lib/awskeyring_command.rb in awskeyring-0.4.0 vs lib/awskeyring_command.rb in awskeyring-0.5.0
- old
+ new
@@ -19,10 +19,11 @@
map ['lsr'] => :list_role
map ['rm'] => :remove
map ['rmr'] => :remove_role
map ['rmt'] => :remove_token
map ['rot'] => :rotate
+ map ['up'] => :update
desc '--version, -v', I18n.t('__version.desc')
# print the version number
def __version
puts Awskeyring::VERSION
@@ -66,12 +67,11 @@
# Print Env vars
def env(account = nil)
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
)
- cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
- age_check(account, cred[:updated])
+ cred = age_check_and_get(account: account, no_token: options['no-token'])
put_env_string(
account: cred[:account],
key: cred[:key],
secret: cred[:secret],
token: cred[:token]
@@ -83,12 +83,11 @@
# Print JSON for use with credential_process
def json(account = nil)
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
)
- cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
- age_check(account, cred[:updated])
+ cred = age_check_and_get(account: account, no_token: options['no-token'])
expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
puts Awskeyring::Awsapi.get_cred_json(
key: cred[:key],
secret: cred[:secret],
token: cred[:token],
@@ -98,12 +97,11 @@
desc 'exec ACCOUNT command...', I18n.t('exec.desc')
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
# execute an external command with env set
def exec(account, *command)
- cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
- age_check(account, cred[:updated])
+ cred = age_check_and_get(account: account, no_token: options['no-token'])
env_vars = env_vars(
account: cred[:account],
key: cred[:key],
secret: cred[:secret],
token: cred[:token]
@@ -115,11 +113,10 @@
desc 'add ACCOUNT', I18n.t('add.desc')
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
method_option :mfa, type: :string, aliases: '-m', desc: I18n.t('method_option.mfa')
method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
- method_option :update, type: :boolean, aliases: '-u', desc: I18n.t('method_option.update'), default: false
# Add an Account
def add(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
)
@@ -128,34 +125,49 @@
)
secret = ask_check(
existing: options[:secret], message: I18n.t('message.secret'),
secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
)
- if options[:update]
- Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
- Awskeyring.update_account(
- account: account,
- key: key,
- secret: secret
- )
- puts I18n.t('message.upaccount', account: account)
- else
- mfa = ask_check(
- existing: options[:mfa], message: I18n.t('message.mfa'),
- optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
- )
- Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
- Awskeyring.add_account(
- account: account,
- key: key,
- secret: secret,
- mfa: mfa
- )
- puts I18n.t('message.addaccount', account: account)
- end
+ mfa = ask_check(
+ existing: options[:mfa], message: I18n.t('message.mfa'),
+ optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
+ )
+ Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+ Awskeyring.add_account(
+ account: account,
+ key: key,
+ secret: secret,
+ mfa: mfa
+ )
+ puts I18n.t('message.addaccount', account: account)
end
+ desc 'update ACCOUNT', I18n.t('update.desc')
+ method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
+ method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
+ method_option :local, type: :boolean, aliases: '-l', desc: I18n.t('method_option.local'), default: false
+ # Update an Account
+ def update(account = nil) # rubocop:disable Metrics/MethodLength
+ account = ask_check(
+ existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
+ )
+ key = ask_check(
+ existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
+ )
+ secret = ask_check(
+ existing: options[:secret], message: I18n.t('message.secret'),
+ secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
+ )
+ Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options[:local]
+ Awskeyring.update_account(
+ account: account,
+ key: key,
+ secret: secret
+ )
+ puts I18n.t('message.upaccount', account: account)
+ end
+
map 'add-role' => :add_role
desc 'add-role ROLE', I18n.t('add_role.desc')
method_option :arn, type: :string, aliases: '-a', desc: I18n.t('method_option.arn')
# Add a role
def add_role(role = nil) # rubocop:disable Metrics/MethodLength
@@ -212,17 +224,17 @@
# rotate Account keys
def rotate(account = nil) # rubocop:disable Metrics/MethodLength
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
)
- item_hash = Awskeyring.get_account_hash(account: account)
+ cred = Awskeyring.get_valid_creds(account: account, no_token: true)
begin
new_key = Awskeyring::Awsapi.rotate(
- account: item_hash[:account],
- key: item_hash[:key],
- secret: item_hash[:secret],
+ account: cred[:account],
+ key: cred[:key],
+ secret: cred[:secret],
key_message: I18n.t('message.rotate', account: account)
)
rescue Aws::Errors::ServiceError => err
warn err.to_s
exit 1
@@ -261,12 +273,11 @@
duration = options[:duration]
duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s if role
duration ||= Awskeyring::Awsapi::TWELVE_HOUR.to_s if code
duration ||= Awskeyring::Awsapi::ONE_HOUR.to_s
- item_hash = Awskeyring.get_account_hash(account: account)
- age_check(account, item_hash[:updated])
+ item_hash = age_check_and_get(account: account, no_token: true)
role_arn = Awskeyring.get_role_arn(role_name: role) if role
begin
new_creds = Awskeyring::Awsapi.get_token(
code: code,
@@ -296,17 +307,17 @@
end
desc 'console ACCOUNT', I18n.t('console.desc')
method_option :path, type: :string, aliases: '-p', desc: I18n.t('method_option.path')
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
+ method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
# Open the AWS Console
def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring::Validate.method(:account_name)
)
- cred = Awskeyring.get_valid_creds(account: account, no_token: options['no-token'])
- age_check(account, cred[:updated])
+ cred = age_check_and_get(account: account, no_token: options['no-token'])
path = options[:path] || 'console'
begin
login_url = Awskeyring::Awsapi.get_login_url(
@@ -319,12 +330,16 @@
rescue Aws::Errors::ServiceError => err
warn err.to_s
exit 1
end
- pid = Process.spawn("open \"#{login_url}\"")
- Process.wait pid
+ if options['no-open']
+ puts login_url
+ else
+ pid = Process.spawn("open \"#{login_url}\"")
+ Process.wait pid
+ end
end
desc 'awskeyring CURR PREV', I18n.t('awskeyring.desc'), hide: true
# autocomplete
def awskeyring(curr, prev)
@@ -346,13 +361,17 @@
print_auto_resp(curr, comp_len)
end
private
- def age_check(account, updated)
+ def age_check_and_get(account:, no_token:)
+ cred = Awskeyring.get_valid_creds(account: account, no_token: no_token)
+
maxage = Awskeyring.prefs[:keyage] || Awskeyring::DEFAULT_KEY_AGE
- age = (Time.new - updated).div Awskeyring::Awsapi::ONE_DAY
+ age = (Time.new - cred[:updated]).div Awskeyring::Awsapi::ONE_DAY
warn I18n.t('message.age_check', account: account, age: age) unless age < maxage
+
+ cred
end
def print_auto_resp(curr, len)
case len
when 0