lib/awskeyring/awsapi.rb in awskeyring-0.2.0 vs lib/awskeyring/awsapi.rb in awskeyring-0.3.0

@@ -5,10 +5,23 @@
 # Awskeyring Module,
 # gives you an interface to access keychains and items.
 module Awskeyring
   # AWS API methods for Awskeyring
   module Awsapi # rubocop:disable Metrics/ModuleLength
+    # Admin policy as json
+    ADMIN_POLICY = {
+      Version: '2012-10-17',
+      Statement: [{
+        Action: '*',
+        Resource: '*',
+        Effect: 'Allow'
+      }]
+    }.to_json.freeze
+
+    TWELVE_HOUR = (60 * 60 * 12)
+    ONE_HOUR = (60 * 60 * 1)
+
     # Retrieves a temporary session token from AWS
     #
     # @param [Hash] params including
     #    key The aws_access_key_id
     #    secret The aws_secret_access_key
@@ -45,10 +58,16 @@
             sts.get_session_token(
               duration_seconds: params[:duration].to_i,
               serial_number: params[:mfa],
               token_code: params[:code]
             )
+          else
+            sts.get_federation_token(
+              name: params[:user],
+              policy: ADMIN_POLICY,
+              duration_seconds: params[:duration]
+            )
           end
       rescue Aws::STS::Errors::AccessDenied => err
         warn err.to_s
         exit 1
       end
@@ -77,10 +96,26 @@
         SessionToken: token,
         Expiration: expiry
       )
     end
 
+    # Verify Credentials are active and valid
+    #
+    # @param [String] key The aws_access_key_id
+    # @param [String] secret The aws_secret_access_key
+    # @param [String] token The aws_session_token
+    def self.verify_cred(key:, secret:)
+      begin
+        sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret)
+        sts.get_caller_identity
+      rescue Aws::Errors::ServiceError => err
+        warn err.to_s
+        exit 1
+      end
+      true
+    end
+
     # Retrieves an AWS Console login url
     #
     # @param [String] key The aws_access_key_id
     # @param [String] secret The aws_secret_access_key
     # @param [String] token The aws_session_token
@@ -88,18 +123,10 @@
     # @param [String] path within the Console to access
     # @return [String] login_url to access
     def self.get_login_url(key:, secret:, token:, path:, user:) # rubocop:disable  Metrics/AbcSize, Metrics/MethodLength
       console_url = "https://console.aws.amazon.com/#{path}/home"
       signin_url = 'https://signin.aws.amazon.com/federation'
-      policy_json = {
-        Version: '2012-10-17',
-        Statement: [{
-          Action: '*',
-          Resource: '*',
-          Effect: 'Allow'
-        }]
-      }.to_json
 
       if token
         session_json = {
           sessionId: key,
           sessionKey: secret,
@@ -108,11 +135,11 @@
       else
         sts = Aws::STS::Client.new(access_key_id: key,
                                    secret_access_key: secret)
 
         session = sts.get_federation_token(name: user,
-                                           policy: policy_json,
-                                           duration_seconds: (60 * 60 * 12))
+                                           policy: ADMIN_POLICY,
+                                           duration_seconds: TWELVE_HOUR)
         session_json = {
           sessionId: session.credentials[:access_key_id],
           sessionKey: session.credentials[:secret_access_key],
           sessionToken: session.credentials[:session_token]
         }.to_json