Module: Awskeyring

Defined in:

lib/awskeyring.rb,
lib/awskeyring/input.rb,
lib/awskeyring/awsapi.rb,
lib/awskeyring/version.rb,
lib/awskeyring/validate.rb

Overview

Awskeyring Module, gives you an interface to access keychains and items.

Defined Under Namespace

Modules: Awsapi, Input, Validate

Constant Summary

PREFS_FILE =

Default rpeferences fole path

(File.expand_path '~/.awskeyring').freeze

ROLE_PREFIX =

Prefix for Roles

'role '.freeze

ACCOUNT_PREFIX =

Prefix for Accounts

'account '.freeze

SESSION_KEY_PREFIX =

Prefix for Session Keys

'session-key '.freeze

SESSION_TOKEN_PREFIX =

Prefix for Session Tokens

'session-token '.freeze

FIVE_MINUTES =

Default keychain Lock period

300

DEFAULT_KEY_AGE =

Default warning of key age in days.

90

DEFAULT_CONSOLE_LIST =

Default Console Paths

%w[cloudformation ec2/v2 iam rds route53 s3 sns sqs vpc].freeze

VERSION =

The Gems version number

'0.10.0'.freeze

Class Method Summary

• .account_exists(account_name) ⇒ Object

  Validate account exists.

• .account_not_exists(account_name) ⇒ Object

  Validate account does not exists.

• .add_account(account:, key:, secret:, mfa:) ⇒ Object

  Add an account item.

• .add_role(role:, arn:) ⇒ Object

  Add a Role item.

• .add_token(params = {}) ⇒ Object

  add a session token pair of items.

• .delete_account(account:, message:) ⇒ Object

  Delete an Account.

• .delete_role(role_name:, message:) ⇒ Object

  Delete a role.

• .delete_token(account:, message:) ⇒ Object

  Delete a session token.

• .get_role_arn(role_name:) ⇒ Object

  get the ARN for a role.

• .get_valid_creds(account:, no_token: false) ⇒ Object

  Return valid creds for account.

• .init_keychain(awskeyring:) ⇒ Object

  Create a new Keychain.

• .key_age ⇒ Object

  Return Key age warning number.

• .list_account_names ⇒ Object

  Return a list account item names.

• .list_console_path ⇒ Object

  Return a list of console paths.

• .list_role_names ⇒ Object

  Return a list role item names.

• .prefs ⇒ Hash

  Retrieve the preferences.

• .update_account(account:, key:, secret:) ⇒ Object

  update and account item.

Class Method Details

.account_exists(account_name) ⇒ Object

Validate account exists

Parameters:

• account_name (String) —

  the associated account name.

# File 'lib/awskeyring.rb', line 287

def self.account_exists(account_name)
  Awskeyring::Validate.account_name(account_name)
  raise 'Account does not exist' unless list_account_names.include?(account_name)

  account_name
end

.account_not_exists(account_name) ⇒ Object

Validate account does not exists

Parameters:

• account_name (String) —

  the associated account name.

# File 'lib/awskeyring.rb', line 297

def self.account_not_exists(account_name)
  Awskeyring::Validate.account_name(account_name)
  raise 'Account already exists' if list_account_names.include?(account_name)

  account_name
end

.add_account(account:, key:, secret:, mfa:) ⇒ Object

Add an account item

Parameters:

• account (String) —

  The account name to create

• key (String) —

  The aws_access_key_id

• secret (String) —

  The aws_secret_key

• mfa (String) —

  The arn of the MFA device

# File 'lib/awskeyring.rb', line 94

def self.add_account(account:, key:, secret:, mfa:)
  all_items.create(
    label: ACCOUNT_PREFIX + account,
    account: key,
    password: secret,
    comment: mfa
  )
end

.add_role(role:, arn:) ⇒ Object

Add a Role item

Parameters:

• role (String) —

  The role name to add

• arn (String) —

  The arn of the role

# File 'lib/awskeyring.rb', line 119

def self.add_role(role:, arn:)
  all_items.create(
    label: ROLE_PREFIX + role,
    account: arn,
    password: '',
    comment: ''
  )
end

.add_token(params = {}) ⇒ Object

add a session token pair of items

Parameters:

• params (Hash) (defaults to: {}) —

  including account The name of the accont key The aws_access_key_id secret The aws_secret_access_key token The aws_sesson_token expiry time of expiry role The role used

# File 'lib/awskeyring.rb', line 137

def self.add_token(params = {})
  all_items.create(label: SESSION_KEY_PREFIX + params[:account],
                   account: params[:key],
                   password: params[:secret],
                   comment: params[:role].nil? ? '' : ROLE_PREFIX + params[:role])
  all_items.create(label: SESSION_TOKEN_PREFIX + params[:account],
                   account: params[:expiry],
                   password: params[:token],
                   comment: params[:role] || '')
end

.delete_account(account:, message:) ⇒ Object

Delete an Account

Parameters:

• account (String) —

  The account to delete

• message (String) —

  The message to display

# File 'lib/awskeyring.rb', line 263

def self.delete_account(account:, message:)
  delete_token(account: account, message: I18n.t('message.delexpired'))
  cred = get_item(account: account)
  return unless cred

  puts message if message
  cred.delete
end

.delete_role(role_name:, message:) ⇒ Object

Delete a role

Parameters:

• role_name (String) —

  The role to delete

• message (String) —

  The message to display

# File 'lib/awskeyring.rb', line 276

def self.delete_role(role_name:, message:)
  role = get_role(role_name: role_name)
  return unless role

  puts message if message
  role.delete
end

.delete_token(account:, message:) ⇒ Object

Delete a session token

Parameters:

• account (String) —

  The account to delete a token for

• message (String) —

  The message to display

# File 'lib/awskeyring.rb', line 254

def self.delete_token(account:, message:)
  session_key, session_token = get_token_pair(account: account)
  delete_pair(key: session_key, token: session_token, message: message)
end

.get_role_arn(role_name:) ⇒ Object

get the ARN for a role

Parameters:

• role_name (String) —

  The role name to retrieve

# File 'lib/awskeyring.rb', line 225

def self.get_role_arn(role_name:)
  role_item = get_role(role_name: role_name)
  role_item.attributes[:account] if role_item
end

.get_valid_creds(account:, no_token: false) ⇒ Object

Return valid creds for account

Parameters:

• account (String) —

  The account to retrieve

• no_token (Boolean) (defaults to: false) —

  Flag to skip tokens

# File 'lib/awskeyring.rb', line 207

def self.get_valid_creds(account:, no_token: false)
  cred, temp_cred = get_valid_item_pair(account: account, no_token: no_token)
  token = temp_cred.password unless temp_cred.nil?
  expiry = temp_cred.attributes[:account].to_i unless temp_cred.nil?
  {
    account: account,
    expiry: expiry,
    key: cred.attributes[:account],
    mfa: no_token ? cred.attributes[:comment] : nil,
    secret: cred.password,
    token: token,
    updated: cred.attributes[:updated_at]
  }
end

.init_keychain(awskeyring:) ⇒ Object

Create a new Keychain

Parameters:

• awskeyring (String) —

  The keychain name to create

# File 'lib/awskeyring.rb', line 39

def self.init_keychain(awskeyring:)
  keychain = Keychain.create(awskeyring)
  keychain.lock_interval = FIVE_MINUTES
  keychain.lock_on_sleep = true

  prefs = {
    awskeyring: awskeyring,
    keyage: DEFAULT_KEY_AGE,
    console: DEFAULT_CONSOLE_LIST
  }
  File.new(Awskeyring::PREFS_FILE, 'w').write JSON.dump(prefs)
end

.key_age ⇒ Object

Return Key age warning number

# File 'lib/awskeyring.rb', line 181

def self.key_age
  prefs.key?('keyage') ? prefs['keyage'] : DEFAULT_KEY_AGE
end

.list_account_names ⇒ Object

Return a list account item names

# File 'lib/awskeyring.rb', line 166

def self.list_account_names
  list_items.map { |elem| elem.attributes[:label][(ACCOUNT_PREFIX.length)..-1] }
end

.list_console_path ⇒ Object

Return a list of console paths

# File 'lib/awskeyring.rb', line 176

def self.list_console_path
  prefs.key?('console') ? prefs['console'] : DEFAULT_CONSOLE_LIST
end

.list_role_names ⇒ Object

Return a list role item names

# File 'lib/awskeyring.rb', line 171

def self.list_role_names
  list_roles.map { |elem| elem.attributes[:label][(ROLE_PREFIX.length)..-1] }
end

.prefs ⇒ Hash

Retrieve the preferences

Returns:

• (Hash) —

  prefs of the gem

# File 'lib/awskeyring.rb', line 28

def self.prefs
  if File.exist? PREFS_FILE
    JSON.parse(File.read(PREFS_FILE))
  else
    {}
  end
end

.update_account(account:, key:, secret:) ⇒ Object

update and account item

Parameters:

• account (String) —

  The account to update

• key (String) —

  The aws_access_key_id

• secret (String) —

  The aws_secret_key

# File 'lib/awskeyring.rb', line 108

def self.update_account(account:, key:, secret:)
  item = get_item(account: account)
  item.attributes[:account] = key
  item.password = secret
  item.save!
end