diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile new file mode 100644 index 0000000..b33b1d9 --- /dev/null +++ b/.gitpod.Dockerfile @@ -0,0 +1,54 @@ +FROM jsii/superchain:1-buster-slim-node14 + +ARG AWS_CLI_V2_URL='https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip' +ARG TERRAFORM_URL='https://releases.hashicorp.com/terraform/1.1.0/terraform_1.1.0_linux_amd64.zip' + +# Install custom tools, runtime, etc. +RUN brew install fzf + + +USER root:root +# install jq wget +RUN apt-get update && apt-get install -y jq wget + +RUN mv $(which aws) /usr/local/bin/awscliv1 && \ + curl "${AWS_CLI_V2_URL}" -o "/tmp/awscliv2.zip" && \ + unzip /tmp/awscliv2.zip -d /tmp && \ + /tmp/aws/install + +# install terraform +RUN curl -o terraform.zip "${TERRAFORM_URL}" && \ + unzip terraform.zip && \ + mv terraform /usr/local/bin/ && \ + rm -f terraform.zip + +# install aws-sso-credential-process +RUN cd /usr/local/bin && \ + curl -o aws-sso-credential-process "${CRED_PROCESS_URL}" && \ + chmod +x aws-sso-credential-process + +# install session-manager-plugin(required for aws ssm start-session) +RUN curl "${SESSION_MANAGER_PLUGIN}" -o "session-manager-plugin.deb" && \ + dpkg -i session-manager-plugin.deb && \ + rm -f session-manager-plugin.deb +#install zip +RUN apt-get update -y && \ + apt-get upgrade -y && \ + apt-get dist-upgrade -y && \ + apt-get -y autoremove && \ + apt-get clean +RUN apt-get install -y p7zip \ + p7zip-full \ + unace \ + zip \ + unzip \ + xz-utils \ + sharutils \ + uudeview \ + mpack \ + arj \ + cabextract \ + file-roller \ + && rm -rf /var/lib/apt/lists/* +CMD ["bash"] +USER superchain:superchain diff --git a/.gitpod.yml b/.gitpod.yml index fddefd2..8054689 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,3 +1,21 @@ +github: + prebuilds: + pullRequestsFromForks: true + addComment: true + +image: + file: .gitpod.Dockerfile +tasks: + - init: ${GITPOD_REPO_ROOT}/init-script.sh + +vscode: + extensions: + - dbaeumer.vscode-eslint + +vscode: + extensions: + - dbaeumer.vscode-eslint + tasks: - init: | sudo docker pull registry.jetbrains.team/p/prj/containers/projector-pycharm-c diff --git a/aws-sso-credential-process b/aws-sso-credential-process new file mode 100644 index 0000000..08720b2 --- /dev/null +++ b/aws-sso-credential-process @@ -0,0 +1,49 @@ +#!/bin/bash + +# This script generates output for process_credentials from a user authenticated via SSO +# Before using, make sure that the AWS SSO is configured in your CLI: `aws configure sso` +# Usage: aws-sso-credential-process [AWS_PROFILE_NAME] + +if [ $# -gt 0 ]; then + AWS_PROFILE="$1" +fi + +profile=${AWS_PROFILE-default} +temp_identity=$(aws --profile "$profile" sts get-caller-identity) +account_id=$(echo $temp_identity | jq -r .Arn | cut -d: -f5) +assumed_role_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f2) +session_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f3) +sso_region=$(aws --profile "$profile" configure get sso_region) + +if [[ $sso_region == 'us-east-1' ]]; then + sso_region_string='' +else + sso_region_string="${sso_region}/" +fi +role_arn="arn:aws:iam::${account_id}:role/aws-reserved/sso.amazonaws.com/${sso_region_string}${assumed_role_name}" + + +request_credentials() { + credentials=$( + aws sts assume-role \ + --profile $profile \ + --role-arn $role_arn \ + --role-session-name $session_name | jq '.Credentials + {Version: 1}' + ) +} + +request_credentials + +if [ $? -ne 0 ]; then + aws sso login --profile "$profile" + + if [ $? -ne 0 ]; then + exit 1 + fi + + request_credentials +fi + +echo $credentials + +exit 0 diff --git a/dockerfile.sh b/dockerfile.sh new file mode 100644 index 0000000..e9894e8 --- /dev/null +++ b/dockerfile.sh @@ -0,0 +1,6 @@ +for dockerfile in $(find . -not -path "\./\.*" -name "Dockerfile"); do + path=$(dirname $dockerfile) + echo "\033[32mBuilding container flynn/$(basename $path)... \033[39m" + cd $path && docker build -t flynn/$(basename $path) . + cd - > /dev/null +done diff --git a/init-script.sh b/init-script.sh new file mode 100644 index 0000000..fc6e59b --- /dev/null +++ b/init-script.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +echo "source /usr/share/bash-completion/completions/git" >> $HOME/.bashrc diff --git a/refresh_credentials.sh b/refresh_credentials.sh new file mode 100644 index 0000000..fd3d3c2 --- /dev/null +++ b/refresh_credentials.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# This script generates AWS Programmatic Access credentials from a user authenticated via SSO +# Before using, make sure that the AWS SSO is configured in your CLI: `aws configure sso` + +profile=${AWS_PROFILE-default} +temp_identity=$(aws --profile "$profile" sts get-caller-identity) +account_id=$(echo $temp_identity | jq -r .Arn | cut -d: -f5) +assumed_role_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f2) +session_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f3) +sso_region=$(aws --profile "$profile" configure get sso_region) + +if [[ $sso_region == 'us-east-1' ]]; then + sso_region_string='' +else + sso_region_string="${sso_region}/" +fi +role_arn="arn:aws:iam::${account_id}:role/aws-reserved/sso.amazonaws.com/${sso_region_string}${assumed_role_name}" + + +request_credentials() { + credentials=$( + aws sts assume-role \ + --profile $profile \ + --role-arn $role_arn \ + --role-session-name $session_name + ) +} + +echo "=> requesting temporary credentials" +request_credentials + +if [ $? -ne 0 ]; then + aws sso login --profile "$profile" + + if [ $? -ne 0 ]; then + exit 1 + fi + + request_credentials +fi + +echo "=> updating ~/.aws/credentials as profile $profile" + +access_key_id=$(echo $credentials | jq -r .Credentials.AccessKeyId) +secret_access_key=$(echo $credentials | jq -r .Credentials.SecretAccessKey) +session_token=$(echo $credentials | jq -r .Credentials.SessionToken) + +aws configure set --profile "$profile" aws_access_key_id "$access_key_id" +aws configure set --profile "$profile" aws_secret_access_key "$secret_access_key" +aws configure set --profile "$profile" aws_session_token "$session_token" + +echo "[OK] done"