summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkgs/aws-console/default.nix38
-rw-r--r--pkgs/aws-console/src/aws-console.sh36
-rw-r--r--pkgs/default.nix1
3 files changed, 75 insertions, 0 deletions
diff --git a/pkgs/aws-console/default.nix b/pkgs/aws-console/default.nix
new file mode 100644
index 0000000..4e055a4
--- /dev/null
+++ b/pkgs/aws-console/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, lib, makeWrapper, jq, curl }:
+let
+ buildInputs = [
+ curl
+ jq
+ ];
+in
+stdenv.mkDerivation {
+ name = "aws-console";
+ version = "1.0.0";
+
+ src = lib.fileset.toSource {
+ root = ./src;
+ fileset = ./src/aws-console.sh;
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+ buildInputs = buildInputs;
+
+ postInstall = ''
+ mkdir -p $out/bin
+ cp -v aws-console.sh $out/bin/aws-console
+ chmod +x $out/bin/aws-console
+ '';
+
+
+ postFixup = ''
+ wrapProgram $out/bin/aws-console \
+ --prefix PATH : "${lib.makeBinPath buildInputs}"
+ '';
+
+ meta = with lib; {
+ description = "Opens the AWS console with the current credentials";
+ license = licenses.gpl2Plus;
+ mainProgram = "aws-console";
+ platforms = platforms.unix;
+ };
+}
diff --git a/pkgs/aws-console/src/aws-console.sh b/pkgs/aws-console/src/aws-console.sh
new file mode 100644
index 0000000..77c2320
--- /dev/null
+++ b/pkgs/aws-console/src/aws-console.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+set -eufo pipefail
+export SHELLOPTS
+IFS=$'\t\n'
+
+if [[ -z "${AWS_ACCESS_KEY_ID:-}" ]] ||
+ [[ -z "${AWS_SECRET_ACCESS_KEY:-}" ]] ||
+ [[ -z "${AWS_SESSION_TOKEN:-}" ]]; then
+ echo "AWS_ required variables not set"
+ exit 1
+fi
+
+command -v curl >/dev/null 2>&1 || { echo "curl is not installed!"; exit 1; }
+command -v jq >/dev/null 2>&1 || { echo "jq is not installed!"; exit 1; }
+
+credentials='{"sessionId":"'"${AWS_ACCESS_KEY_ID}"'","sessionKey":"'"${AWS_SECRET_ACCESS_KEY}"'","sessionToken":"'"${AWS_SESSION_TOKEN}"'"}'
+
+uc="${credentials//'%'/%25}"; uc="${uc//'"'/%22}"; uc="${uc//','/%2C}"
+uc="${uc//'/'/%2F}"; uc="${uc//':'/%3A}"; uc="${uc//'='/%3D}"
+uc="${uc//'{'/%7B}"; uc="${uc//'}'/%7D}"; uc="${uc//'+'/%2B}"
+
+federation_url="https://signin.aws.amazon.com/federation"
+federation_url="${federation_url}?Action=getSigninToken"
+federation_url="${federation_url}&SessionDuration=3600"
+federation_url="${federation_url}&Session=$(printf %s "$uc")"
+
+token=$(curl -s "${federation_url}" | jq -r '.SigninToken' 2>/dev/null) ||
+ { echo "invalid or expired credentials"; exit 1; }
+
+console_url="https://signin.aws.amazon.com/federation"
+console_url="${console_url}?Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F"
+console_url="${console_url}&SigninToken=${token}"
+console_url="${console_url}&Issuer=https%3A%2F%2Fexample.com"
+console_url="${console_url}&Action=login"
+
+open "${console_url}"
diff --git a/pkgs/default.nix b/pkgs/default.nix
index bd8a98b..ad8a15c 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,4 +1,5 @@
{ pkgs, ... }: rec {
+ aws-console = pkgs.callPackage ./aws-console { };
kontext = pkgs.callPackage ./kontext.nix { };
}