From e0aade0bcf92376f0f18cf78fc54015dbe8f2c61 Mon Sep 17 00:00:00 2001 From: Christian Segundo Date: Sun, 25 Feb 2024 00:44:28 +0100 Subject: switching roles manually is lame --- pkgs/aws-console/default.nix | 38 +++++++++++++++++++++++++++++++++++++ pkgs/aws-console/src/aws-console.sh | 36 +++++++++++++++++++++++++++++++++++ pkgs/default.nix | 1 + 3 files changed, 75 insertions(+) create mode 100644 pkgs/aws-console/default.nix create mode 100644 pkgs/aws-console/src/aws-console.sh diff --git a/pkgs/aws-console/default.nix b/pkgs/aws-console/default.nix new file mode 100644 index 0000000..4e055a4 --- /dev/null +++ b/pkgs/aws-console/default.nix @@ -0,0 +1,38 @@ +{ stdenv, lib, makeWrapper, jq, curl }: +let + buildInputs = [ + curl + jq + ]; +in +stdenv.mkDerivation { + name = "aws-console"; + version = "1.0.0"; + + src = lib.fileset.toSource { + root = ./src; + fileset = ./src/aws-console.sh; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = buildInputs; + + postInstall = '' + mkdir -p $out/bin + cp -v aws-console.sh $out/bin/aws-console + chmod +x $out/bin/aws-console + ''; + + + postFixup = '' + wrapProgram $out/bin/aws-console \ + --prefix PATH : "${lib.makeBinPath buildInputs}" + ''; + + meta = with lib; { + description = "Opens the AWS console with the current credentials"; + license = licenses.gpl2Plus; + mainProgram = "aws-console"; + platforms = platforms.unix; + }; +} diff --git a/pkgs/aws-console/src/aws-console.sh b/pkgs/aws-console/src/aws-console.sh new file mode 100644 index 0000000..77c2320 --- /dev/null +++ b/pkgs/aws-console/src/aws-console.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -eufo pipefail +export SHELLOPTS +IFS=$'\t\n' + +if [[ -z "${AWS_ACCESS_KEY_ID:-}" ]] || + [[ -z "${AWS_SECRET_ACCESS_KEY:-}" ]] || + [[ -z "${AWS_SESSION_TOKEN:-}" ]]; then + echo "AWS_ required variables not set" + exit 1 +fi + +command -v curl >/dev/null 2>&1 || { echo "curl is not installed!"; exit 1; } +command -v jq >/dev/null 2>&1 || { echo "jq is not installed!"; exit 1; } + +credentials='{"sessionId":"'"${AWS_ACCESS_KEY_ID}"'","sessionKey":"'"${AWS_SECRET_ACCESS_KEY}"'","sessionToken":"'"${AWS_SESSION_TOKEN}"'"}' + +uc="${credentials//'%'/%25}"; uc="${uc//'"'/%22}"; uc="${uc//','/%2C}" +uc="${uc//'/'/%2F}"; uc="${uc//':'/%3A}"; uc="${uc//'='/%3D}" +uc="${uc//'{'/%7B}"; uc="${uc//'}'/%7D}"; uc="${uc//'+'/%2B}" + +federation_url="https://signin.aws.amazon.com/federation" +federation_url="${federation_url}?Action=getSigninToken" +federation_url="${federation_url}&SessionDuration=3600" +federation_url="${federation_url}&Session=$(printf %s "$uc")" + +token=$(curl -s "${federation_url}" | jq -r '.SigninToken' 2>/dev/null) || + { echo "invalid or expired credentials"; exit 1; } + +console_url="https://signin.aws.amazon.com/federation" +console_url="${console_url}?Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F" +console_url="${console_url}&SigninToken=${token}" +console_url="${console_url}&Issuer=https%3A%2F%2Fexample.com" +console_url="${console_url}&Action=login" + +open "${console_url}" diff --git a/pkgs/default.nix b/pkgs/default.nix index bd8a98b..ad8a15c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,5 @@ { pkgs, ... }: rec { + aws-console = pkgs.callPackage ./aws-console { }; kontext = pkgs.callPackage ./kontext.nix { }; } -- cgit v1.2.3