class AwsRunAs::Main

Main program logic for aws-runas - sets up sts asession and assumed role, and hands off environment to called process.

Public Class Methods

new(path: nil, profile: default, mfa_code: nil, no_role: nil) click to toggle source

Instantiate the object and set up the path, profile, and populate MFA

# File lib/aws_runas/main.rb, line 29
def initialize(path: nil, profile: default, mfa_code: nil, no_role: nil)
  cfg_path = if path
               path
             else
               AwsRunAs::Config.find_config_file
             end
  @cfg = AwsRunAs::Config.new(path: cfg_path, profile: profile)
  @mfa_code = mfa_code
  @no_role = no_role
end

Public Instance Methods

assume_role() click to toggle source
# File lib/aws_runas/main.rb, line 49
def assume_role
  session_id = "aws-runas-session_#{Time.now.to_i}"
  role_arn = @cfg.load_config_value(key: 'role_arn')
  mfa_serial = @cfg.load_config_value(key: 'mfa_serial') unless ENV.include?('AWS_SESSION_TOKEN')
  if @no_role
    raise 'No mfa_serial in selected profile, session will be useless' if mfa_serial.nil?
    @session = sts_client.get_session_token(
      duration_seconds: 86400,
      serial_number: mfa_serial,
      token_code: @mfa_code
    )
  else
    @session = Aws::AssumeRoleCredentials.new(
      client: sts_client,
      role_arn: role_arn,
      serial_number: mfa_serial,
      token_code: @mfa_code,
      role_session_name: session_id
    )
  end
end
credentials_env() click to toggle source
# File lib/aws_runas/main.rb, line 75
def credentials_env
  env = {}
  env['AWS_ACCESS_KEY_ID'] = session_credentials.access_key_id
  env['AWS_SECRET_ACCESS_KEY'] = session_credentials.secret_access_key
  env['AWS_SESSION_TOKEN'] = session_credentials.session_token
  env['AWS_RUNAS_PROFILE'] = @cfg.profile
  unless @cfg.load_config_value(key: 'region').nil?
    env['AWS_REGION'] = @cfg.load_config_value(key: 'region')
    env['AWS_DEFAULT_REGION'] = @cfg.load_config_value(key: 'region')
  end
  if @no_role
    env['AWS_SESSION_EXPIRATION'] = session_credentials.expiration.to_s
    env['AWS_SESSION_EXPIRATION_UNIX'] = DateTime.parse(session_credentials.expiration.to_s).strftime('%s')
  else
    env['AWS_SESSION_EXPIRATION'] = @session.expiration.to_s
    env['AWS_SESSION_EXPIRATION_UNIX'] = DateTime.parse(@session.expiration.to_s).strftime('%s')
    env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn')
  end
  env
end
handoff(command: nil, argv: nil, skip_prompt:) click to toggle source
# File lib/aws_runas/main.rb, line 96
def handoff(command: nil, argv: nil, skip_prompt:)
  env = credentials_env
  unless command
    AwsRunAs::Utils.handoff_to_shell(env: env, profile: @no_role ? nil : @cfg.profile, skip_prompt: skip_prompt)
  end
  exec(env, command, *argv)
end
session_credentials() click to toggle source
# File lib/aws_runas/main.rb, line 71
def session_credentials
  @session.credentials
end
sts_client() click to toggle source
# File lib/aws_runas/main.rb, line 40
def sts_client
  region = @cfg.load_config_value(key: 'region')
  region = 'us-east-1' unless region
  Aws::STS::Client.new(
    profile: @cfg.load_source_profile,
    region: region
  )
end