-
Notifications
You must be signed in to change notification settings - Fork 0
/
_bmclib.sh
141 lines (124 loc) · 4.58 KB
/
_bmclib.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
MISSING_DEPS=()
function show_version(){
version=`cat $thisdir/VERSION-bmc`
echo
echo " bmc v${version}"
echo " Bill McCloud's Toolbox"
echo
echo " http://github.com/wearetechnative/bmc"
echo
echo " by Wouter, Pim, et al."
echo " © Technative 2024"
echo
}
function loadConfig(){
conffile="${HOME}/.config/bmc/config.env"
if [ -f ${conffile} ]; then
source $conffile
fi
}
function checkdeps(){
if ! command -v $1 &> /dev/null
then
MISSING_DEPS+=("$1")
echo "<$1> could not be found"
echo " install this program first"
fi
}
function deps_missing(){
if [ ${#MISSING_DEPS[@]} -gt 0 ]
then
exit 1
fi
}
function checkOS {
if [ -f /etc/lsb-release ]; then
osType="linux"
elif [ -f /System/Library/CoreServices/SystemVersion.plist ]; then
osType="macos"
else
osType="other"
fi
}
function setDates {
unset currentMFASessionExpirationDate
expiration=$(sed -n -e "/\[$sourceProfile\]/,/^$/ s/^[[:space:]]*expiration[[:space:]]*=[[:space:]]*\(.*\)/\1/p" "$HOME/.aws/credentials")
if [[ -z ${expiration} ]]; then expiration="1970-01-01 01:00:00"; fi
if [[ ${osType} == "macos" ]]; then
currentMFASessionExpirationDate=$(date -j -f "%Y-%m-%d %H:%M:%S" "${expiration}" "+%s" 2>/dev/null)
dateCmd="date -j -f "
elif [[ ${osType} == "linux" ]]; then
currentMFASessionExpirationDate=$(date -d "$expiration" +%s 2>/dev/null)
else
currentMFASessionExpirationDate="0"
fi
date_now=$(date +%s)
}
function convertTime() {
local input_time=$1
if [[ $input_time =~ ^[0-9]+$ ]]; then
if [[ $(uname) == "Darwin" ]]; then
date -j -f "%s" $input_time +"%Y-%m-%d %H:%M:%S"
else
date -d @$input_time +"%Y-%m-%d %H:%M:%S"
fi
else
if [[ $(uname) == "Darwin" ]]; then
date -j -f "%Y-%m-%d %H:%M:%S" "$input_time" +"%s"
else
date -d "$input_time" +"%s"
fi
fi
}
function printAWSProfiles {
jsonify-aws-dotfiles | jq -r '
.config | to_entries |
map({profile: .key, group: .value.group, arn_number: (.value.role_arn // "" | capture("arn:aws:iam::(?<number>\\d+):").number // "")}) |
group_by(.group) |
map({group: .[0].group, profiles: map({profile: .profile, arn_number: .arn_number, group: .group})}) |
.[] |
.profiles | map("\(.group)\t\(.profile)\t\(.arn_number)") |
join("\n")
' | awk 'BEGIN {print "Group\tName\tARN number"} {print}' | column -t -s $'\t'
}
function selectAWSProfile {
awsProfileGroups=$(jsonify-aws-dotfiles | jq -r '[.config[].group] | unique | sort | .[]' | grep -v null | gum choose --height 25)
selectedProfile=$(jsonify-aws-dotfiles | jq -r --arg group "$awsProfileGroups" '.config | to_entries | map(select(.value.group == $group)) | (["AWS ACCOUNT", "ROLE"] | @csv), (.[] | [.key, .value.role_arn] | @csv)' | gum table -w 40,120 --height 30)
selectedProfileName=$(echo "${selectedProfile}" | awk -F "," '{print $1}')
selectedProfileARN=$(echo "${selectedProfile}" | awk -F "," '{print $2}')
selectedProfileAccountID=$(echo "${selectedProfileARN}" | awk -F ":" '{print $5}')
# if ! expr "${selectedProfileAccountID}" + 0 &>/dev/null; then echo "Error determing AccountID from ARN" ; fi
sourceProfile=$(jsonify-aws-dotfiles | jq -r --arg arn "$selectedProfileARN" ' .config | to_entries | map(select(.value.role_arn == $arn)) | .[0].value.source_profile // "Error" ')
if [[ ${sourceProfile} == "Error" ]]; then sourceProfile=${selectedProfileName}; fi
}
function setMFA {
checkOS
setDates
echo
echo "MFA: ${mfa}"
if [[ ${mfa} == "true" ]]; then
awsMFADevice=$(awk -v profile="${sourceProfile}-long-term" ' $0 == "[" profile "]" {found=1; next} /^\[.*\]/ {found=0} found && /^aws_mfa_device/ {print $3; exit} ' ~/.aws/credentials)
if [[ -z ${currentMFASessionExpirationDate} ]]; then expiration="1" ;fi
if [[ ${currentMFASessionExpirationDate} -lt ${date_now} ]]; then
if [[ ! -z ${awsMFADevice} ]]; then
echo aws-mfa --profile ${sourceProfile} --force --device ${awsMFADevice}
if [[ ! -z $totpScript ]]; then
totpCode=$(${totpScript})
echo ${totpCode} | ${clipboardCommand}
echo "-- Copied to clipboard";
echo "${totpCode}"
else
echo "Code: ${totpCode}"
fi
aws-mfa --profile ${sourceProfile} --force --device ${awsMFADevice}
if [[ $? -ne 0 ]]; then echo "!! Error with AWS MFA code for device. Wrong TOPT?"; return;fi
else
echo "!! awsMFADevice not found. Can't renew session"
echo
fi
else
echo "Current MFA Session Valid, until: $(convertTime ${currentMFASessionExpirationDate})"
echo
fi
fi
}