fixes and features - mfa and credentials file support, etc

aws-export-assume-profile

@@ -13,7 +13,7 @@ set -o pipefail
 ###
 ###
 ###
-APP_VERSION="v0.2"
+APP_VERSION="v0.3"
 APP_DATE="2020-10-08"
 APP_NAME="aws-export-assume-profile"
 
@@ -23,13 +23,13 @@ APP_NAME="aws-export-assume-profile"
 ###
 PROFILE="${1:-default}"
 CONFIG="${2:-${HOME}/.aws/config}"
+CREDENTIALS="${3:-${HOME}/.aws/credentials}"
 
 
 ###
 ### Will be populated from AWS profile
 ###
 ROLE_ARN=
-SOURCE_PROFILE=
 REGION=
 DURATION_SECONDS=3600
 
@@ -49,6 +49,7 @@ function unset_environment {
     echo "unset AWS_SESSION_TOKEN"
     echo "unset AWS_DELEGATION_TOKEN"
     echo "unset AWS_SECURITY_TOKEN"
+    echo "unset AWS_EXPIRATION"
     echo "unset AWS_DEFAULT_REGION"
 }
 
@@ -76,12 +77,15 @@ function json_get_key {
 ###
 ### @param   config  Path to .aws/config
 ### @param   profile Name of AWS profile
-### @returns         Success if profile was found, otherwise failure
+### @param   credentials Path to .aws/credentials
+### @returns Success if profile was found, otherwise failure
 ###
 function extract_aws_profile {
     local config="${1}"
     local profile="${2}"
+    local credentials="${3}"
 
+    local regex_cred_start="^[[:space:]]*\[[[:space:]]*${profile}[[:space:]]*\]\$"
     local regex_profile_start="^[[:space:]]*\[[[:space:]]*profile[[:space:]][[:space:]]*${profile}[[:space:]]*\]\$"
     local regex_profile_end="^[[:space:]]*\["
     local start=0
@@ -91,39 +95,41 @@ function extract_aws_profile {
         regex_profile_start="^[[:space:]]*\[[[:space:]]*default[[:space:]]*\]\$"
     fi
 
-    while read -r line; do
-        # Find the start of the profile
-        if [[ "${line}" =~ ${regex_profile_start} ]]; then
-            start=1
-            continue
-        fi
-        # Find the end of the profile
-        if [ "${start}" -eq "1" ]; then
-            if [[ "${line}" =~ ${regex_profile_end} ]]; then
-                end=1
-                break
+    for file in ${config} ${credentials}; do
+        while read -r line; do
+            # Find the start of the profile
+            if echo "${line}" | grep -q "${regex_profile_start}"; then
+                start=1
+                continue
             fi
-        fi
-        # In profile
-        if [ "${start}" -eq "1" ] && [ "${end}" -eq "0" ]; then
-            # Get RoleArn
-            if [[ "${line}" =~ ^[[:space:]]*role_arn[[:space:]]*= ]]; then
-                ROLE_ARN="${line#*=}"
+            if echo "${line}" | grep -q "${regex_cred_start}"; then
+                start=1
+                continue
             fi
-            # Get Source Profile
-            if [[ "${line}" =~ ^[[:space:]]*source_profile[[:space:]]*= ]]; then
-                SOURCE_PROFILE="${line#*=}"
+            # Find the end of the profile
+            if [ "${start}" -eq "1" ]; then
+                if echo "${line}" | grep -q "${regex_profile_end}"; then
+                    end=1
+                    break
+                fi
             fi
-            # Get Region
-            if [[ "${line}" =~ ^[[:space:]]*region[[:space:]]*= ]]; then
-                REGION="${line#*=}"
+            # In profile
+            if [ "${start}" -eq "1" ] && [ "${end}" -eq "0" ]; then
+                # Get RoleArn
+                if [[ "${line}" =~ ^[[:space:]]*role_arn[[:space:]]*= ]]; then
+                    ROLE_ARN="${line#*=}"
+                fi
+                # Get Region
+                if [[ "${line}" =~ ^[[:space:]]*region[[:space:]]*= ]]; then
+                    REGION="${line#*=}"
+                fi
+                # Get Login duration
+                if [[ "${line}" =~ ^[[:space:]]*duration_seconds[[:space:]]*= ]]; then
+                    DURATION_SECONDS="${line#*=}"
+                fi
             fi
-            # Get Login duration
-            if [[ "${line}" =~ ^[[:space:]]*duration_seconds[[:space:]]*= ]]; then
-                DURATION_SECONDS="${line#*=}"
-            fi
-        fi
-    done < "${config}"
+        done < "${file}"
+    done
 
     # Return 1 if no profile was found
     if [ "${start}" -eq "0" ]; then
@@ -182,6 +188,7 @@ Available exports:
     AWS_SESSION_TOKEN
     AWS_DELEGATION_TOKEN
     AWS_SECURITY_TOKEN (unset only)
+    AWS_EXPIRATION
     AWS_DEFAULT_REGION
 
 Examples to show output:
@@ -219,8 +226,8 @@ fi
 ###
 ### Extract and populate profile variables
 ###
-if ! extract_aws_profile "${CONFIG}" "${PROFILE}"; then
-    >&2 echo "Error, profile '${PROFILE}' not found in: ${CONFIG}"
+if ! extract_aws_profile "${CONFIG}" "${PROFILE}" "${CREDENTIALS}"; then
+    >&2 echo "Error, profile '${PROFILE}' not found in: ${CONFIG} or ${CREDENTIALS}"
     exit 1
 fi
 
@@ -230,10 +237,10 @@ fi
 ###
 OUTPUT="$(
     aws sts assume-role \
-        --profile "${SOURCE_PROFILE}" \
+        --profile "${PROFILE}" \
         --role-arn "${ROLE_ARN}" \
         --duration-seconds "${DURATION_SECONDS}" \
-        --role-session-name "${PROFILE}"
+        --role-session-name "${USER}-$(basename "${0}")-${PROFILE}"
 )"
 
 
@@ -243,6 +250,7 @@ OUTPUT="$(
 AWS_SECRET_ACCESS_KEY="$( json_get_key "${OUTPUT}" "SecretAccessKey" )"
 AWS_ACCESS_KEY="$( json_get_key "${OUTPUT}" "AccessKeyId" )"
 AWS_SESSION_TOKEN="$( json_get_key "${OUTPUT}" "SessionToken" )"
+AWS_EXPIRATION="$( json_get_key "${OUTPUT}" "Expiration" )"
 
 
 ###
@@ -260,6 +268,9 @@ if [ -n "${AWS_SESSION_TOKEN}" ]; then
     echo "export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}"
     echo "export AWS_DELEGATION_TOKEN=${AWS_SESSION_TOKEN}"
 fi
+if [ -n "${AWS_EXPIRATION}" ]; then
+    echo "export AWS_EXPIRATION=${AWS_EXPIRATION}"
+fi
 if [ -n "${REGION}" ]; then
     echo "export AWS_DEFAULT_REGION=${REGION}"
 fi