sbutler/op-aws-credentials.py

## op-aws-credentials.py
#!/usr/bin/env python3
"""
```
Copyright (c) 2022 University of Illinois Board of Trustees
All rights reserved.

Developed by:       Technology Services
                    University of Illinois at Urbana-Champaign
                    https://techservices.illinois.edu/
```

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal with the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

* Redistributions of source code must retain the above copyright
  notice, this list of conditions and the following disclaimers.
* Redistributions in binary form must reproduce the above copyright
  notice, this list of conditions and the following disclaimers in the
  documentation and/or other materials provided with the distribution.
* Neither the names of Technology Services, University of Illinois at
  Urbana-Champaign, nor the names of its contributors may be used to
  endorse or promote products derived from this Software without
  specific prior written permission.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.

# Description

Get AWS credentials from a 1Password item and output them in a format the
AWS CLI can understand.
"""
from argparse import ArgumentParser
import json
import logging
import subprocess
import sys

OP_BIN = '/usr/local/bin/op'
DEFAULT_VAULT = 'Work'

logger = logging.getLogger(__name__)

def get_args():
    """
    Get the command line arguments.
    """
    parser = ArgumentParser(description='Get AWS credentials from a 1Password item.')

    parser.add_argument(
        '--debug', '-d',
        action='store_true',
        help="Enable debug logging."
    )

    parser.add_argument(
        '--item', '-i',
        required=True,
        help="The name of the item to retrieve. Must have access_key_id and secret_key_id fields."
    )
    parser.add_argument(
        '--vault',
        default=DEFAULT_VAULT,
        help=f"Specify the 1Password vault. Default: {DEFAULT_VAULT}."
    )

    return parser.parse_args()

def get_item(item, vault):
    """
    Get the item data from 1Password.

    Args:
        item (str): name of the item.
        vault (str): name of the vault.
    """
    cmd = [
        OP_BIN, 'item', 'get',
        '--vault', vault,
        '--format', 'json',
        '--no-color',
        item
    ]

    logger.debug(
        'Running command: %(cmd)r',
        dict(cmd=cmd)
    )
    res = subprocess.run(
        cmd,
        stdout=subprocess.PIPE,
        check=True,
        text=True,
    )

    return json.loads(res.stdout)

def output_credentials(data):
    """
    Output to stdout the credentials.

    Args:
        data (dict): item data from 1Password.
    """
    fields = {
        field['label']: field['value']
        for field in data['fields']
        if field.get('label') and field.get('value')
    }

    if fields.get('access_key_id'):
        access_key_id = fields['access_key_id']
    elif fields.get('access key id'):
        access_key_id = fields['access key id']
    else:
        raise ValueError('access_key_id')

    if fields.get('secret_access_key'):
        secret_access_key = fields['secret_access_key']
    elif fields.get('secret access key'):
        secret_access_key = fields['secret access key']
    else:
        raise ValueError('secret_access_key')

    json.dump(
        dict(
            Version=1,
            AccessKeyId=access_key_id,
            SecretAccessKey=secret_access_key,
        ),
        fp=sys.stdout
    )

def _main(args):
    if args.debug:
        logger.setLevel(logging.DEBUG)

    data = get_item(args.item, args.vault)
    output_credentials(data)

if __name__ == '__main__':
    logging.basicConfig(
        level=logging.WARNING,
        stream=sys.stderr,
    )

    _main(get_args())
	#!/usr/bin/env python3
	"""
	```
	Copyright (c) 2022 University of Illinois Board of Trustees
	All rights reserved.

	Developed by: Technology Services
	University of Illinois at Urbana-Champaign
	https://techservices.illinois.edu/
	```

	Permission is hereby granted, free of charge, to any person obtaining
	a copy of this software and associated documentation files (the
	"Software"), to deal with the Software without restriction, including
	without limitation the rights to use, copy, modify, merge, publish,
	distribute, sublicense, and/or sell copies of the Software, and to
	permit persons to whom the Software is furnished to do so, subject to
	the following conditions:

	* Redistributions of source code must retain the above copyright
	notice, this list of conditions and the following disclaimers.
	* Redistributions in binary form must reproduce the above copyright
	notice, this list of conditions and the following disclaimers in the
	documentation and/or other materials provided with the distribution.
	* Neither the names of Technology Services, University of Illinois at
	Urbana-Champaign, nor the names of its contributors may be used to
	endorse or promote products derived from this Software without
	specific prior written permission.

	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
	ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
	CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
	WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.

	# Description

	Get AWS credentials from a 1Password item and output them in a format the
	AWS CLI can understand.
	"""
	from argparse import ArgumentParser
	import json
	import logging
	import subprocess
	import sys

	OP_BIN = '/usr/local/bin/op'
	DEFAULT_VAULT = 'Work'

	logger = logging.getLogger(__name__)

	def get_args():
	"""
	Get the command line arguments.
	"""
	parser = ArgumentParser(description='Get AWS credentials from a 1Password item.')

	parser.add_argument(
	'--debug', '-d',
	action='store_true',
	help="Enable debug logging."
	)

	parser.add_argument(
	'--item', '-i',
	required=True,
	help="The name of the item to retrieve. Must have access_key_id and secret_key_id fields."
	)
	parser.add_argument(
	'--vault',
	default=DEFAULT_VAULT,
	help=f"Specify the 1Password vault. Default: {DEFAULT_VAULT}."
	)

	return parser.parse_args()

	def get_item(item, vault):
	"""
	Get the item data from 1Password.

	Args:
	item (str): name of the item.
	vault (str): name of the vault.
	"""
	cmd = [
	OP_BIN, 'item', 'get',
	'--vault', vault,
	'--format', 'json',
	'--no-color',
	item
	]

	logger.debug(
	'Running command: %(cmd)r',
	dict(cmd=cmd)
	)
	res = subprocess.run(
	cmd,
	stdout=subprocess.PIPE,
	check=True,
	text=True,
	)

	return json.loads(res.stdout)

	def output_credentials(data):
	"""
	Output to stdout the credentials.

	Args:
	data (dict): item data from 1Password.
	"""
	fields = {
	field['label']: field['value']
	for field in data['fields']
	if field.get('label') and field.get('value')
	}

	if fields.get('access_key_id'):
	access_key_id = fields['access_key_id']
	elif fields.get('access key id'):
	access_key_id = fields['access key id']
	else:
	raise ValueError('access_key_id')

	if fields.get('secret_access_key'):
	secret_access_key = fields['secret_access_key']
	elif fields.get('secret access key'):
	secret_access_key = fields['secret access key']
	else:
	raise ValueError('secret_access_key')

	json.dump(
	dict(
	Version=1,
	AccessKeyId=access_key_id,
	SecretAccessKey=secret_access_key,
	),
	fp=sys.stdout
	)

	def _main(args):
	if args.debug:
	logger.setLevel(logging.DEBUG)

	data = get_item(args.item, args.vault)
	output_credentials(data)

	if __name__ == '__main__':
	logging.basicConfig(
	level=logging.WARNING,
	stream=sys.stderr,
	)

	_main(get_args())