Last active
October 29, 2020 15:30
-
-
Save kuzmik/aafc5a68854cf012022e89cdd3206dfe to your computer and use it in GitHub Desktop.
Remote work login script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/bash | |
### This assumes you are on the VPN already. | |
# Log in to the 1pw vault | |
eval $(op signin work) | |
if [[ -z $OP_SESSION_work ]]; then | |
echo "!! Error logging into 1password" | |
exit 1 | |
else | |
echo ">> Logged into 1password vault" | |
fi | |
# Log in to Okta | |
echo ">> Logging into Okta" | |
op get item "Okta - Work" --fields password | pbcopy | |
echo " >> Okta password copied to clipboard" | |
echo " >> Opening Okta in Chrome" | |
open https://go/okta | |
# pause till okta is logged in | |
read -rsn1 -p " >> Complete login and then press any key to continue"; echo | |
# Log in to MQ vault with my ldap password | |
echo ">> Logging into vault" | |
op get item "IDM" --fields username,password,url | jq -r .password | xargs -I"{}" vault login -method ldap password={} | |
# Get the expiration for aws creds, and log in to it if needed | |
echo ">> Checking AWS expiration" | |
remaining=$(aws profile list | grep work01-admin | awk '{ print $2 }' | sed $'s,\x1b\\[[0-9;]*[a-zA-Z],,g') | |
if [[ $remaining == "Expired" ]]; then | |
echo ">> AWS access expired, renewing" | |
mq aws-profile login | |
else | |
expires=$(echo $remaining | tr -d 'm') | |
if (( $expires < 120 )); then | |
echo ">> AWS access expires soon, renewing" | |
aws profile login | |
else | |
echo ">> AWS token expires in $expires minutes, login not necessary" | |
fi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment