wrynegade/scwrypts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
531aa52146
scwrypts/zsh/lib/cloud/aws/rds.module.zsh
yage e199e9bf91 v3.5.0 
=====================================================================

--- Changes ------------------------------

- AWS (the cli wrapper) now checks for it's required variables *on run*.
  This accomodates scwrypts which may need to run in multiple regions,
  but make the downstream scwrypt responsible for adding AWS_REGION to
  the REQUIRED_ENV list!

- Got rid of all kinds of hackiness surrounding postgres password evals
  between both the postgres library and the rds library

--- Bug Fixes ----------------------------

- scwrypts --update now pulls tags for proper versioning
2023-08-24 17:11:34 -06:00

136 lines
3.1 KiB
Bash
Raw Blame History

#####################################################################
DEPENDENCIES+=(
docker
)
REQUIRED_ENV+=(
AWS_ACCOUNT
AWS_REGION
)
use cloud/aws/cli
#####################################################################
RDS__SELECT_DATABASE() {
local DATABASES=$(_RDS__GET_AVAILABLE_DATABASES)
[ ! $DATABASES ] && FAIL 1 'no databases available'
local ID=$(\
echo $DATABASES | jq -r '.instance + " @ " + .cluster' \
| FZF 'select a database (instance@cluster)' \
)
[ ! $ID ] && ABORT
local INSTANCE=$(echo $ID | sed 's/ @ .*$//')
local CLUSTER=$(echo $ID | sed 's/^.* @ //')
echo $DATABASES | jq "select (.instance == \"$INSTANCE\" and .cluster == \"$CLUSTER\")"
}
_RDS__GET_AVAILABLE_DATABASES() {
AWS rds describe-db-instances \
| jq -r '.[] | .[] | {
instance: .DBInstanceIdentifier,
cluster: .DBClusterIdentifier,
type: .Engine,
host: .Endpoint.Address,
port: .Endpoint.Port,
user: .MasterUsername,
database: .DBName
}'
}
RDS__GET_DATABASE_CREDENTIALS() {
local PRINT_PASSWORD=0
local ERRORS=0
while [[ $# -gt 0 ]]
do
case $1 in
--print-password ) PRINT_PASSWORD=1 ;;
* )
WARNING "unrecognized argument $1"
ERRORS+=1
;;
esac
shift 1
done
CHECK_ERRORS
##########################################
local DATABASE=$(RDS__SELECT_DATABASE)
[ ! $DATABASE ] && ABORT
DB_HOST="$(echo $DATABASE | jq -r '.host')"
[ ! $DB_HOST ] && { ERROR 'unable to find host'; return 2; }
DB_PORT="$(echo $DATABASE | jq -r '.port')"
[ ! $DB_PORT ] && DB_PORT=5432
[[ $DB_PORT =~ ^null$ ]] && DB_PORT=5432
##########################################
local AUTH_METHOD=$(\
echo "iam\nsecretsmanager\nuser-input" \
| FZF 'select an authentication method' \
)
[ ! $AUTH_METHOD ] && ABORT
case $AUTH_METHOD in
iam ) _RDS_AUTH__iam ;;
secretsmanager ) _RDS_AUTH__secretsmanager ;;
user-input ) _RDS_AUTH__userinput ;;
esac
[[ $PRINT_PASSWORD -eq 1 ]] && INFO "password : $DB_PASS"
return 0
}
_RDS_AUTH__iam() {
DB_PASS=$(\
AWS rds generate-db-auth-token \
--hostname $DB_HOST \
--port $DB_PORT \
--username $DB_USER \
)
}
_RDS_AUTH__secretsmanager() {
local CREDENTIALS=$(_RDS__GET_SECRETSMANAGER_CREDENTIALS)
echo $CREDENTIALS | jq -e '.pass' >/dev/null 2>&1 \
&& DB_PASS="$(echo $CREDENTIALS | jq -r '.pass')"
echo $CREDENTIALS | jq -e '.password' >/dev/null 2>&1 \
&& DB_PASS="$(echo $CREDENTIALS | jq -r '.password')"
echo $CREDENTIALS | jq -e '.user' >/dev/null 2>&1 \
&& DB_USER=$(echo $CREDENTIALS | jq -r '.user')
echo $CREDENTIALS | jq -e '.username' >/dev/null 2>&1 \
&& DB_USER=$(echo $CREDENTIALS | jq -r '.username')
echo $CREDENTIALS | jq -e '.name' >/dev/null 2>&1 \
&& DB_NAME=$(echo $CREDENTIALS | jq -r '.name')
echo $CREDENTIALS | jq -e '.dbname' >/dev/null 2>&1 \
&& DB_NAME=$(echo $CREDENTIALS | jq -r '.dbname')
}
_RDS__GET_SECRETSMANAGER_CREDENTIALS() {
local ID=$(\
AWS secretsmanager list-secrets \
| jq -r '.[] | .[] | .Name' \
| FZF 'select a secret' \
)
[ ! $ID ] && return 1
AWS secretsmanager get-secret-value --secret-id "$ID" \
| jq -r '.SecretString' | jq
}
Reference in New Issue View Git Blame Copy Permalink