Class: AwsSessionToken::CLI

Inherits:

Object

• Object
• AwsSessionToken::CLI

Defined in:

lib/aws_session_token/cli.rb

Overview

Execute the process for getting & updating the session token.

Instance Attribute Summary

• #options ⇒ Object

  Returns the value of attribute options.

Instance Method Summary

• #initialize ⇒ CLI constructor

  A new instance of CLI.

• #mfa_device ⇒ Object
• #run ⇒ Object
• #session_token(mfa_device, otp) ⇒ Object
• #set_aws_creds ⇒ Object
• #token_prompt ⇒ Object
• #validate_creds_file ⇒ Object

Constructor Details

#initialize ⇒ CLI

# File 'lib/aws_session_token/cli.rb', line 28

def initialize
  @options = Options.new
  @creds_file = CredentialsFile.new
end

Instance Attribute Details

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/aws_session_token/cli.rb', line 26

def options
  @options
end

Instance Method Details

#mfa_device ⇒ Object

# File 'lib/aws_session_token/cli.rb', line 64

def mfa_device
  iam_client = Aws::IAM::Client.new
  params = { max_items: 1 }
  params[:user_name] = @options.user if @options.user
  response = iam_client.list_mfa_devices(params)
  list = response.mfa_devices
  return list[0].serial_number unless list.nil? || list.empty?
  warn "\nSpecified profile/user doesn't have MFA device."
  warn "\nScript execution unnecessary."
  exit
end

#run ⇒ Object

# File 'lib/aws_session_token/cli.rb', line 33

def run
  @options.parse(ARGV)
  validate_creds_file
  set_aws_creds
  mfa = mfa_device
  token = @options.token || token_prompt
  creds = session_token(mfa, token)
  @creds_file.write(@options.credentials_file, @options.session_profile, creds)
end

#session_token(mfa_device, otp) ⇒ Object

# File 'lib/aws_session_token/cli.rb', line 81

def session_token(mfa_device, otp)
  @sts_client = Aws::STS::Client.new
  resp = @sts_client.get_session_token(
    duration_seconds: @options.duration,
    serial_number: mfa_device,
    token_code: otp
  )
  resp.credentials
end

#set_aws_creds ⇒ Object

# File 'lib/aws_session_token/cli.rb', line 56

def set_aws_creds
  credentials = Aws::SharedCredentials.new(path: @options.credentials_file, profile_name: @options.profile)
  Aws.config.update(credentials: credentials)
rescue Aws::Errors::NoSuchProfileError
  warn "\nSpecified AWS Profile doesn't exist: #{@options.profile}"
  exit 1
end

#token_prompt ⇒ Object

# File 'lib/aws_session_token/cli.rb', line 76

def token_prompt
  cli = HighLine.new
  cli.ask "Specify the OTP Token for the profile #{@options.profile}:"
end

#validate_creds_file ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/aws_session_token/cli.rb', line 43

def validate_creds_file
  return if File.exist?(@options.credentials_file) && File.writable?(@options.credentials_file)
  unless File.exist?(@options.credentials_file)
    raise(
      ArgumentError, "Specified credentials file is missing: #{@options.credentials_file}"
    )
  end
  raise(
    ArgumentError,
    "Specified credentials file cannot be modified by current user: #{@options.credentials_file}"
  )
end