copumpkin/aws-shell

## aws-shell
#!/usr/bin/env bash

PIPE=$(mktemp -u)
mkfifo $PIPE

# TODO: parse properly
ROLE="$1"
ID="$2"

./metadata-service.py $PIPE $ROLE $ID &

read AWS_CONTAINER_CREDENTIALS_FULL_URI <$PIPE
export AWS_CONTAINER_CREDENTIALS_FULL_URI

trap "exit" INT TERM
trap "kill 0" EXIT

export PS1="[role|\e[32m$ROLE\e[39m:\e[34m$ID\e[39m]\$ "

/bin/bash -i

## metadata-service.py
#!/usr/bin/env nix-shell
#!nix-shell -i python -p python3 python3Packages.botocore python3Packages.pexpect

import http.server
import socketserver
import json
import os
import sys
import pexpect
from datetime import *
import botocore.session

session = botocore.session.get_session()
sts = session.create_client('sts')

def json_to_iso(obj):
  if isinstance(obj, (datetime, date)):
    return obj.isoformat()
  raise TypeError ("Type %s not serializable" % type(obj))

def handler():
  c = None
  def fresh_creds():
    out = sts.assume_role(
      RoleArn=sys.argv[2],
      RoleSessionName=sys.argv[3]
    )['Credentials']
    # Yay standardization?
    out['Token'] = out['SessionToken']
    del out['SessionToken']
    return out

  def getter():
    nonlocal c
    if c:
      if (c['Expiration'] - datetime.now(timezone.utc)) < timedelta(minutes=1):
        c = fresh_creds()
    else:
      c = fresh_creds()
    return c

  class Handler(http.server.SimpleHTTPRequestHandler):
    def log_message(self, format, *args):
      pass

    def do_GET(s):
      s.send_response(200)
      s.send_header("Content-type", "text/plain")
      s.end_headers()
      creds = getter()
      s.wfile.write(json.dumps(creds, default=json_to_iso).encode('utf8'))

  return Handler

httpd = socketserver.TCPServer(("localhost", 0), handler())

with open(sys.argv[1], 'w') as f:
  f.write("http://%s:%s" % httpd.server_address)

httpd.serve_forever()
	#!/usr/bin/env bash

	PIPE=$(mktemp -u)
	mkfifo $PIPE

	# TODO: parse properly
	ROLE="$1"
	ID="$2"

	./metadata-service.py $PIPE $ROLE $ID &

	read AWS_CONTAINER_CREDENTIALS_FULL_URI <$PIPE
	export AWS_CONTAINER_CREDENTIALS_FULL_URI

	trap "exit" INT TERM
	trap "kill 0" EXIT

	export PS1="[role\|\e[32m$ROLE\e[39m:\e[34m$ID\e[39m]\$ "

	/bin/bash -i
	#!/usr/bin/env nix-shell
	#!nix-shell -i python -p python3 python3Packages.botocore python3Packages.pexpect

	import http.server
	import socketserver
	import json
	import os
	import sys
	import pexpect
	from datetime import *
	import botocore.session

	session = botocore.session.get_session()
	sts = session.create_client('sts')

	def json_to_iso(obj):
	if isinstance(obj, (datetime, date)):
	return obj.isoformat()
	raise TypeError ("Type %s not serializable" % type(obj))

	def handler():
	c = None
	def fresh_creds():
	out = sts.assume_role(
	RoleArn=sys.argv[2],
	RoleSessionName=sys.argv[3]
	)['Credentials']
	# Yay standardization?
	out['Token'] = out['SessionToken']
	del out['SessionToken']
	return out

	def getter():
	nonlocal c
	if c:
	if (c['Expiration'] - datetime.now(timezone.utc)) < timedelta(minutes=1):
	c = fresh_creds()
	else:
	c = fresh_creds()
	return c

	class Handler(http.server.SimpleHTTPRequestHandler):
	def log_message(self, format, *args):
	pass

	def do_GET(s):
	s.send_response(200)
	s.send_header("Content-type", "text/plain")
	s.end_headers()
	creds = getter()
	s.wfile.write(json.dumps(creds, default=json_to_iso).encode('utf8'))

	return Handler

	httpd = socketserver.TCPServer(("localhost", 0), handler())

	with open(sys.argv[1], 'w') as f:
	f.write("http://%s:%s" % httpd.server_address)

	httpd.serve_forever()