|
1 | | -require "version" |
2 | | -require "aws-sdk" |
3 | | -require 'fileutils' |
4 | | - |
5 | | -module AwsRotateKeys |
6 | | - def self.call(*args) |
7 | | - Runner.new(*args).call |
8 | | - end |
9 | | - |
10 | | - class Runner |
11 | | - attr_reader :iam, :credentials_path, :stdout, :env |
12 | | - |
13 | | - def initialize(iam: Aws::IAM::Client.new, |
14 | | - credentials_path: "#{Dir.home}/.aws/credentials", |
15 | | - stdout: $stdout, |
16 | | - env: ENV) |
17 | | - @iam = iam |
18 | | - @credentials_path = credentials_path |
19 | | - @stdout = stdout |
20 | | - @env = env |
21 | | - end |
22 | | - |
23 | | - def call |
24 | | - log "Creating access key..." |
25 | | - new_key = create_access_key |
26 | | - |
27 | | - create_credentials_directory_if_needed |
28 | | - |
29 | | - if credentials_file_exists? |
30 | | - log "Backing up #{credentials_path} to #{credentials_backup_path}..." |
31 | | - backup_aws_credentials_file |
32 | | - end |
33 | | - |
34 | | - log "Writing new access key to #{credentials_path}" |
35 | | - write_aws_credentials_file(new_key) |
36 | | - |
37 | | - log "Deleting your oldest access key..." |
38 | | - delete_oldest_access_key |
39 | | - |
40 | | - log "You're all set!" |
41 | | - |
42 | | - if aws_environment_variables? |
43 | | - log aws_environment_variables_warning_message |
44 | | - end |
45 | | - end |
46 | | - |
47 | | - private |
48 | | - |
49 | | - def create_access_key |
50 | | - create_access_key_response = iam.create_access_key |
51 | | - create_access_key_response.access_key |
52 | | - end |
53 | | - |
54 | | - def create_credentials_directory_if_needed |
55 | | - FileUtils.mkdir_p(credentials_dir) |
56 | | - end |
57 | | - |
58 | | - def credentials_file_exists? |
59 | | - File.exist?(credentials_path) |
60 | | - end |
61 | | - |
62 | | - # ex. ~/aws/credentials.bkp-2017-01-06-16-38-07--0800 |
63 | | - def credentials_backup_path |
64 | | - credentials_path + ".bkp-#{Time.now.to_s.gsub(/[^\d]/, '-')}" |
65 | | - end |
66 | | - |
67 | | - def backup_aws_credentials_file |
68 | | - FileUtils.cp(credentials_path, credentials_backup_path) |
69 | | - end |
70 | | - |
71 | | - def write_aws_credentials_file(access_key) |
72 | | - File.open(credentials_path, "w") do |f| |
73 | | - f.puts "[default]" |
74 | | - f.puts "aws_access_key_id = #{access_key.access_key_id}" |
75 | | - f.puts "aws_secret_access_key = #{access_key.secret_access_key}" |
76 | | - end |
77 | | - end |
78 | | - |
79 | | - def delete_oldest_access_key |
80 | | - list_access_keys_response = iam.list_access_keys |
81 | | - access_keys = list_access_keys_response.access_key_metadata |
82 | | - |
83 | | - oldest_access_key = access_keys.sort_by(&:create_date).first |
84 | | - iam.delete_access_key(access_key_id: oldest_access_key.access_key_id) |
85 | | - end |
86 | | - |
87 | | - def credentials_dir |
88 | | - File.dirname(credentials_path) |
89 | | - end |
90 | | - |
91 | | - def log(msg) |
92 | | - stdout.puts msg |
93 | | - end |
94 | | - |
95 | | - def aws_environment_variables? |
96 | | - env['AWS_ACCESS_KEY_ID'] || env['AWS_SECRET_ACCESS_KEY'] |
97 | | - end |
98 | | - |
99 | | - def aws_environment_variables_warning_message |
100 | | - "We've noticed that the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set.\n" + |
101 | | - "Please remove them so that aws cli and libraries use #{credentials_path} instead." |
102 | | - end |
103 | | - end |
104 | | -end |
| 1 | +require "aws_rotate_keys/cli" |
0 commit comments