 263

def update(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
  account = ask_check(
    existing: account, message: I18n.t('message.account'),
    validator: Awskeyring.method(:account_exists),
    limited_to: Awskeyring.list_account_names
  )
  key = ask_check(
    existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring.method(:access_key_not_exists)
  )
  secret = ask_check(
    existing: options[:secret], message: I18n.t('message.secret'),
    flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
  )
  Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
  Awskeyring.update_account(
    account: account,
    key: key,
    secret: secret
  )
  puts I18n.t('message.upaccount', account: account)
end