Merge pull request #7 from randomvariable/0.1.2-candidate

0.1.2 candidate fixes

.gitignore

@@ -5,3 +5,5 @@ pkg/
 Gemfile.lock
 spec/reports/
 tags
+*.gem
+coverage

.rubocop.yml

@@ -1,5 +1,4 @@
 ---
-#require: rubocop-rspec
 AllCops:
     DisplayCopNames: true
     Exclude:
@@ -26,9 +25,6 @@ Metrics/PerceivedComplexity:
 Style/IndentationWidth:
     Width: 4
 
-RSpec/ExampleLength:
-    Enabled: false
-
 Style/TrailingCommaInArguments:
     EnforcedStyleForMultiline: comma
 

.ruby-version

@@ -0,0 +1 @@
+2.1.10

.simplecov

@@ -0,0 +1,22 @@
+require 'coveralls'
+Coveralls.wear_merged!
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter
+])
+
+SimpleCov.start do
+
+  project_name 'AWS Assume Role'
+
+  add_filter '/spec/'
+  add_filter 'lib/aws_assume_role/vendored'
+
+  %w(aws_assume_role).each do |group_name|
+    add_group(group_name, "/#{group_name}/lib")
+  end
+
+  merge_timeout 60 * 15 # 15 minutes
+
+end

.travis.yml

@@ -1,11 +1,20 @@
 language: ruby
 rvm:
+- 2.1
 - 2.2
+- 2.3.0
+sudo: false
+script: bundle exec rake
 deploy:
   provider: rubygems
   api_key:
-    secure: ndWQ3WVAkQRcKO1MhKz4OY7shjLpGNtOw6vUR62Eza9nc1i32pyLXs3N8gfXpSQff9SvJP/3UL1GaDDFbA539bMAlLqLaXtsLlu6rUr+QTpa3a9Y1iQfuLixJ/lzJU/7KmWJkUG9iKs/7p+83X9uUQK10BA1eHuClNOmTkLrw4s5WgDaKKG7Sy9ihZ4gIQtONQHZbCQy21UOeuObGXAuPi3mLunoe/ygmCIrNt8T3BmuBmDoB9q6Z1YChEDnyWi5ALnHckZO0IQ5U5BP5WLTaqSKDXtcUifs9uPJ2YHubqghpbIf+5MOfrG92zFoSR4NIuFjhkQ4yT9rRZ8g1bOhBFLe5Xa/GJbX5XNWq/IStEOiWnXPaR6kpTpmjskR1NbonfPB1or++wh7zRT9AQE+loZKWrUTGLRa1vGTlIMVQzzF5jskbIogA8Rmzg0K4vGJ8W0xftWTez/1WWl+yJEwd8JIU9fHp+P1dsLf3bZ8vFgkH0jMm6neaibK7O64RbPdAERQ5s+9zXGjYug5H6xPnWYP7c/tAJn4g020aUGhdftTwpMpf8d3dLa3J4PYQ8XBeEPqjUU2DGscyL9cIbUwCfY5USwulom5tG0yeA/4nS/T36zx/QwOcw60SS2i7QGhN4CeHS6lIFbhb9lFvsRY31JDaR3TgysnX1hGASw22vs=
+    secure: H6MYP5cWFC0BtqrxW6ahc1RFxywtyKRFjGlSpyoBM+AH2y8U194toWQdGyO/QMRQVr7vAZf+MdxYTutDvnBEkwQbof6QBJ1+4GFWSqFgYAVEV5Ddva0ea5dVE8xC3rMRvd+i5KTzwuVNX/+Cux49v2wGRWZLKOmBSWbujsL8SbpdKaPi+qsClkdz3YTrHpGEEWTPNBNTwDMlg+qAX3UkqoAxD5ebrUaFPdJR83yMSGUPfTm/urlKvkx85MONuj7lPL1CyoYJCvy31bE6CWGq2L/+2Fnk8RvNMCaDffY+8YjKhWduBLrGuUYWf+ZcERxW6AxDy6BFIkekpFwpeaDmrdfSTK0aELSZogGqs9VHs9O1pTApdS/NRYDzxC9hmlvub80xC2uI1Vnhn04Z95Gh9KYh0H20UnlBJJ7ewvFPHzQ3zK8Z2O3kJOeZo0rX2d3yGOydyHlf1dX/auGnn8QVcr7w1jERQDLi5ZEAR+EGnYROvfGKjfP9rgaLoouTbEGXx7KV9QQjLUsmQ0q2yu+HoVlQaDtv7VEQTtFnvdmiVGYbWj+DhaquvTmHyiizO7hFOfvVYYFyOM2iFoRCY+dT3kapqc0DM94BUjxV3tMZX6MYNYfwnNwhNNpTXLVvVXP9cShL+ogwY/E0C2Fg2CYdY5/Ioe6hUbAiPx79dwzVfic=
   gem: aws_assume_role
   on:
     tags: true
     repo: scalefactory/aws-assume-role
+notifications:
+  slack:
+    secure: RmJmJSSDI8qdIpM2KKYoXX2mpcL85YZ9r9gF4rauZH9TuqnYOPP3kQ5iYJsE0VUTuZpuvQ8Axoux5IQr+IDK7kMrmrI0iaZp1dAR9tGK+aLF73sprOmQEou6HIoDs97UQhOWlsAUR8max/7WYdJYJ1o78dqavfFtOy0VcHCkUMRf+WxcKzz+8MunsocIYi0HXuz5vC3RAZCOaK2h8epXzmnWq0ke8YeTmddpDWC85wzeDNjA9T1j5WD+y6gC9F0vyaqVqDCsCXlbRKZl7a1TU9QGDVyBzowoGsWmTpFR80v4CKofAn6nnMRqblwATOS1jMT+HC+Yku29qFzXPugYa2KAUSQaYQiOe+TE5IDa2Exe/57ZQCOq4ve8gKSE9aQXh4Riq3u8qccM+UeoQdcwgXQIciTeWjqi4LQro6Dbyrv8XrUbxdG0VPsWmf49jbWgq6PPAJqdcbXr9eGb+81uJ2REa1vhDYZu4T3JHv4erd5QlyYWzeBJ/LMQav/C5mnMF43jg8DzZ2g0BZBao/reO9xcZre/ka8eOus9Ll1i+8PCxmFZMx2KDPC9i5R7bXL/CwPBjzFInmvHM0cgKjxrRSY6xMWSPyBbgdsKJl2qag74K5xG+2VPlMcVx0ikTKVjsja5iPlOYKhflGAfCKvpzPcd2QoEWg8jZYqZtO9Nj+M=
+    on_success: change
+    on_failure: change

Gemfile

@@ -4,6 +4,7 @@ source "https://rubygems.org"
 gemspec
 
 group :test do
+    gem "coveralls", require: false
     gem "rake"
 end
 

README.md

@@ -1,5 +1,10 @@
 aws-assume-role
 ---------------
+[![Build Status](https://travis-ci.org/scalefactory/aws-assume-role.svg?branch=master)](https://travis-ci.org/scalefactory/aws-assume-role)
+[![Coverage Status](https://coveralls.io/repos/github/scalefactory/aws-assume-role/badge.svg?branch=master)](https://coveralls.io/github/scalefactory/aws-assume-role?branch=master)
+[![Code Climate](https://codeclimate.com/github/scalefactory/aws-assume-role/badges/gpa.svg)](https://codeclimate.com/github/scalefactory/aws-assume-role)
+[![Dependencies](https://img.shields.io/librariesio/github/scalefactory/aws-assume-role.svg)](https://libraries.io/rubygems/aws_assume_role)
+[![Gem Version](https://badge.fury.io/rb/aws_assume_role.svg)](https://badge.fury.io/rb/aws_assume_role)
 
 aws-assume-role is a utility intended for developer and operator environments
 who need to use 2FA and role assumption to access AWS services.
@@ -17,11 +22,11 @@ disk as unencrypted files.
 
 It allows easy credential management and role assumption with a 2FA/MFA device.
 
-For more information on role assumption, see the AWS documentation.
+For more information on role assumption, see the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).
 
 Requirements
 ------------
-*   Ruby ≥ 2.2
+*   Ruby ≥ 2.1
 *   OS X KeyChain or GNOME Keyring
 
 Install
@@ -179,14 +184,14 @@ where options is a hash with the following symbol keys:
 `aws_assume_role` resolves credentials in almost the same way as the AWS SDK, i.e.:
 
 ```no-highlight
-static credentials ⟶ environment variables ⟶ configured profiles
+static credentials ⟶ environment variables ⟶ configured profiles role ⟶ assumption (look up source profile and check for 2FA)
 ```
 
 Any of the above may get chained to do MFA or role assumption, or both,
 in the following order:
 
 ```no-highlight
-second factor ⟶ role assumption (look up source profile and check for 2FA) ⟶ ecs/instance profile
+second factor ⟶  ecs/instance profile
 ```
 
 These are the same as the AWS SDK equivalents whereever possible. The command line help will give an explanation of the rest.

Rakefile

@@ -1,8 +1,23 @@
 require "bundler/gem_tasks"
-task default: :spec
+task default: :test
 
 begin
     require "rspec/core/rake_task"
     RSpec::Core::RakeTask.new(:spec)
 rescue LoadError # rubocop:disable Lint/HandleExceptions
 end
+
+begin
+    require "rubocop/rake_task"
+    RuboCop::RakeTask.new(:rubocop)
+rescue LoadError # rubocop:disable Lint/HandleExceptions
+end
+
+task :test => [:no_pry, :rubocop, :spec] # rubocop:disable Style/HashSyntax
+
+task :no_pry do
+    files = Dir.glob("**/**").reject { |x| x.match(/^spec|Gemfile|coverage|\.gemspec$|Rakefile/) || File.directory?(x) }
+    files.each do |file|
+        raise "Use of pry found in #{file}." if File.read(file) =~ /"pry"/
+    end
+end

aws_assume_role.gemspec

@@ -22,10 +22,10 @@ Gem::Specification.new do |spec|
     spec.executables   = spec.files.grep(%r{^bin/aws}) { |f| File.basename(f) }
     spec.require_paths = ["lib"]
 
-    spec.add_runtime_dependency "activesupport", "~> 4.0"
+    spec.add_runtime_dependency "activesupport", "~> 4.2"
     spec.add_runtime_dependency "aws-sdk", "~> 2.7"
     spec.add_runtime_dependency "dry-configurable", "~> 0.5"
-    spec.add_runtime_dependency "dry-initializer", "~> 1.1"
+    spec.add_runtime_dependency "dry-struct", "~> 0.1"
     spec.add_runtime_dependency "dry-types", "~> 0.9"
     spec.add_runtime_dependency "dry-validation", "~> 0.10"
     spec.add_runtime_dependency "gli", "~> 2.15"
@@ -38,6 +38,8 @@ Gem::Specification.new do |spec|
     spec.add_development_dependency "rspec", "~> 3.5"
     spec.add_development_dependency "rubocop", "~> 0.46"
     spec.add_development_dependency "yard", "~> 0.9"
+    spec.add_development_dependency "simplecov", "~> 0.13"
+    spec.add_development_dependency "webmock", "~> 2.3"
 
     case Gem::Platform.local.os
     when "linux"

lib/aws_assume_role/cli/actions/abstract_action.rb

@@ -4,21 +4,25 @@
 class AwsAssumeRole::Cli::Actions::AbstractAction
     include AwsAssumeRole
     include AwsAssumeRole::Types
-    include Ui
+    include AwsAssumeRole::Ui
+    include AwsAssumeRole::Logging
     CommandSchema = proc { raise "CommandSchema Not implemented" }
 
     def initialize(global_options, options, args)
         config = ProfileConfiguration.new_from_cli(global_options, options, args)
-        result = validate_options(config.to_h.deep_symbolize_keys)
+        logger.debug "Config initialized with #{config.to_hash}"
+        result = validate_options(config.to_hash)
+        logger.debug "Config validated as #{result.to_hash}"
         return act_on(config) if result.success?
         Ui.show_validation_errors result
     end
 
     private
 
     def try_for_credentials(config)
-        @provider ||= AwsAssumeRole::Credentials::Factories::DefaultChainProvider.new(config.to_h)
+        @provider ||= AwsAssumeRole::Credentials::Factories::DefaultChainProvider.new(config.to_hash)
         creds = @provider.resolve(nil_with_role_not_set: true)
+        logger.debug "Got credentials #{creds}"
         return creds unless creds.nil?
     rescue NoMethodError
         error "Cannot find any credentials"

lib/aws_assume_role/cli/actions/includes.rb

@@ -1,13 +1,5 @@
-require "i18n"
-require "aws-sdk"
-require "dry-types"
+require_relative "../includes"
 require_relative "../../types"
-require "dry-validation"
-require "active_support/core_ext/hash/compact"
-require "active_support/core_ext/hash/keys"
-require "launchy"
-require "open-uri"
-require "json"
 require_relative "../../../aws_assume_role"
 
 module AwsAssumeRole

lib/aws_assume_role/cli/actions/run.rb

@@ -20,7 +20,7 @@ class AwsAssumeRole::Cli::Actions::Run < AwsAssumeRole::Cli::Actions::AbstractAc
     def act_on(config)
         credentials = try_for_credentials config.to_h
         unless config.args.empty?
-            Runner.new(config.args,
+            Runner.new(command: config.args,
                        environment: { "AWS_DEFAULT_REGION" => resolved_region },
                        credentials: credentials)
         end

lib/aws_assume_role/cli/actions/test.rb

@@ -17,7 +17,9 @@ class AwsAssumeRole::Cli::Actions::Test < AwsAssumeRole::Cli::Actions::AbstractA
     end
 
     def act_on(config)
-        credentials = try_for_credentials config.to_h
+        logger.debug "Will try for credentials"
+        credentials = try_for_credentials config
+        logger.debug "Got credentials #{credentials}"
         client = Aws::STS::Client.new(credentials: credentials, region: resolved_region)
         identity = client.get_caller_identity
         out format(t("commands.test.output"), identity.account, identity.arn, identity.user_id)

lib/aws_assume_role/cli/includes.rb

@@ -0,0 +1 @@
+require_relative "../includes"

lib/aws_assume_role/core_ext/aws-sdk/includes.rb

@@ -1,4 +1,4 @@
-require "aws-sdk"
+require_relative "../../includes"
 module AwsAssumeRole
     module CoreExt
         module Aws

lib/aws_assume_role/credentials/factories/abstract_factory.rb

@@ -15,7 +15,7 @@ def initialize(_options)
     end
 
     def self.type(str)
-        @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :role_assumption_provider)[str]
+        @type = Types::Strict::Symbol.enum(:credential_provider, :second_factor_provider, :instance_role_provider)[str]
         register_if_complete
     end
 

lib/aws_assume_role/credentials/factories/assume_role.rb

@@ -4,11 +4,14 @@
 
 class AwsAssumeRole::Credentials::Factories::AssumeRole < AwsAssumeRole::Credentials::Factories::AbstractFactory
     include AwsAssumeRole::Credentials::Factories
-    type :role_assumption_provider
-    priority 30
+    type :credential_provider
+    priority 20
 
     def initialize(options)
+        logger.debug "AwsAssumeRole::Credentials::Factories::AssumeRole initiated with #{options}"
+        return unless options[:profile] || options[:role_arn]
         if options[:profile]
+            logger.debug "AwsAssumeRole: #{options[:profile]} found. Trying with profile"
             try_with_profile(options)
         else
             if options[:use_mfa]
@@ -19,20 +22,16 @@ def initialize(options)
     end
 
     def try_with_profile(options)
-        if AwsAssumeRole.shared_config.config_enabled?
-            @profile = options[:profile]
-            @region = options[:region]
-            @credentials = assume_role_with_profile(options[:profle], options[:region])
-        end
-        @credentials = assume_role_with_profile(@profile, @region)
-        @region ||= AwsAssumeRole.shared_config.profile_region(@profiles)
+        return unless AwsAssumeRole.shared_config.config_enabled?
+        logger.debug "AwsAssumeRole: Shared Config enabled"
+        @profile = options[:profile]
+        @region = options[:region]
+        @credentials = assume_role_with_profile(options)
+        @region ||= AwsAssumeRole.shared_config.profile_region(@profile)
         @role_arn ||= AwsAssumeRole.shared_config.profile_role(@profile)
     end
 
-    def assume_role_with_profile(prof, region)
-        AwsAssumeRole.shared_config.assume_role_credentials_from_config(
-            profile: prof,
-            region: region,
-        )
+    def assume_role_with_profile(options)
+        AwsAssumeRole.shared_config.assume_role_credentials_from_config(options)
     end
 end