===================================================================== --- Bug Fixes ---------------------------- - rds/interactive-login now escapes special password characters
122 lines
3.1 KiB
Bash
Executable File
122 lines
3.1 KiB
Bash
Executable File
#!/bin/zsh
|
|
_DEPENDENCIES+=()
|
|
_REQUIRED_ENV+=()
|
|
source ${0:a:h}/common.zsh
|
|
#####################################################################
|
|
|
|
__CONNECT_TO_RDS() {
|
|
local DATABASE=$(__SELECT_DATABASE)
|
|
[ ! $DATABASE ] && __ABORT
|
|
|
|
local DB_HOST DB_USER DB_PORT DB_NAME DB_AUTH DB_TYPE
|
|
|
|
DB_HOST=$(echo $DATABASE | jq -r '.host')
|
|
DB_USER=$(echo $DATABASE | jq -r '.user')
|
|
DB_PORT=$(echo $DATABASE | jq -r '.port')
|
|
DB_TYPE=$(echo $DATABASE | jq -r '.type')
|
|
|
|
[[ $DB_PORT =~ null ]] && DB_PORT=5432
|
|
DB_NAME=postgres
|
|
|
|
local AUTH_METHODS=(iam secretsmanager user-input)
|
|
local AUTH_METHOD=$(\
|
|
echo $AUTH_METHODS | sed 's/\s\+/\n/g' \
|
|
| __FZF 'select an authentication method' \
|
|
)
|
|
|
|
[ ! $AUTH_METHOD ] && __ABORT
|
|
|
|
case $AUTH_METHOD in
|
|
iam )
|
|
DB_AUTH=$(\
|
|
_AWS rds generate-db-auth-token \
|
|
--hostname $DB_HOST \
|
|
--port $DB_PORT \
|
|
--username $DB_USER \
|
|
)
|
|
;;
|
|
secretsmanager )
|
|
CREDENTIALS=$(__GET_SECRETSMANAGER_CREDENTIALS)
|
|
echo $CREDENTIALS | jq -e '.pass' >/dev/null 2>&1 \
|
|
&& DB_AUTH="'$(echo $CREDENTIALS | jq -r '.pass' | sed "s/'/'\"'\"'/g")'"
|
|
|
|
echo $CREDENTIALS | jq -e '.password' >/dev/null 2>&1 \
|
|
&& DB_AUTH="'$(echo $CREDENTIALS | jq -r '.password' | sed "s/'/'\"'\"'/g")'"
|
|
|
|
echo $CREDENTIALS | jq -e '.user' >/dev/null 2>&1 \
|
|
&& DB_USER=$(echo $CREDENTIALS | jq -r '.user')
|
|
|
|
echo $CREDENTIALS | jq -e '.username' >/dev/null 2>&1 \
|
|
&& DB_USER=$(echo $CREDENTIALS | jq -r '.username')
|
|
|
|
echo $CREDENTIALS | jq -e '.name' >/dev/null 2>&1 \
|
|
&& DB_NAME=$(echo $CREDENTIALS | jq -r '.name')
|
|
|
|
echo $CREDENTIALS | jq -e '.dbname' >/dev/null 2>&1 \
|
|
&& DB_NAME=$(echo $CREDENTIALS | jq -r '.dbname')
|
|
;;
|
|
user-input )
|
|
;;
|
|
esac
|
|
|
|
__STATUS
|
|
__STATUS "host : $DB_HOST"
|
|
__STATUS "type : $DB_TYPE"
|
|
__STATUS "port : $DB_PORT"
|
|
__STATUS "database : $DB_NAME"
|
|
__STATUS "username : $DB_USER"
|
|
__STATUS
|
|
|
|
__RUN_SCWRYPT 'zsh/db/interactive/postgres' -- \
|
|
--host $DB_HOST \
|
|
--port $DB_PORT \
|
|
--name $DB_NAME \
|
|
--user $DB_USER \
|
|
--pass $DB_AUTH \
|
|
;
|
|
}
|
|
|
|
__SELECT_DATABASE() {
|
|
local DATABASES=$(__GET_AVAILABLE_DATABASES)
|
|
[ ! $DATABASES ] && __FAIL 1 'no databases available'
|
|
|
|
local ID=$(\
|
|
echo $DATABASES | jq -r '.instance + " @ " + .cluster' \
|
|
| __FZF 'select a database (instance@cluster)' \
|
|
)
|
|
[ ! $ID ] && __ABORT
|
|
|
|
local INSTANCE=$(echo $ID | sed 's/ @ .*$//')
|
|
local CLUSTER=$(echo $ID | sed 's/^.* @ //')
|
|
|
|
echo $DATABASES | jq "select (.instance == \"$INSTANCE\" and .cluster == \"$CLUSTER\")"
|
|
}
|
|
|
|
__GET_AVAILABLE_DATABASES() {
|
|
_AWS rds describe-db-instances \
|
|
| jq -r '.[] | .[] | {
|
|
instance: .DBInstanceIdentifier,
|
|
cluster: .DBClusterIdentifier,
|
|
type: .Engine,
|
|
host: .Endpoint.Address,
|
|
port: .Endpoint.Port,
|
|
user: .MasterUsername,
|
|
database: .DBName
|
|
}'
|
|
}
|
|
|
|
__GET_SECRETSMANAGER_CREDENTIALS() {
|
|
local ID=$(\
|
|
_AWS secretsmanager list-secrets \
|
|
| jq -r '.[] | .[] | .Name' \
|
|
| __FZF 'select a secret' \
|
|
)
|
|
[ ! $ID ] && return 1
|
|
|
|
_AWS secretsmanager get-secret-value --secret-id "$ID" \
|
|
| jq -r '.SecretString' | jq
|
|
}
|
|
|
|
#####################################################################
|
|
__CONNECT_TO_RDS
|