Add describe-creds command

The `describe-creds` command aims to provide information about the current shell environment. It could be run separately, configured as the default command, and always runs after the `session-ic`. The new Elegant Git workflows automate additional development routines.
bees-hive · Apr 26, 2024 · fdaa482 · fdaa482
1 parent 076b53c
commit fdaa482
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 19 deletions.
diff --git a/.workflows/amend-work-after b/.workflows/amend-work-after
@@ -0,0 +1 @@
+save-work-after
diff --git a/.workflows/amend-work-ahead b/.workflows/amend-work-ahead
@@ -0,0 +1 @@
+save-work-ahead
diff --git a/.workflows/release-work-after b/.workflows/release-work-after
@@ -1,17 +1,18 @@
 #!/usr/bin/env bash
 set -o errexit
 set -o pipefail
+cd "$(git rev-parse --show-toplevel)"
 # update Brew formulae
 TAG=$(git describe)
 COMMIT=$(git log --pretty=%H -1)
 
-if type brew >/dev/null 2>&1 ; then
-    echo "Updating Homebrew formulae..."
-    brew bump-formula-pr --no-audit --tag=${TAG} --revision=${COMMIT} aws-creds
+if type brew >/dev/null 2>&1; then
+  echo "Updating Homebrew formulae..."
+  brew bump-formula-pr --no-audit --tag=${TAG} --revision=${COMMIT} aws-creds
 else
-    echo "'brew' binary is not available."
-    echo "Please make a manual formulae update."
-    cat <<MESSAGE
+  echo "'brew' binary is not available."
+  echo "Please make a manual formulae update."
+  cat <<MESSAGE
 Instructions:
 
     open       https://github.com/bees-hive/homebrew-hive/blob/main/Formula/aws-creds.rb#L4

diff --git a/.workflows/save-work-after b/.workflows/save-work-after
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# This workflow installs the new updated script after every commit.
+set -o errexit
+set -o pipefail
+if test "$USER" != "extsoft"; then
+  echo "No installation allowed for '$USER'."
+  exit
+fi
+cd "$(git rev-parse --show-toplevel)"
+
+install -v -m 755 aws-creds.py /usr/local/bin/aws-creds
diff --git a/.workflows/save-work-ahead b/.workflows/save-work-ahead
@@ -1,7 +1,10 @@
-#!/usr/bin/env sh -e
+#!/usr/bin/env bash
 # This script invokes ahead of the 'save-work' execution.
+set -o errexit
+set -o pipefail
+cd "$(git rev-parse --show-toplevel)"
 
 which -s ruff || (echo "ruff is not installed" && exit 1)
-ruff check --config line-length=120 --fix aws-creds.py || \
-ruff check --config line-length=120 --add-noqa aws-creds.py
+ruff check --config line-length=120 --fix aws-creds.py ||
+  ruff check --config line-length=120 --add-noqa aws-creds.py
 ruff format --config line-length=120 aws-creds.py
diff --git a/aws-creds.py b/aws-creds.py
@@ -135,18 +135,43 @@ def _identity_center_scan(ic: IdentityCenter) -> None:
 
 
 def _connect(ic: IdentityCenter, account_id: str, role: str) -> None:
-    role_creds = (
-        Session()
-        .create_client("sso", region_name=ic.ic_region)
-        .get_role_credentials(roleName=role, accountId=account_id, accessToken=_token(ic))["roleCredentials"]
-    )
+    sso = Session().create_client("sso", region_name=ic.ic_region)
+    token = _token(ic)
+    role_creds = sso.get_role_credentials(roleName=role, accountId=account_id, accessToken=token)["roleCredentials"]
+    account_name = ""
+    for account in sso.list_accounts(accessToken=token, maxResults=100)["accountList"]:
+        if account["accountId"] != account_id:
+            continue
+        account_name = account["accountName"]
+        break
+    print('export AWS_CREDS_SESSION_TYPE="ic"', file=sys.stdout)
+    print(f'export AWS_CREDS_ACCOUNT_NAME="{account_name}"', file=sys.stdout)
+    print(f'export AWS_CREDS_ACCOUNT_ID="{account_id}"', file=sys.stdout)
+    print(f'export AWS_CREDS_ROLE_NAME="{role}"', file=sys.stdout)
     print(f'export AWS_DEFAULT_REGION="{ic.ic_region}"', file=sys.stdout)
     print(f'export AWS_ACCESS_KEY_ID="{role_creds["accessKeyId"]}"', file=sys.stdout)
     print(f'export AWS_SECRET_ACCESS_KEY="{role_creds["secretAccessKey"]}"', file=sys.stdout)
     print(f'export AWS_SESSION_TOKEN="{role_creds["sessionToken"]}"', file=sys.stdout)
     print("AWS environment variables are exported!", file=sys.stderr)
 
 
+def _describe_credentials() -> None:
+    sessiont_type = os.getenv("AWS_CREDS_SESSION_TYPE")
+    if sessiont_type == "ic":
+        print("Auth type:  AWS IAM Identity Center", file=sys.stderr)
+        print(
+            "Account  :  {} ({})".format(
+                os.getenv("AWS_CREDS_ACCOUNT_NAME"),
+                os.getenv("AWS_CREDS_ACCOUNT_ID"),
+            ),
+            file=sys.stderr,
+        )
+        print("Used role: ", os.getenv("AWS_CREDS_ROLE_NAME"), file=sys.stderr)
+
+    else:
+        print(f"Cannot find AWS credentials configured by {_prog}.", file=sys.stderr)
+
+
 def main():
     parser = ArgumentParser(
         description="Painless CLI authentication using various AWS identities.",
@@ -158,8 +183,8 @@ def main():
         "scan-ic",
         description="""
         The command generates login aliases for each role available in the AWS IAM Identity Center.
-         The aliases should be saved to the to relevant shell configuration file.
-         """,
+        The aliases should be saved to the to relevant shell configuration file.
+        """,
         help="generates shell authentication aliases for an AWS Identity Center",
         formatter_class=lambda prog: HelpFormatter(prog, width=72),
     )
@@ -170,8 +195,8 @@ def main():
         "session-ic",
         description="""
         The command exports the environment variables suitable for authenticating CLI tools
-         by creating a AWS login sessing based on the AWS Identity Center role.
-         """,
+        by creating a AWS login sessing based on the AWS Identity Center role.
+        """,
         help="authenticates an AWS Identity Center role",
         formatter_class=lambda prog: HelpFormatter(prog, width=72),
     )
@@ -180,6 +205,14 @@ def main():
     session_parser.add_argument("account_id", help="Account ID")
     session_parser.add_argument("role_name", help="Role")
 
+    session_parser = subparsers.add_parser(
+        "describe-creds",
+        description="""
+            The command describes the current credentials if available.""",
+        help="describes the current credentials if available",
+        formatter_class=lambda prog: HelpFormatter(prog, width=72),
+    )
+
     args = parser.parse_args()
 
     if args.subcommand == "scan-ic":
@@ -190,8 +223,11 @@ def main():
             args.account_id,
             args.role_name,
         )
+        _describe_credentials()
+    elif args.subcommand == "describe-creds":
+        _describe_credentials()
     else:
-        parser.print_help()
+        _describe_credentials()
 
 
 if __name__ == "__main__":