mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2026-01-23 02:35:38 +01:00
0727ee7faa
This is following the documentation for completion from aws here https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-completion.html. I imagine this may work if other plugins are executed before this that perform this action already, but it was broken for me.
339 lines
11 KiB
Bash
339 lines
11 KiB
Bash
function agp() {
|
|
echo $AWS_PROFILE
|
|
}
|
|
|
|
function agr() {
|
|
echo $AWS_REGION
|
|
}
|
|
|
|
# Update state file if enabled
|
|
function _aws_update_state() {
|
|
if [[ "$AWS_PROFILE_STATE_ENABLED" == true ]]; then
|
|
test -d $(dirname ${AWS_STATE_FILE}) || exit 1
|
|
echo "${AWS_PROFILE} ${AWS_REGION}" > "${AWS_STATE_FILE}"
|
|
fi
|
|
}
|
|
|
|
function _aws_clear_state() {
|
|
if [[ "$AWS_PROFILE_STATE_ENABLED" == true ]]; then
|
|
test -d $(dirname ${AWS_STATE_FILE}) || exit 1
|
|
echo -n > "${AWS_STATE_FILE}"
|
|
fi
|
|
}
|
|
|
|
# AWS profile selection
|
|
function asp() {
|
|
if [[ -z "$1" ]]; then
|
|
unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_PROFILE_REGION
|
|
_aws_clear_state
|
|
echo AWS profile cleared.
|
|
return
|
|
fi
|
|
|
|
local -a available_profiles
|
|
available_profiles=($(aws_profiles))
|
|
if [[ -z "${available_profiles[(r)$1]}" ]]; then
|
|
echo "${fg[red]}Profile '$1' not found in '${AWS_CONFIG_FILE:-$HOME/.aws/config}'" >&2
|
|
echo "Available profiles: ${(j:, :)available_profiles:-no profiles found}${reset_color}" >&2
|
|
return 1
|
|
fi
|
|
|
|
export AWS_DEFAULT_PROFILE=$1
|
|
export AWS_PROFILE=$1
|
|
export AWS_EB_PROFILE=$1
|
|
|
|
export AWS_PROFILE_REGION=$(aws configure get region)
|
|
|
|
_aws_update_state
|
|
|
|
if [[ "$2" == "login" ]]; then
|
|
if [[ -n "$3" ]]; then
|
|
aws sso login --sso-session $3
|
|
else
|
|
aws sso login
|
|
fi
|
|
elif [[ "$2" == "logout" ]]; then
|
|
aws sso logout
|
|
fi
|
|
}
|
|
|
|
# AWS region selection
|
|
function asr() {
|
|
if [[ -z "$1" ]]; then
|
|
unset AWS_DEFAULT_REGION AWS_REGION
|
|
_aws_update_state
|
|
echo AWS region cleared.
|
|
return
|
|
fi
|
|
|
|
local -a available_regions
|
|
available_regions=($(aws_regions))
|
|
if [[ -z "${available_regions[(r)$1]}" ]]; then
|
|
echo "${fg[red]}Available regions: \n$(aws_regions)"
|
|
return 1
|
|
fi
|
|
|
|
export AWS_REGION=$1
|
|
export AWS_DEFAULT_REGION=$1
|
|
_aws_update_state
|
|
}
|
|
|
|
# AWS profile switch
|
|
function acp() {
|
|
if [[ -z "$1" ]]; then
|
|
unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE
|
|
unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
|
|
echo AWS profile cleared.
|
|
return
|
|
fi
|
|
|
|
local -a available_profiles
|
|
available_profiles=($(aws_profiles))
|
|
if [[ -z "${available_profiles[(r)$1]}" ]]; then
|
|
echo "${fg[red]}Profile '$1' not found in '${AWS_CONFIG_FILE:-$HOME/.aws/config}'" >&2
|
|
echo "Available profiles: ${(j:, :)available_profiles:-no profiles found}${reset_color}" >&2
|
|
return 1
|
|
fi
|
|
|
|
local profile="$1"
|
|
local mfa_token="$2"
|
|
|
|
# Get fallback credentials for if the aws command fails or no command is run
|
|
local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
|
|
local aws_secret_access_key="$(aws configure get aws_secret_access_key --profile $profile)"
|
|
local aws_session_token="$(aws configure get aws_session_token --profile $profile)"
|
|
|
|
|
|
# First, if the profile has MFA configured, lets get the token and session duration
|
|
local mfa_serial="$(aws configure get mfa_serial --profile $profile)"
|
|
local sess_duration="$(aws configure get duration_seconds --profile $profile)"
|
|
|
|
if [[ -n "$mfa_serial" ]]; then
|
|
local -a mfa_opt
|
|
if [[ -z "$mfa_token" ]]; then
|
|
echo -n "Please enter your MFA token for $mfa_serial: "
|
|
read -r mfa_token
|
|
fi
|
|
if [[ -z "$sess_duration" ]]; then
|
|
echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
|
|
read -r sess_duration
|
|
fi
|
|
mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
|
|
fi
|
|
|
|
# Now see whether we need to just MFA for the current role, or assume a different one
|
|
local role_arn="$(aws configure get role_arn --profile $profile)"
|
|
local sess_name="$(aws configure get role_session_name --profile $profile)"
|
|
|
|
if [[ -n "$role_arn" ]]; then
|
|
# Means we need to assume a specified role
|
|
aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
|
|
|
|
# Check whether external_id is configured to use while assuming the role
|
|
local external_id="$(aws configure get external_id --profile $profile)"
|
|
if [[ -n "$external_id" ]]; then
|
|
aws_command+=(--external-id "$external_id")
|
|
fi
|
|
|
|
# Get source profile to use to assume role
|
|
local source_profile="$(aws configure get source_profile --profile $profile)"
|
|
if [[ -z "$sess_name" ]]; then
|
|
sess_name="${source_profile:-profile}"
|
|
fi
|
|
aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
|
|
|
|
echo "Assuming role $role_arn using profile ${source_profile:-profile}"
|
|
else
|
|
# Means we only need to do MFA
|
|
aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
|
|
echo "Obtaining session token for profile $profile"
|
|
fi
|
|
|
|
# Format output of aws command for easier processing
|
|
aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
|
|
|
|
# Run the aws command to obtain credentials
|
|
local -a credentials
|
|
credentials=(${(ps:\t:)"$(${aws_command[@]})"})
|
|
|
|
if [[ -n "$credentials" ]]; then
|
|
aws_access_key_id="${credentials[1]}"
|
|
aws_secret_access_key="${credentials[2]}"
|
|
aws_session_token="${credentials[3]}"
|
|
fi
|
|
|
|
# Switch to AWS profile
|
|
if [[ -n "${aws_access_key_id}" && -n "$aws_secret_access_key" ]]; then
|
|
export AWS_DEFAULT_PROFILE="$profile"
|
|
export AWS_PROFILE="$profile"
|
|
export AWS_EB_PROFILE="$profile"
|
|
export AWS_ACCESS_KEY_ID="$aws_access_key_id"
|
|
export AWS_SECRET_ACCESS_KEY="$aws_secret_access_key"
|
|
|
|
if [[ -n "$aws_session_token" ]]; then
|
|
export AWS_SESSION_TOKEN="$aws_session_token"
|
|
else
|
|
unset AWS_SESSION_TOKEN
|
|
fi
|
|
|
|
echo "Switched to AWS Profile: $profile"
|
|
fi
|
|
}
|
|
|
|
function aws_change_access_key() {
|
|
if [[ -z "$1" ]]; then
|
|
echo "usage: $0 <profile>"
|
|
return 1
|
|
fi
|
|
|
|
local profile="$1"
|
|
# Get current access key
|
|
local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
|
|
|
|
asp "$profile" || return 1
|
|
echo "Generating a new access key pair for you now."
|
|
if aws --no-cli-pager iam create-access-key; then
|
|
echo "Insert the newly generated credentials when asked."
|
|
aws --no-cli-pager configure --profile $profile
|
|
else
|
|
echo "Current access keys:"
|
|
aws --no-cli-pager iam list-access-keys
|
|
echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`"
|
|
return 1
|
|
fi
|
|
|
|
read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? "
|
|
case $yn in
|
|
[Yy]*)
|
|
echo -n "\nDisabling access key ${original_aws_access_key_id}..."
|
|
if aws --no-cli-pager iam update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then
|
|
echo "done."
|
|
else
|
|
echo "\nFailed to disable ${original_aws_access_key_id} key."
|
|
fi
|
|
;;
|
|
*)
|
|
echo ""
|
|
;;
|
|
esac
|
|
echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`"
|
|
echo "Your current keys are:"
|
|
aws --no-cli-pager iam list-access-keys
|
|
}
|
|
|
|
function aws_regions() {
|
|
local region
|
|
if [[ $AWS_DEFAULT_REGION ]];then
|
|
region="$AWS_DEFAULT_REGION"
|
|
elif [[ $AWS_REGION ]];then
|
|
region="$AWS_REGION"
|
|
else
|
|
region="us-west-1"
|
|
fi
|
|
|
|
if [[ $AWS_DEFAULT_PROFILE || $AWS_PROFILE ]];then
|
|
aws ec2 describe-regions --region $region |grep RegionName | awk -F ':' '{gsub(/"/, "", $2);gsub(/,/, "", $2);gsub(/ /, "", $2); print $2}'
|
|
else
|
|
echo "You must specify a AWS profile."
|
|
fi
|
|
}
|
|
|
|
function aws_profiles() {
|
|
aws --no-cli-pager configure list-profiles 2> /dev/null && return
|
|
[[ -r "${AWS_CONFIG_FILE:-$HOME/.aws/config}" ]] || return 1
|
|
grep --color=never -Eo '\[.*\]' "${AWS_CONFIG_FILE:-$HOME/.aws/config}" | sed -E 's/^[[:space:]]*\[(profile)?[[:space:]]*([^[:space:]]+)\][[:space:]]*$/\2/g'
|
|
}
|
|
|
|
function _aws_regions() {
|
|
reply=($(aws_regions))
|
|
}
|
|
compctl -K _aws_regions asr
|
|
|
|
function _aws_profiles() {
|
|
reply=($(aws_profiles))
|
|
}
|
|
compctl -K _aws_profiles asp acp aws_change_access_key
|
|
|
|
# AWS prompt
|
|
function aws_prompt_info() {
|
|
local _aws_to_show
|
|
local region="${AWS_REGION:-${AWS_DEFAULT_REGION:-$AWS_PROFILE_REGION}}"
|
|
|
|
if [[ -n "$AWS_PROFILE" ]];then
|
|
_aws_to_show+="${ZSH_THEME_AWS_PROFILE_PREFIX="<aws:"}${AWS_PROFILE}${ZSH_THEME_AWS_PROFILE_SUFFIX=">"}"
|
|
fi
|
|
|
|
if [[ -n "$region" ]]; then
|
|
[[ -n "$_aws_to_show" ]] && _aws_to_show+="${ZSH_THEME_AWS_DIVIDER=" "}"
|
|
_aws_to_show+="${ZSH_THEME_AWS_REGION_PREFIX="<region:"}${region}${ZSH_THEME_AWS_REGION_SUFFIX=">"}"
|
|
fi
|
|
|
|
echo "$_aws_to_show"
|
|
}
|
|
|
|
if [[ "$SHOW_AWS_PROMPT" != false && "$RPROMPT" != *'$(aws_prompt_info)'* ]]; then
|
|
RPROMPT='$(aws_prompt_info)'"$RPROMPT"
|
|
fi
|
|
|
|
if [[ "$AWS_PROFILE_STATE_ENABLED" == true ]]; then
|
|
AWS_STATE_FILE="${AWS_STATE_FILE:-/tmp/.aws_current_profile}"
|
|
test -s "${AWS_STATE_FILE}" || return
|
|
|
|
aws_state=($(cat $AWS_STATE_FILE))
|
|
|
|
export AWS_DEFAULT_PROFILE="${aws_state[1]}"
|
|
export AWS_PROFILE="$AWS_DEFAULT_PROFILE"
|
|
export AWS_EB_PROFILE="$AWS_DEFAULT_PROFILE"
|
|
|
|
test -z "${aws_state[2]}" && AWS_REGION=$(aws configure get region)
|
|
|
|
export AWS_REGION=${AWS_REGION:-$aws_state[2]}
|
|
export AWS_DEFAULT_REGION="$AWS_REGION"
|
|
fi
|
|
|
|
# Load awscli completions
|
|
|
|
# AWS CLI v2 comes with its own autocompletion. Check if that is there, otherwise fall back
|
|
if command -v aws_completer &> /dev/null; then
|
|
autoload -Uz bashcompinit && bashcompinit
|
|
autoload -Uz compinit && compinit
|
|
complete -C aws_completer aws
|
|
else
|
|
function _awscli-homebrew-installed() {
|
|
# check if Homebrew is installed
|
|
(( $+commands[brew] )) || return 1
|
|
|
|
# speculatively check default brew prefix
|
|
if [ -h /usr/local/opt/awscli ]; then
|
|
_brew_prefix=/usr/local/opt/awscli
|
|
else
|
|
# ok, it is not in the default prefix
|
|
# this call to brew is expensive (about 400 ms), so at least let's make it only once
|
|
_brew_prefix=$(brew --prefix awscli)
|
|
fi
|
|
}
|
|
|
|
# get aws_zsh_completer.sh location from $PATH
|
|
_aws_zsh_completer_path="$commands[aws_zsh_completer.sh]"
|
|
|
|
# otherwise check common locations
|
|
if [[ -z $_aws_zsh_completer_path ]]; then
|
|
# Homebrew
|
|
if _awscli-homebrew-installed; then
|
|
_aws_zsh_completer_path=$_brew_prefix/libexec/bin/aws_zsh_completer.sh
|
|
# Ubuntu
|
|
elif [[ -e /usr/share/zsh/vendor-completions/_awscli ]]; then
|
|
_aws_zsh_completer_path=/usr/share/zsh/vendor-completions/_awscli
|
|
# NixOS
|
|
elif [[ -e "${commands[aws]:P:h:h}/share/zsh/site-functions/aws_zsh_completer.sh" ]]; then
|
|
_aws_zsh_completer_path="${commands[aws]:P:h:h}/share/zsh/site-functions/aws_zsh_completer.sh"
|
|
# RPM
|
|
else
|
|
_aws_zsh_completer_path=/usr/share/zsh/site-functions/aws_zsh_completer.sh
|
|
fi
|
|
fi
|
|
|
|
[[ -r $_aws_zsh_completer_path ]] && source $_aws_zsh_completer_path
|
|
unset _aws_zsh_completer_path _brew_prefix
|
|
fi
|
|
|