Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

brew: improve formula to remove deprecated syntax #76

Merged
merged 4 commits into from
Jun 22, 2023
Merged

brew: improve formula to remove deprecated syntax #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e713f31
brew: improve formula to remove deprecated syntax
Volatus Apr 7, 2023
1963cf4
brew: refine formula further
Volatus Apr 13, 2023
14afe4e
docs: modernize Homebrew/macOS instructions
Volatus Apr 13, 2023
5ab9cc6
fix: revert log path changes
Volatus May 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions README.template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,23 +188,23 @@ The Homebrew formula installs a launchd job which can be used to automatically
rotate your IAM keys daily. Unfortunately, Homebrew forumlae cannot
automatically start launchd jobs, so you must manually enable it:

```
```sh
brew services start aws-rotate-iam-keys
```

A default/global configuration file for the launchd job is installed to:

```
/usr/local/etc/aws-rotate-iam-keys
```sh
$(brew --prefix)/etc/aws-rotate-iam-keys
```

This default configuration rotates keys for your default AWS profile only.
To customise the configuration, for example to rotate multiple keys, create a
copy of this file named `.aws-rotate-iam-keys` in your home directory and edit
it, e.g.

```
cp /usr/local/etc/aws-rotate-iam-keys ~/.aws-rotate-iam-keys
```sh
cp $(brew --prefix)/etc/aws-rotate-iam-keys ~/.aws-rotate-iam-keys
nano ~/.aws-rotate-iam-keys
```

Expand All @@ -221,24 +221,24 @@ multiple lines to the configuration, e.g.
If you do customise the configuration, you can test that it works by restarting
the service:

```
```sh
brew services restart aws-rotate-iam-keys
```

That's it. Your keys should have been rotated, and will now be rotated every
day for you. You can use the AWS CLI to check that your access keys have been
rotated as expected, e.g.

```
```sh
aws iam list-access-keys --profile default
```

If it hasn't worked, check the MacOS system log for error entries matching
`aws-rotate-iam-keys`. If you can't find anything useful, the launchd job also
writes output to a file in the `/tmp` directory matching the job name, e.g.

```
/tmp/homebrew.mxcl.aws-rotate-iam-keys.log
```sh
cat /tmp/homebrew.mxcl.aws-rotate-iam-keys.log
```

### Other Linux
Expand All @@ -251,7 +251,7 @@ EDITOR=nano crontab -e

Copy and paste the following line into the end of the crontab file:

```
```cron
33 4 * * * /usr/bin/aws-rotate-iam-keys --profile default >/dev/null #rotate AWS keys daily
```

Expand Down Expand Up @@ -307,4 +307,4 @@ PowerShell script file: `MD5 ${WIN_MD5}`

## Changes to this file

${TEMPLATE_DISCLAIMER}
${TEMPLATE_DISCLAIMER}
55 changes: 14 additions & 41 deletions aws-rotate-iam-keys.template.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,12 @@ class AwsRotateIamKeys < Formula
homepage "https://aws-rotate-iam-keys.com"
url "${HOMEBREW_URL}"
sha256 "${HOMEBREW_SHA}"
depends_on "awscli" => :recommended
depends_on "gnu-getopt"
depends_on "jq"
depends_on "awscli" => :recommended

head do
Dir.chdir(File.expand_path(File.join(File.dirname(__FILE__), '../'))) do
url %x{git config --local --get remote.origin.url | tr -d '\n'}, using: :git
end
url "https://github.com/rhyeal/aws-rotate-iam-keys.git"
end

def install
Expand All @@ -27,7 +25,7 @@ def install
end

def caveats
s = <<~EOS
<<~EOS
We've installed a default/global configuration file to:
#{etc}/aws-rotate-iam-keys

Expand All @@ -50,42 +48,17 @@ def caveats
EOS
end

plist_options :startup => false

def plist; <<~EOS
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
</dict>
<key>Label</key>
<string>#{plist_name}</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>-c</string>
<string>if ! curl -s www.google.com > /dev/null; then sleep 60; fi; cp /dev/null /tmp/#{plist_name}.log ; ( egrep '^[[:space:]]*-' ~/.aws-rotate-iam-keys 2>/dev/null || cat #{etc}/aws-rotate-iam-keys ) | while read line; do aws-rotate-iam-keys §line; done</string>
</array>
<key>StandardOutPath</key>
<string>/tmp/#{plist_name}.log</string>
<key>StandardErrorPath</key>
<string>/tmp/#{plist_name}.log</string>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>3</integer>
<key>Minute</key>
<integer>23</integer>
</dict>
</dict>
</plist>
EOS
def log_path
"/tmp/#{plist_name}.log"
end
service do
run ["bash", "-c", "if ! curl -s www.google.com; then sleep 60; fi; cp /dev/null #{f.log_path} ; ( grep -E ^[[:space:]]*- ~/.aws-rotate-iam-keys || cat #{etc}/aws-rotate-iam-keys ) | while read line; do #{opt_bin}/aws-rotate-iam-keys $line; done"]
run_type :cron
run_at_load true
cron "23 3 * * *"
environment_variables PATH: std_service_path_env
log_path f.log_path
error_log_path f.log_path
end

test do
Expand Down