class AwsRunAs::Main
Main
program logic for aws-runas - sets up sts asession and assumed role, and hands off environment to called process.
Public Class Methods
new(path: nil, profile: default, mfa_code: nil, no_role: nil)
click to toggle source
Instantiate the object and set up the path, profile, and populate MFA
# File lib/aws_runas/main.rb, line 29 def initialize(path: nil, profile: default, mfa_code: nil, no_role: nil) cfg_path = if path path else AwsRunAs::Config.find_config_file end @cfg = AwsRunAs::Config.new(path: cfg_path, profile: profile) @mfa_code = mfa_code @no_role = no_role end
Public Instance Methods
assume_role()
click to toggle source
# File lib/aws_runas/main.rb, line 49 def assume_role session_id = "aws-runas-session_#{Time.now.to_i}" role_arn = @cfg.load_config_value(key: 'role_arn') mfa_serial = @cfg.load_config_value(key: 'mfa_serial') unless ENV.include?('AWS_SESSION_TOKEN') if @no_role raise 'No mfa_serial in selected profile, session will be useless' if mfa_serial.nil? @session = sts_client.get_session_token( duration_seconds: 86400, serial_number: mfa_serial, token_code: @mfa_code ) else @session = Aws::AssumeRoleCredentials.new( client: sts_client, role_arn: role_arn, serial_number: mfa_serial, token_code: @mfa_code, role_session_name: session_id ) end end
credentials_env()
click to toggle source
# File lib/aws_runas/main.rb, line 75 def credentials_env env = {} env['AWS_ACCESS_KEY_ID'] = session_credentials.access_key_id env['AWS_SECRET_ACCESS_KEY'] = session_credentials.secret_access_key env['AWS_SESSION_TOKEN'] = session_credentials.session_token env['AWS_RUNAS_PROFILE'] = @cfg.profile unless @cfg.load_config_value(key: 'region').nil? env['AWS_REGION'] = @cfg.load_config_value(key: 'region') env['AWS_DEFAULT_REGION'] = @cfg.load_config_value(key: 'region') end if @no_role env['AWS_SESSION_EXPIRATION'] = session_credentials.expiration.to_s env['AWS_SESSION_EXPIRATION_UNIX'] = DateTime.parse(session_credentials.expiration.to_s).strftime('%s') else env['AWS_SESSION_EXPIRATION'] = @session.expiration.to_s env['AWS_SESSION_EXPIRATION_UNIX'] = DateTime.parse(@session.expiration.to_s).strftime('%s') env['AWS_RUNAS_ASSUMED_ROLE_ARN'] = @cfg.load_config_value(key: 'role_arn') end env end
handoff(command: nil, argv: nil, skip_prompt:)
click to toggle source
# File lib/aws_runas/main.rb, line 96 def handoff(command: nil, argv: nil, skip_prompt:) env = credentials_env unless command AwsRunAs::Utils.handoff_to_shell(env: env, profile: @no_role ? nil : @cfg.profile, skip_prompt: skip_prompt) end exec(env, command, *argv) end
session_credentials()
click to toggle source
# File lib/aws_runas/main.rb, line 71 def session_credentials @session.credentials end
sts_client()
click to toggle source
# File lib/aws_runas/main.rb, line 40 def sts_client region = @cfg.load_config_value(key: 'region') region = 'us-east-1' unless region Aws::STS::Client.new( profile: @cfg.load_source_profile, region: region ) end