lib/awskeyring_command.rb in awskeyring-1.0.2 vs lib/awskeyring_command.rb in awskeyring-1.1.0
- old
+ new
@@ -42,11 +42,16 @@
unless Awskeyring.prefs.empty?
puts I18n.t('message.initialise', file: Awskeyring::PREFS_FILE)
exit 1
end
- keychain = ask_missing(existing: options[:keychain], message: I18n.t('message.keychain'))
+ keychain = ask_check(
+ existing: options[:keychain],
+ flags: 'optional',
+ message: I18n.t('message.keychain'),
+ validator: Awskeyring::Validate.method(:account_name)
+ )
keychain = 'awskeyring' if keychain.empty?
puts I18n.t('message.newkeychain')
Awskeyring.init_keychain(awskeyring: keychain)
@@ -76,21 +81,22 @@
if options['unset']
put_env_string(account: nil, key: nil, secret: nil, token: nil)
else
account = ask_check(
existing: account, message: I18n.t('message.account'),
- validator: Awskeyring.method(:account_exists)
+ validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
cred = age_check_and_get(account: account, no_token: options['no-token'])
put_env_string(cred)
end
end
desc 'json ACCOUNT', I18n.t('json.desc')
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
# Print JSON for use with credential_process
- def json(account = nil)
+ def json(account)
account = ask_check(
existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
)
cred = age_check_and_get(account: account, no_token: options['no-token'])
expiry = Time.at(cred[:expiry]) unless cred[:expiry].nil?
@@ -135,15 +141,15 @@
key = ask_check(
existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
)
secret = ask_check(
existing: options[:secret], message: I18n.t('message.secret'),
- secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
+ flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
)
mfa = ask_check(
existing: options[:mfa], message: I18n.t('message.mfa'),
- optional: true, validator: Awskeyring::Validate.method(:mfa_arn)
+ flags: 'optional', validator: Awskeyring::Validate.method(:mfa_arn)
)
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
Awskeyring.add_account(
account: account,
key: key,
@@ -156,20 +162,22 @@
desc 'update ACCOUNT', I18n.t('update.desc')
method_option :key, type: :string, aliases: '-k', desc: I18n.t('method_option.key')
method_option :secret, type: :string, aliases: '-s', desc: I18n.t('method_option.secret')
method_option 'no-remote', type: :boolean, aliases: '-r', desc: I18n.t('method_option.noremote'), default: false
# Update an Account
- def update(account = nil) # rubocop:disable Metrics/MethodLength
+ def update(account = nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account, message: I18n.t('message.account'),
+ validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
key = ask_check(
existing: options[:key], message: I18n.t('message.key'), validator: Awskeyring::Validate.method(:access_key)
)
secret = ask_check(
existing: options[:secret], message: I18n.t('message.secret'),
- secure: true, validator: Awskeyring::Validate.method(:secret_access_key)
+ flags: 'secure', validator: Awskeyring::Validate.method(:secret_access_key)
)
Awskeyring::Awsapi.verify_cred(key: key, secret: secret) unless options['no-remote']
Awskeyring.update_account(
account: account,
key: key,
@@ -183,11 +191,11 @@
method_option :arn, type: :string, aliases: '-a', desc: I18n.t('method_option.arn')
# Add a role
def add_role(role = nil)
role = ask_check(
existing: role, message: I18n.t('message.role'),
- validator: Awskeyring::Validate.method(:role_name)
+ validator: Awskeyring.method(:role_not_exists)
)
arn = ask_check(
existing: options[:arn], message: I18n.t('message.arn'),
validator: Awskeyring::Validate.method(:role_arn)
)
@@ -201,39 +209,45 @@
desc 'remove ACCOUNT', I18n.t('remove.desc')
# Remove an account
def remove(account = nil)
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
Awskeyring.delete_account(account: account, message: I18n.t('message.delaccount', account: account))
end
desc 'remove-token ACCOUNT', I18n.t('remove_token.desc')
# remove a session token
def remove_token(account = nil)
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
Awskeyring.delete_token(account: account, message: I18n.t('message.deltoken', account: account))
end
map 'remove-role' => :remove_role
desc 'remove-role ROLE', I18n.t('remove_role.desc')
# remove a role
def remove_role(role = nil)
role = ask_check(
- existing: role, message: I18n.t('message.role'), validator: Awskeyring::Validate.method(:role_name)
+ existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
+ limited_to: Awskeyring.list_role_names
)
Awskeyring.delete_role(role_name: role, message: I18n.t('message.delrole', role: role))
end
desc 'rotate ACCOUNT', I18n.t('rotate.desc')
# rotate Account keys
def rotate(account = nil) # rubocop:disable Metrics/MethodLength
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account,
+ message: I18n.t('message.account'),
+ validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
cred = Awskeyring.get_valid_creds(account: account, no_token: true)
begin
new_key = Awskeyring::Awsapi.rotate(
@@ -261,16 +275,20 @@
method_option :code, type: :string, aliases: '-c', desc: I18n.t('method_option.code')
method_option :duration, type: :string, aliases: '-d', desc: I18n.t('method_option.duration')
# generate a sessiopn token
def token(account = nil, role = nil, code = nil) # rubocop:disable all
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account,
+ message: I18n.t('message.account'),
+ validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
role ||= options[:role]
if role
role = ask_check(
- existing: role, message: I18n.t('message.role'), validator: Awskeyring::Validate.method(:role_name)
+ existing: role, message: I18n.t('message.role'), validator: Awskeyring.method(:role_exists),
+ limited_to: Awskeyring.list_role_names
)
end
code ||= options[:code]
if code
code = ask_check(
@@ -318,11 +336,14 @@
method_option 'no-token', type: :boolean, aliases: '-n', desc: I18n.t('method_option.notoken'), default: false
method_option 'no-open', type: :boolean, aliases: '-o', desc: I18n.t('method_option.noopen'), default: false
# Open the AWS Console
def console(account = nil) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
account = ask_check(
- existing: account, message: I18n.t('message.account'), validator: Awskeyring.method(:account_exists)
+ existing: account,
+ message: I18n.t('message.account'),
+ validator: Awskeyring.method(:account_exists),
+ limited_to: Awskeyring.list_account_names
)
cred = age_check_and_get(account: account, no_token: options['no-token'])
path = options[:path] || 'console'
@@ -434,32 +455,40 @@
env_var = Awskeyring::Awsapi.get_env_array(cred)
env_var.each { |var, value| puts "export #{var}=\"#{value}\"" }
Awskeyring::Awsapi::AWS_ENV_VARS.each { |key| puts "unset #{key}" unless env_var.key?(key) }
end
- def ask_check(existing:, message:, secure: false, optional: false, validator: nil)
+ def ask_check(existing:, message:, flags: nil, validator: nil, limited_to: nil) # rubocop:disable Metrics/MethodLength
retries ||= 3
begin
- value = ask_missing(existing: existing, message: message, secure: secure, optional: optional)
- value = validator.call(value) unless value.empty? && optional
+ value = ask_missing(
+ existing: existing,
+ message: message,
+ secure: 'secure'.eql?(flags),
+ optional: 'optional'.eql?(flags),
+ limited_to: limited_to
+ )
+ value = validator.call(value) unless value.empty? && 'optional'.eql?(flags)
rescue RuntimeError => e
warn e.message
existing = nil
retry unless (retries -= 1).zero?
exit 1
end
value
end
- def ask_missing(existing:, message:, secure: false, optional: false)
- existing || ask(message: message, secure: secure, optional: optional).strip
+ def ask_missing(existing:, message:, secure: false, optional: false, limited_to: nil)
+ existing || ask(message: message, secure: secure, optional: optional, limited_to: limited_to).strip
end
- def ask(message:, secure: false, optional: false)
+ def ask(message:, secure: false, optional: false, limited_to: nil)
if secure
Awskeyring::Input.read_secret(message.rjust(20) + ': ')
elsif optional
Thor::LineEditor.readline((message + ' (optional)').rjust(20) + ': ')
+ elsif limited_to
+ Thor::LineEditor.readline(message.rjust(20) + ': ', limited_to: limited_to)
else
Thor::LineEditor.readline(message.rjust(20) + ': ')
end
end
end