saml2aws Docker image

README.md

saml2aws Docker image

Due to the flakyness of Linux keyrings, saml2aws may get deadlocked. To get around this issue, saml2aws can be run in a Docker container. This Gist contains a Dockerfile and a helper script to use as drop-in replacement for saml2aws.

1. Clone this Gist: https://gist.github.com/b5f76044eba1855b4222111b12a76dab.git

2. Make the saml2aws.sh script executable:

   $ chmod +x /path/to/the/cloned/gist/saml2aws.sh
   

3. Link the saml2aws.sh script to somewhere in your path. E.g.:

   $ ln -s /path/to/the/cloned/gist/saml2aws.sh ~/.local/bin/saml2aws
   

You should now be able to run saml2aws. The container will be automatically built, if it hasn't been built already.

$ saml2aws --help

Dockerfile

FROM debian:stable-slim

RUN apt-get update && \
    apt-get install -y ca-certificates curl && \
    rm -rf /var/lib/apt/lists/*

ENV SAML2AWS_VERSION=2.16.0
ENV SAML2AWS_DOWNLOAD_URL=https://github.com/Versent/saml2aws/releases/download/v${SAML2AWS_VERSION}/saml2aws_${SAML2AWS_VERSION}_linux_amd64.tar.gz

RUN curl -L "$SAML2AWS_DOWNLOAD_URL" -o saml2aws.tar.gz && \
    tar xvfz saml2aws.tar.gz && \
    mv saml2aws /usr/local/bin/saml2aws && \
    chmod +x /usr/local/bin/saml2aws && \
    rm saml2aws.tar.gz

WORKDIR /saml2aws

RUN groupadd -g 10101 saml2aws && \
    useradd -u 10101 -g saml2aws saml2aws && \
    chown -R saml2aws:saml2aws /saml2aws
USER saml2aws:saml2aws

ENV HOME=/saml2aws
ENTRYPOINT [ "/usr/local/bin/saml2aws" ]

saml2aws.sh

#!/usr/bin/env bash
set -euo pipefail

BASEDIR=$(dirname "$0")

if [ "$(docker images -q saml2aws)" = "" ]; then
    docker build -t saml2aws "$BASEDIR"
fi

if [ ! -f "$HOME/.saml2aws" ]; then
    touch "$HOME/.saml2aws"
fi

docker run --rm -it \
    -u "$(id -u):$(id -g)" \
    -v "$HOME/.saml2aws:/saml2aws/.saml2aws" \
    -v "$HOME/.aws:/saml2aws/.aws" \
    saml2aws \
    "$@"