lib/awskeyring/awsapi.rb in awskeyring-1.11.0 vs lib/awskeyring/awsapi.rb in awskeyring-1.12.0

@@ -23,10 +23,11 @@
     AWS_SIGNIN_URL = 'https://signin.aws.amazon.com/federation'
 
     # AWS Env vars
     AWS_ENV_VARS = %w[
       AWS_ACCOUNT_NAME
+      AWS_ACCOUNT_ID
       AWS_ACCESS_KEY_ID
       AWS_ACCESS_KEY
       AWS_CREDENTIAL_EXPIRATION
       AWS_SECRET_ACCESS_KEY
       AWS_SECRET_KEY
@@ -83,11 +84,11 @@
               policy: ADMIN_POLICY,
               duration_seconds: params[:duration]
             )
           end
       rescue Aws::STS::Errors::AccessDenied => e
-        warn e.to_s
+        warn e
         exit 1
       end
 
       {
         key: response.credentials[:access_key_id],
@@ -121,18 +122,20 @@
     #    [String] account The aws account name
     #    [String] key The aws_access_key_id
     #    [String] secret The aws_secret_access_key
     #    [String] token The aws_session_token
     # @return [Hash] env_var hash
-    def self.get_env_array(params = {})
+    def self.get_env_array(params = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
       env_var = {}
       env_var['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
 
       params[:expiration] = Time.at(params[:expiry]).iso8601 unless params[:expiry].nil?
+      params[:account_name] = params.delete(:account)
+      params[:account_id] = get_account_id(key: params[:key]) unless params[:key].nil?
 
-      params.each_key do |param_name|
-        AWS_ENV_VARS.each do |var_name|
+      AWS_ENV_VARS.each do |var_name|
+        params.each_key do |param_name|
           if var_name.include?(param_name.to_s.upcase) && !params[param_name].nil?
             env_var[var_name] = params[param_name]
           end
         end
       end
@@ -149,11 +152,11 @@
       begin
         ENV['AWS_DEFAULT_REGION'] = 'us-east-1' unless region
         sts = Aws::STS::Client.new(access_key_id: key, secret_access_key: secret, session_token: token)
         sts.get_caller_identity
       rescue Aws::Errors::ServiceError => e
-        warn e.to_s
+        warn e
         exit 1
       end
       true
     end
 
@@ -225,9 +228,33 @@
     # @return [String] current configured region
     def self.region
       keys = %w[AWS_REGION AMAZON_REGION AWS_DEFAULT_REGION]
       region = ENV.values_at(*keys).compact.first
       region || Aws.shared_config.region(profile: 'default')
+    end
+
+    # Get the account number from an access key
+    #
+    # @param [String] key The aws_access_key_id
+    # @return [String] Account number
+    def self.get_account_id(key:)
+      padded_no = key[3..12]
+      mask = (2 << 39) - 1
+      decimal = (decode(padded_no) >> 4) & mask
+      decimal.to_s.rjust(12, '0')
+    end
+
+    # base32 decode function
+    # returns 0 on failure
+    private_class_method def self.decode(str)
+      aws_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
+      bytes = str.bytes
+      bytes.inject do |m, o|
+        i = aws_table.index(o.chr)
+        return 0 if i.nil?
+
+        (m << 5) + i
+      end
     end
 
     # Rotates the AWS access keys
     #
     # @param [String] key The aws_access_key_id