gitpod-io · GoldenScientist · Mar 25, 2022 · Mar 25, 2022 · Mar 25, 2022 · Mar 25, 2022
diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile
@@ -0,0 +1,54 @@
+FROM jsii/superchain:1-buster-slim-node14
+
+ARG AWS_CLI_V2_URL='https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip'
+ARG TERRAFORM_URL='https://releases.hashicorp.com/terraform/1.1.0/terraform_1.1.0_linux_amd64.zip'
+
+# Install custom tools, runtime, etc.
+RUN brew install fzf
+
+
+USER root:root
+# install jq wget
+RUN apt-get update && apt-get install -y jq wget
+
+RUN mv $(which aws) /usr/local/bin/awscliv1 && \
+  curl "${AWS_CLI_V2_URL}" -o "/tmp/awscliv2.zip" && \
+  unzip /tmp/awscliv2.zip -d /tmp && \
+  /tmp/aws/install
+
+# install terraform
+RUN curl -o terraform.zip "${TERRAFORM_URL}" && \
+  unzip terraform.zip && \
+  mv terraform /usr/local/bin/ && \
+  rm -f terraform.zip
+
+# install aws-sso-credential-process
+RUN cd /usr/local/bin && \
+  curl -o aws-sso-credential-process "${CRED_PROCESS_URL}" && \
+  chmod +x aws-sso-credential-process
+
+# install session-manager-plugin(required for aws ssm start-session)
+RUN curl "${SESSION_MANAGER_PLUGIN}" -o "session-manager-plugin.deb" && \
+  dpkg -i session-manager-plugin.deb && \
+  rm -f session-manager-plugin.deb
+#install zip 
+RUN  apt-get update -y && \
+     apt-get upgrade -y && \
+     apt-get dist-upgrade -y && \
+     apt-get -y autoremove && \
+     apt-get clean
+RUN apt-get install -y p7zip \
+    p7zip-full \
+    unace \
+    zip \
+    unzip \
+    xz-utils \
+    sharutils \
+    uudeview \
+    mpack \
+    arj \
+    cabextract \
+    file-roller \
+    && rm -rf /var/lib/apt/lists/*
+CMD ["bash"]
+USER superchain:superchain
diff --git a/.gitpod.yml b/.gitpod.yml
@@ -1,3 +1,21 @@
+github:
+  prebuilds:
+    pullRequestsFromForks: true
+    addComment: true
+
+image: 
+  file: .gitpod.Dockerfile
+tasks:
+  - init: ${GITPOD_REPO_ROOT}/init-script.sh
+
+vscode:
+  extensions:
+    - dbaeumer.vscode-eslint
+
+vscode:
+  extensions:
+    - dbaeumer.vscode-eslint
+
 tasks:
   - init: |
       sudo docker pull registry.jetbrains.team/p/prj/containers/projector-pycharm-c

diff --git a/aws-sso-credential-process b/aws-sso-credential-process
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# This script generates output for process_credentials from a user authenticated via SSO
+# Before using, make sure that the AWS SSO is configured in your CLI: `aws configure sso`
+# Usage: aws-sso-credential-process [AWS_PROFILE_NAME]
+
+if [ $# -gt 0 ]; then
+  AWS_PROFILE="$1"
+fi
+
+profile=${AWS_PROFILE-default}
+temp_identity=$(aws --profile "$profile" sts get-caller-identity)
+account_id=$(echo $temp_identity | jq -r .Arn | cut -d: -f5)
+assumed_role_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f2)
+session_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f3)
+sso_region=$(aws --profile "$profile" configure get sso_region)
+
+if [[ $sso_region == 'us-east-1' ]]; then 
+  sso_region_string=''
+else
+  sso_region_string="${sso_region}/"
+fi
+role_arn="arn:aws:iam::${account_id}:role/aws-reserved/sso.amazonaws.com/${sso_region_string}${assumed_role_name}"
+
+
+request_credentials() {
+  credentials=$(
+    aws sts assume-role \
+      --profile $profile \
+      --role-arn $role_arn \
+      --role-session-name $session_name | jq '.Credentials + {Version: 1}'
+  )
+}
+
+request_credentials
+
+if [ $? -ne 0 ]; then
+  aws sso login --profile "$profile"
+
+  if [ $? -ne 0 ]; then
+    exit 1
+  fi
+
+  request_credentials
+fi
+
+echo $credentials
+
+exit 0
diff --git a/dockerfile.sh b/dockerfile.sh
@@ -0,0 +1,6 @@
+for dockerfile in $(find . -not -path "\./\.*" -name "Dockerfile"); do
+	path=$(dirname $dockerfile)
+	echo "\033[32mBuilding container flynn/$(basename $path)... \033[39m"
+	cd $path && docker build -t flynn/$(basename $path) .
+	cd - > /dev/null
+done
diff --git a/init-script.sh b/init-script.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "source /usr/share/bash-completion/completions/git" >> $HOME/.bashrc
diff --git a/refresh_credentials.sh b/refresh_credentials.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# This script generates AWS Programmatic Access credentials from a user authenticated via SSO
+# Before using, make sure that the AWS SSO is configured in your CLI: `aws configure sso`
+
+profile=${AWS_PROFILE-default}
+temp_identity=$(aws --profile "$profile" sts get-caller-identity)
+account_id=$(echo $temp_identity | jq -r .Arn | cut -d: -f5)
+assumed_role_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f2)
+session_name=$(echo $temp_identity | jq -r .Arn | cut -d/ -f3)
+sso_region=$(aws --profile "$profile" configure get sso_region)
+
+if [[ $sso_region == 'us-east-1' ]]; then 
+  sso_region_string=''
+else
+  sso_region_string="${sso_region}/"
+fi
+role_arn="arn:aws:iam::${account_id}:role/aws-reserved/sso.amazonaws.com/${sso_region_string}${assumed_role_name}"
+
+
+request_credentials() {
+  credentials=$(
+    aws sts assume-role \
+      --profile $profile \
+      --role-arn $role_arn \
+      --role-session-name $session_name
+  )
+}
+
+echo "=> requesting temporary credentials"
+request_credentials
+
+if [ $? -ne 0 ]; then
+  aws sso login --profile "$profile"
+
+  if [ $? -ne 0 ]; then
+    exit 1
+  fi
+
+  request_credentials
+fi
+
+echo "=> updating ~/.aws/credentials as profile $profile"
+
+access_key_id=$(echo $credentials | jq -r .Credentials.AccessKeyId)
+secret_access_key=$(echo $credentials | jq -r .Credentials.SecretAccessKey)
+session_token=$(echo $credentials | jq -r .Credentials.SessionToken)
+
+aws configure set --profile "$profile" aws_access_key_id "$access_key_id"
+aws configure set --profile "$profile" aws_secret_access_key "$secret_access_key"
+aws configure set --profile "$profile" aws_session_token "$session_token"
+
+echo "[OK] done"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		echo "source /usr/share/bash-completion/completions/git" >> $HOME/.bashrc