├── LICENSE ├── README.md └── pods_mfa.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Fernanda Kobs 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Pods AWS MFA 2 | 3 | Are you tired of the constant struggle of accessing your pods? Fed up with expired AWS credentials or the hassle of 4 | switching contexts every single time? This script gotcha! 5 | 6 | The Pods AWS MFA script simplifies pod access in Kubernetes, eliminating the need to check out your AWS Session Token 7 | and streamlining interactions. Ideal for k9s users and anyone using kubectl with AWS MFA fatigue. 8 | 9 | ## Prerequisites 10 | 11 | To use this script, you need to have the following prerequisites installed and configured: 12 | 13 | - [`aws-cli`](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html): The AWS Command Line Interface (CLI). 14 | 15 | - [`MFA device`](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-iam-user): The script assumes that you have an MFA (Multi-Factor Authentication) device associated with your AWS account. 16 | This is required to generate the temporary session tokens for AWS API access. 17 | 18 | - [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl): The Kubernetes command-line tool. 19 | 20 | - [`k9s`](https://github.com/derailed/k9s#installation): A terminal-based UI for Kubernetes. Optional. 21 | 22 | ## How to Use 23 | 24 | - Download the `pods_mfa.sh` script from the repository. 25 | 26 | - Open the terminal in the path the script is and run the following command: 27 | ```shell 28 | sudo bash ./pods_mfa.sh --install 29 | ``` 30 | 31 | Then run `pods_mfa --configure` to configure your info and then it's all set up! 32 | 33 | `K9s` users can access their pods by running `podsdev`, `podsqa` or `podsprd` without worrying about AWS credential's 34 | expiration or having to change the contexts before accessing them. 35 | 36 | If you only use `kubectl` you can check if your credentials have expired with `pods_mfa --check`, and if so, update it. 37 | Or run `pods_mfa --update` to update it directly. 38 | 39 | In case you encounter diverse contexts when accessing your clusters, this script simplifies the process. 40 | You can smoothly switch between them by executing aliases like `toprd`, `toqa` and `todev`. 41 | 42 | ## How it Works 43 | 44 | When you run the first command `sudo bash ./pods_mfa.sh --install` the option `--install` will make the script 45 | executable and callable from anywhere. 46 | 47 | The configuration will get such information as your personal ARN and your contexts ARN, so it can configure the aliases properly. 48 | 49 | When you access your pods via the `podsdev`, `podsqa` or `podsprd` aliases it verifies the status of the aws credentials 50 | by executing a simple command. 51 | 52 | If the credentials have expired, the script prompts the user to refresh them. Once authenticated, the script uses the 53 | `aws configure --profile` command to save the new temporary session token and stores the token expiration date and its 54 | timezone in a temporary file for the next check-up. 55 | 56 | After that, a kubectl command will be used to change to the select context (if you've configured with contexts), and the 57 | `k9s` UI will be displayed. 58 | 59 | Besides the aliases, you can call the script using options to update your credentials directly or change the aliases' 60 | configuration. See the section below for more details. 61 | 62 | ## Options 63 | 64 | The script supports the following options: 65 | 66 | - `--help`: Show this script options. 67 | 68 | - `--check`: Checks if the credentials have expired, if so, the script prompts the user to refresh them. 69 | 70 | - `--update`: Update the credentials, even if the current Session Token is still valid. 71 | 72 | - `--version`: Show script version. 73 | 74 | - `--set-arn`: Manually set your ARN. 75 | 76 | - `--show`: Show the configured ARN and aliases. 77 | 78 | - `--change-aliases`: Change the value of the configured aliases. 79 | 80 | - `--configure`: Extracts your ARN, checks external dependencies, and configures aliases if needed. 81 | 82 | - `--install`: Makes the script executable and callable from anywhere. Requires sudo permission. 83 | 84 | - `--uninstall`: Remove any change the script did in your machine. Requires sudo permission. 85 | 86 | To use these options, simply include them when running the script. Here is an example: 87 | 88 | ```shell 89 | pods_mfa --change-aliases 90 | ``` 91 | 92 | ## Compatibility 93 | 94 | The Pods AWS MFA script is primarily developed and tested on Ubuntu. If you are using a different operating system, 95 | such as macOS or another Linux distribution, please note that you may need to make adjustments to the script to ensure 96 | compatibility. Feel free to modify the script according to your specific environment or contribute improvements to 97 | enhance compatibility with other platforms. 98 | 99 | ## Contributions 100 | 101 | Contributions are welcome! 102 | 103 | If you find any issues, have suggestions for improvements, or want to add new features, feel free to submit a pull request. 104 | 105 | ## License 106 | 107 | The Pods AWS MFA script is licensed under the [MIT License](https://github.com/nandakobs/pods-aws-mfa/blob/main/LICENSE). 108 | -------------------------------------------------------------------------------- /pods_mfa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # MIT License 4 | # 5 | # Copyright (c) 2023 Fernanda Kobs 6 | # 7 | # Permission is hereby granted, free of charge, to any person obtaining a copy 8 | # of this software and associated documentation files (the "Software"), to deal 9 | # in the Software without restriction, including without limitation the rights 10 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 | # copies of the Software, and to permit persons to whom the Software is 12 | # furnished to do so, subject to the following conditions: 13 | # 14 | # The above copyright notice and this permission notice shall be included in 15 | # all copies or substantial portions of the Software. 16 | # 17 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 | # THE SOFTWARE. 24 | # 25 | # Below is a brief overview of this script's functionalities. 26 | 27 | show_usage() { 28 | cat << EOF 29 | 30 | Usage: pods_mfa [option] 31 | 32 | The Pods AWS MFA script simplifies pod access in Kubernetes, eliminating the need to checkout your credentials 33 | and streamlining interactions. Ideal for k9s users and anyone using kubectl with AWS MFA fatigue. 34 | 35 | Options: 36 | --help Show this script options. 37 | --show Show the configured ARN and aliases. 38 | --check Checks if the credentials have expired, if so, prompts the user to refresh them. 39 | --update Update credentials, even if the current AWS Session Token is still valid. 40 | --version Show script version. 41 | --set-arn Manually set your ARN. 42 | --configure Extracts your ARN, checks external dependencies, and configures aliases if needed. 43 | --change-aliases Change the value of the configured aliases. 44 | --install Make the script executable and callable globally. 45 | --uninstall Remove any change the script did in your machine. 46 | 47 | EOF 48 | } 49 | 50 | source "$HOME/.bashrc" 51 | readonly SCRIPT_VERSION="version 1.0.0" 52 | 53 | ####################################### 54 | ### PODS_MFA UTILS [START] ### 55 | 56 | readonly GC="\033[1;38;5;83m" # Green Color 57 | readonly OC="\033[1;38;5;208m" # Orange Color 58 | readonly RC="\033[1;91m" # Red Color 59 | readonly YC="\033[1;38;5;220m" # Yellow Color 60 | readonly CE="\033[0m" # Color End 61 | readonly ARROW="${OC}>${CE}" 62 | 63 | check_dependency() { 64 | local dependency="$1" 65 | if ! command -v "${dependency}" &> /dev/null; then 66 | echo -ne "${YC}WARNING:${CE} ${dependency} is not installed on this machine. " 67 | echo -e "Please consider installing it to continue.\n" 68 | exit 1 69 | fi 70 | } 71 | 72 | check_sudo() { 73 | local command="$1" 74 | 75 | if [[ $(id -u) -ne 0 ]]; then 76 | echo "This command requires sudo permission." 77 | echo -e "Please run 'sudo pods_mfa ${command}'\n" 78 | exit 1 79 | fi 80 | } 81 | 82 | echo_progress() { 83 | local message="$1" 84 | local time="$2" 85 | echo -n "${message} " 86 | 87 | for i in 208 202 166 58 64 70 82; do 88 | echo -ne "\033[1;38;5;${i}m>${CE} " 89 | sleep "${time}" 90 | done 91 | 92 | echo -ne " ${GC}OK${CE}\n" 93 | } 94 | 95 | err() { 96 | echo -e "\n${RC}ERROR:${CE} $*" >&2 97 | } 98 | 99 | is_input_positive() { 100 | local input 101 | input="$(echo "$1" | xargs)" 102 | 103 | case "${input}" in 104 | [Yy]* | [Yy][Ee][Ss]*) echo true ;; 105 | [Nn]* | [Nn][Oo]*) echo false ;; 106 | *) echo "idk" ;; 107 | esac 108 | } 109 | 110 | is_k9s_user() { 111 | installed="$(command -v k9s &> /dev/null)" 112 | if [[ -z "${installed}" ]]; then 113 | echo true 114 | fi 115 | } 116 | 117 | remove_aliases() { 118 | sed -i '/^#Pods AWS MFA Aliases$/d' "$HOME/.bash_aliases" 119 | sed -i '/^alias toprd=.*/d' "$HOME/.bash_aliases" 120 | sed -i '/^alias toqa=.*/d' "$HOME/.bash_aliases" 121 | sed -i '/^alias todev=.*/d' "$HOME/.bash_aliases" 122 | sed -i '/^alias podsprd=.*/d' "$HOME/.bash_aliases" 123 | sed -i '/^alias podsqa=.*/d' "$HOME/.bash_aliases" 124 | sed -i '/^alias podsdev=.*/d' "$HOME/.bash_aliases" 125 | source "$HOME/.bash_aliases" 126 | } 127 | 128 | remove_user_arn_env() { 129 | sed -i "/^export AWS_ARN=.*/d" "$HOME/.bashrc" 130 | source "$HOME/.bashrc" 131 | } 132 | 133 | ### PODS_MFA UTILS [END] ### 134 | ####################################### 135 | 136 | ####################################### 137 | # check_script_setup: 138 | # Checks and sets up the necessary requirements for the script to work correctly. 139 | # Side effects: 140 | # Changes the script's permissions to executable. 141 | # Creates or updates a symbolic link to the script. 142 | ####################################### 143 | check_script_setup() { 144 | local script_name 145 | local script_path 146 | local type 147 | 148 | if [[ ! -x "${0}" ]]; then 149 | echo_progress "Making this script executable" 0.2 150 | chmod +x "${0}" 151 | fi 152 | 153 | script_name="$(basename "${0}")" 154 | local link_path="/usr/bin/${script_name%.*}" 155 | script_path="$(readlink -f "${0}")" 156 | 157 | if [[ ! -L "${link_path}" ]] || [[ ! -e "${link_path}" ]]; then 158 | echo_progress "Linking important stuff" 0.2 159 | sudo ln -sf "${script_path}" "${link_path}" 160 | else 161 | type="$(file -b "${link_path}")" 162 | 163 | if [[ "${type}" != "symbolic link to ${script_path}" ]]; then 164 | echo_progress "Adjusting some symbolic links" 0.2 165 | sudo ln -sf "${script_path}" "${link_path}" 166 | fi 167 | 168 | fi 169 | 170 | echo_progress "Checking for dependencies" 0.2 171 | check_dependency "aws" 172 | } 173 | 174 | remove_script_setup() { 175 | remove_aliases 176 | remove_user_arn_env 177 | rm -f /tmp/pods_mfa.* 178 | sudo rm /usr/bin/pods_mfa 179 | echo_progress "Removing pods_mfa" 0.5 180 | } 181 | 182 | verify_aliases() { 183 | if [[ ! -f "$HOME/.bash_aliases" ]]; then 184 | touch "$HOME/.bash_aliases" 185 | fi 186 | 187 | if grep -q "#Pods AWS MFA Aliases" "$HOME/.bash_aliases"; then 188 | remove_aliases 189 | fi 190 | } 191 | 192 | ####################################### 193 | # write_aliases: 194 | # Writes specific aliases to the ~/.bash_aliases file. 195 | # Inputs: 196 | # has_contexts - If true, asks for user input on context for production, QA, and development. 197 | # Side effects: 198 | # Modifies the ~/.bash_aliases file. 199 | ####################################### 200 | write_aliases() { 201 | local has_contexts="$1" 202 | local k9s_user 203 | local contexts=() 204 | 205 | if [[ "${has_contexts}" == true ]]; then 206 | 207 | while true; do 208 | local continue 209 | local input 210 | local correct 211 | 212 | for env_context in production qa development; do 213 | local context 214 | read -rp "Enter context for ${env_context}: " input 215 | context="$(echo "${input}" | xargs)" 216 | contexts+=("${context}") 217 | done 218 | 219 | echo -e "\nInformed Contexts\n PRD: ${contexts[0]}\n QA: ${contexts[1]}\n DEV: ${contexts[2]}\n" 220 | echo -ne "${ARROW} " 221 | read -rp "Please confirm, are the contexts correct? [yes/no] " correct 222 | continue="$(is_input_positive "${correct}")" 223 | 224 | if [[ "${continue}" == true ]]; then 225 | break 226 | fi 227 | 228 | echo " " 229 | done 230 | 231 | local prd_context="kubectl config use-context ${contexts[0]} >/dev/null 2>&1 &&" 232 | local qa_context="kubectl config use-context ${contexts[1]} >/dev/null 2>&1 &&" 233 | local dev_context="kubectl config use-context ${contexts[2]} >/dev/null 2>&1 &&" 234 | else 235 | local prd_context=""; local qa_context=""; local dev_context=""; 236 | fi 237 | 238 | local title="#Pods AWS MFA Aliases" 239 | local to_prd="alias toprd='kubectl config use-context ${contexts[0]}'" 240 | local to_qa="alias toqa='kubectl config use-context ${contexts[1]}'" 241 | local to_dev="alias todev='kubectl config use-context ${contexts[2]}'" 242 | local pods_prd="alias podsprd='pods_mfa -ck && ${prd_context} k9s -n production'" 243 | local pods_qa="alias podsqa='pods_mfa -ck && ${qa_context} k9s -n qa'" 244 | local pods_dev="alias podsdev='pods_mfa -ck && ${dev_context} k9s -n development'" 245 | 246 | printf "%s\n" "${title}" "${to_prd}" "${to_qa}" "${to_dev}" >> "$HOME/.bash_aliases" 247 | k9s_user="$(is_k9s_user)" 248 | 249 | if [ "${k9s_user}" == true ]; then 250 | printf "%s\n" "${pods_prd}" "${pods_qa}" "${pods_dev}" >> "$HOME/.bash_aliases" 251 | fi 252 | 253 | source "$HOME/.bash_aliases" 254 | } 255 | 256 | ####################################### 257 | # verify_arn: 258 | # Verifies if the AWS_ARN is exported in "$HOME/.bashrc". If not, extracts the value and exports it. 259 | # Side effects: 260 | # Modifies the "$HOME/.bashrc" file to include the AWS_ARN export if it's not already present. 261 | # Related doc: 262 | # https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/get-user.html 263 | # Note that the text output pattern is: "USER PATH ARN USER_ID CREATE_DATE" 264 | ####################################### 265 | verify_arn() { 266 | local output 267 | local arn 268 | 269 | if ! grep -q "export AWS_ARN=" "$HOME/.bashrc"; then 270 | output="$(aws iam get-user --output text 2>&1)" 271 | arn="$(echo "${output}" | grep -o -P 'arn:aws:iam::[^[:space:]]*')" 272 | 273 | if [[ -n "${arn}" ]]; then 274 | 275 | if [[ "${arn}" == *":user/"* ]]; then 276 | arn="${arn/user/mfa}" 277 | fi 278 | 279 | echo "export AWS_ARN=\"${arn}\"" >> "$HOME/.bashrc" 280 | source "$HOME/.bashrc" 281 | else 282 | err "USER_ARN_NOT_FOUND\n" 283 | check_dependency "aws" 284 | echo "Please check your configuration in the aws-cli." 285 | echo -e "Is everything okay? Set your USER_ARN manually with 'pods_mfa --set-arn'\n" 286 | exit 1 287 | fi 288 | 289 | fi 290 | } 291 | 292 | set_arn() { 293 | local user_arn 294 | 295 | while true; do 296 | read -rp "Inform your user ARN: " user_arn 297 | 298 | while ! [[ "${user_arn}" =~ arn:aws:iam::[^[:space:]]* ]]; do 299 | err "INVALID_USER_ARN\n" 300 | read -rp "Insert a valid user ARN: " user_arn 301 | done 302 | 303 | echo -e "\n ${OC}USER_ARN${CE}: ${user_arn}\n" 304 | echo -ne "${ARROW} " 305 | read -rp "Please confirm, is this your personal ARN? [yes/no] " correct 306 | continue="$(is_input_positive "${correct}")" 307 | 308 | if [[ "${continue}" == true ]]; then 309 | break 310 | fi 311 | 312 | echo " " 313 | done 314 | 315 | remove_user_arn_env 316 | echo "export AWS_ARN=\"${user_arn}\"" >> "$HOME/.bashrc" 317 | source "$HOME/.bashrc" 318 | echo " " 319 | echo_progress "Saving your personal ARN" 0.2 320 | } 321 | 322 | refresh_temp_file_expiration() { 323 | local actual_temp_file 324 | local new_temp_file 325 | local expiration_timestamp 326 | local timezone 327 | 328 | actual_temp_file="$(find /tmp -type f -name "pods_mfa.*" 2>/dev/null)" 329 | 330 | if [[ -n "${actual_temp_file}" ]]; then 331 | rm -f /tmp/pods_mfa.* 332 | fi 333 | 334 | new_temp_file="$(mktemp /tmp/pods_mfa.XXXXXX)" 335 | local expiration_datetime="$1" 336 | expiration_timestamp="$(date +%s -d "${expiration_datetime}")" 337 | timezone="$(date -d "${expiration_datetime}" +%:::z)" 338 | echo "${expiration_timestamp} ${timezone}" >> "${new_temp_file}" 339 | } 340 | 341 | ####################################### 342 | # get_new_token: 343 | # Asks for the MFA code and tries to get a new session token using it. 344 | # If successful, updates the AWS credentials with the new session token. 345 | # Inputs: 346 | # response_expected - if true, feedback will be provided to the user. 347 | # Side effects: 348 | # Modifies the AWS credentials with the new session token. 349 | # Stores the token expiration date and its timezone in a temporary file. 350 | # Related doc: 351 | # https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html 352 | # Note that the text output pattern is: "CREDENTIALS ACCESS_KEY EXPIRATION SECRET_KEY SESSION_TOKEN" 353 | ####################################### 354 | get_new_token() { 355 | local response_expected="$1" 356 | 357 | while true; do 358 | local mfa_code 359 | local output 360 | local title 361 | local try_again 362 | local continue 363 | 364 | read -rp "Insert your MFA code: " mfa_code 365 | 366 | while ! [[ "${mfa_code}" =~ ^[0-9]{6}$ ]]; do 367 | err "INVALID_CODE\n" 368 | read -rp "Insert a valid MFA code: " mfa_code 369 | done 370 | 371 | output="$(aws sts get-session-token --serial-number "${AWS_ARN}" --token-code "${mfa_code}" --output text)" 372 | title="$(echo "${output}" | awk '{print $1}')" 373 | 374 | if [[ "${title}" == "CREDENTIALS" ]]; then 375 | local access_key 376 | local secret_key 377 | local session_token 378 | local expiration_datetime 379 | 380 | access_key="$(echo "${output}" | awk '{print $2}')" 381 | secret_key="$(echo "${output}" | awk '{print $4}')" 382 | session_token="$(echo "${output}" | awk '{print $5}')" 383 | 384 | aws configure --profile "mfa" set aws_access_key_id "${access_key}" 385 | aws configure --profile "mfa" set aws_secret_access_key "${secret_key}" 386 | aws configure --profile "mfa" set aws_session_token "${session_token}" 387 | 388 | expiration_datetime="$(echo "${output}" | awk '{print $3}')" 389 | refresh_temp_file_expiration "${expiration_datetime}" 390 | 391 | if [[ "${response_expected}" == true ]]; then 392 | echo -e "AWS Session Token ${GC}updated successfully${CE}.\n" 393 | fi 394 | 395 | break 396 | fi 397 | 398 | err "${output}" 399 | 400 | read -rp $'\e[1mDo you want to try again?\e[0m [yes/no] ' try_again 401 | continue="$(is_input_positive "${try_again}")" 402 | 403 | if [[ "${continue}" == false ]]; then 404 | break 405 | fi 406 | 407 | done 408 | } 409 | 410 | ####################################### 411 | # check_token: 412 | # Verify the expiration status of the current AWS session token by comparing the previously recorded 413 | # expiration time with the current timestamp, or alternatively, utilize an aws-cli command to perform the check. 414 | # Side effects: 415 | # If the AWS session token has expired, gets a new one. 416 | # Related doc: 417 | # https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-caller-identity.html 418 | ####################################### 419 | check_token() { 420 | local temp_file 421 | local expired_token 422 | 423 | temp_file="$(find /tmp -type f -name "pods_mfa.*" 2>/dev/null)" 424 | 425 | if [[ -n "${temp_file}" ]]; then 426 | local expiration_time 427 | local timezone 428 | local current_time 429 | 430 | expiration_time="$(awk '{print $1}' "${temp_file}")" 431 | timezone="$(awk '{print $2}' "${temp_file}")" 432 | current_time="$(TZ="${timezone}" date +%s)" 433 | 434 | if (( current_time >= expiration_time )); then 435 | expired_token=true 436 | fi 437 | 438 | else 439 | local output 440 | 441 | output="$(aws --profile "mfa" sts get-caller-identity 2>&1)" 442 | 443 | if [[ "${output}" == *"(ExpiredToken)"* ]]; then 444 | expired_token=true 445 | fi 446 | 447 | fi 448 | 449 | if [[ "${expired_token}" == true ]]; then 450 | echo -e "AWS Session Token ${RC}has expired${CE}." 451 | get_new_token 452 | else 453 | local response_expected="$1" 454 | 455 | if [[ "${response_expected}" == true ]]; then 456 | echo -e "\nAWS Session Token is ${GC}currently active${CE}.\n" 457 | fi 458 | 459 | fi 460 | } 461 | 462 | show_user_info() { 463 | local arn_line 464 | local user_arn 465 | 466 | echo -e "\npods_aws_mfa/${OC}user_arn${CE}\n" 467 | 468 | if grep -q "export AWS_ARN" "$HOME/.bashrc"; then 469 | arn_line="$(awk "/^export AWS_ARN/" "$HOME/.bashrc")" 470 | user_arn="$(echo "${arn_line}" | grep -o '"[^"]*"')" 471 | echo " ${user_arn//\"/}" 472 | echo -ne "\n ${ARROW} If you wish to change your user ARN run 'pods_mfa --set-arn'," 473 | echo " or edit it manually in the ~/.bashrc file." 474 | else 475 | echo -e "${YC}WARNING:${CE} User ARN is not set." 476 | echo -e "Please configure it by running 'pods_mfa --configure' OR 'pods_mfa --set-arn' to do it manually." 477 | fi 478 | 479 | echo -e "\npods_aws_mfa/${OC}aliases${CE}/\n" 480 | 481 | if grep -q "#Pods AWS MFA Aliases" "$HOME/.bash_aliases"; then 482 | local aliases_values=() 483 | local aliases_names=("toprd" "toqa" "todev") 484 | 485 | local k9s_user 486 | k9s_user="$(is_k9s_user)" 487 | 488 | if [ "${k9s_user}" == true ]; then 489 | aliases_names+=("podsprd" "podsqa" "podsdev") 490 | fi 491 | 492 | for alias in "${aliases_names[@]}"; do 493 | local alias_line 494 | local alias_value 495 | 496 | alias_line="$(awk "/^alias ${alias}/" "$HOME/.bash_aliases")" 497 | alias_value="$(echo "${alias_line}" | grep -o "'[^']*'")" 498 | local alias_without_quotes="${alias_value//\'/}" 499 | aliases_values+=("${alias_without_quotes}") 500 | done 501 | 502 | local array_item=0 503 | 504 | for alias in "${aliases_names[@]}"; do 505 | 506 | if [[ -n "${aliases_values[${array_item}]}" ]]; then 507 | echo -e " ${OC}${alias}${CE}: ${aliases_values[${array_item}]}\n" 508 | fi 509 | 510 | ((array_item++)) 511 | done 512 | 513 | echo -ne " ${ARROW} If you wish to change/remove the contexts run 'pods_mfa --change-aliases'," 514 | echo -e " or edit the aliases manually in the ~/.bash_aliases file.\n" 515 | else 516 | echo -e "Aliases were not found.\n${ARROW} If you wish to use it run 'pods_mfa --configure'\n" 517 | fi 518 | } 519 | 520 | case "$1" in 521 | -ck) check_token ;; 522 | --check) check_token true ;; 523 | --update) get_new_token true ;; 524 | --change-aliases) 525 | verify_aliases 526 | read -rp "Will the new aliases have different contexts? [yes/no] " user_input 527 | has_contexts="$(is_input_positive "${user_input}")" 528 | write_aliases "${has_contexts}" 529 | echo -e "${ARROW} Aliases updated!\n" 530 | ;; 531 | --show) show_user_info ;; 532 | --help) show_usage ;; 533 | --set-arn) set_arn ;; 534 | --install) 535 | check_sudo "--install" && check_script_setup 536 | echo -e "The script is ready to work!\nPlease run the command below so you can start using it." 537 | echo -e " ${ARROW} pods_mfa --configure\n" 538 | ;; 539 | --configure) 540 | verify_arn 541 | read -rp "Do you need to access different contexts to see your pods? [yes/no] " different 542 | has_contexts="$(is_input_positive "${different}")" 543 | verify_aliases && write_aliases "${has_contexts}" 544 | k9s_user="$(is_k9s_user)" 545 | echo "It's all set up!" 546 | 547 | if [[ "${has_contexts}" == true ]]; then 548 | echo -e "${ARROW} Change your clusters context by running 'toprd', 'toqa' or 'todev'." 549 | fi 550 | 551 | if [[ "${k9s_user}" == true ]]; then 552 | echo -e "${ARROW} Access your pods by running 'podsdev', 'podsqa' or 'podsprd'.\n" 553 | else 554 | echo -ne "${ARROW} You can check if your credentials have expired with 'pods_mfa --check'" 555 | echo -e "or run 'pods_mfa --update' to update it directly.\n" 556 | fi 557 | 558 | check_dependency "kubectl" 559 | ;; 560 | --version) echo -e "pods_mfa ${SCRIPT_VERSION}\n" ;; 561 | --uninstall) remove_script_setup ;; 562 | *) 563 | err "INVALID_ARGUMENT" 564 | echo -e "${ARROW} Use the '--help' option to see available arguments.\n" 565 | ;; 566 | esac --------------------------------------------------------------------------------