aws-roleshell/aws_roleshell.py at master · hashbrowncipher/aws-roleshell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import argparse
import os
try:
    from shlex import quote as cmd_quote
except ImportError:
    from pipes import quote as cmd_quote

from awscli.customizations.commands import BasicCommand


def awscli_initialize(event_hooks):
    event_hooks.register('building-command-table.main', inject_commands)


def inject_commands(command_table, session, **kwargs):
    command_table['roleshell'] = RoleShell(session)


def print_creds(environment_overrides):
    exports = []
    for var, value in environment_overrides.items():
        if value is not None:
            exports.append("export {}={}".format(var, cmd_quote(value)))
        else:
            exports.append("unset {}".format(var))

    print("\n".join(exports))


def get_exec_args(input_command):
    if len(input_command) == 0:
        input_command = (os.environ['SHELL'],)

    return (input_command[0], input_command)


def run_command(environment_overrides, command):
    for var, value in environment_overrides.items():
        if value is not None:
            os.environ[var] = environment_overrides[var]
        elif var in os.environ:
            del os.environ[var]

    # TODO: use a copy of the environment with variables deleted, to support
    # platforms without unsetenv() support.
    os.execvp(command[0], command)


def run_shell(environment_overrides, command):
    # If the first argument to the shell begins with -, the user will want to
    # separate the remainder of the arguments list with --, which awscli will
    # unhelpfully pass on to us.
    command.insert(0, os.environ['SHELL'])
    run_command(environment_overrides, command)


class RoleShell(BasicCommand):
    NAME = 'roleshell'
    DESCRIPTION = (
        'Executes a command with temporary AWS credentials provided as '
        'environment variables')
    ARG_TABLE = [
        dict(name='shell', action='store_true', help_text='Execute the current '
             'shell instead of a command.  Any remaining arguments, if any, '
             'are passed on to the new shell.'),
        dict(name='command', nargs=argparse.REMAINDER, positional_arg=True,
             synopsis='[command] [args ...]'),
    ]

    def _build_environment_overrides(self):
        environment_overrides = {}

        creds = self._session.get_credentials()
        environment_overrides['AWS_ACCESS_KEY_ID'] = creds.access_key
        environment_overrides['AWS_SECRET_ACCESS_KEY'] = creds.secret_key
        environment_overrides['AWS_SESSION_TOKEN'] = creds.token

        region = self._session.get_config_variable('region')
        environment_overrides['AWS_DEFAULT_REGION'] = region

        return environment_overrides

    def _run_main(self, args, parsed_globals):
        environment_overrides = self._build_environment_overrides()

        if args.command[0:1] == ["--"]:
            args.command.pop(0)

        if args.shell:
            run_shell(environment_overrides, args.command)
        elif args.command:
            run_command(environment_overrides, args.command)
        else:
            print_creds(environment_overrides)