zwily · February 19, 2013 06:21
diff --git a/aws-creds b/aws-creds
 #!/usr/bin/env ruby

 require 'rubygems'
 require 'highline'

 def ask(question)
  HighLine.new.ask(question)
 end

 def ask_secure(question)
  HighLine.new.ask(question) { |q| q.echo = '*' }
 end

 def list_aws_accounts
  res = []

  current = nil
  `security dump-keychain`.each_line do |line|
    if line =~ /^keychain/
      if current && current[:service] == "aws"
        res << [ current[:name], current[:access_key_id] ]
      end
      current = {}
    elsif line =~ /0x00000007 <blob>="(.*)"/
      current[:name] = $1
    elsif line =~ /"acct"<blob>="(.*)"/
      current[:access_key_id] = $1
    elsif line =~ /"svce"<blob>="(.*)"/
      current[:service] = $1
    end
  end

  res.sort {|a, b| a[0] <=> b[0] }
 end

 def account_with_name(name)
  list_aws_accounts.find {|acct| acct[0] == name }
 end

 def add_aws_account(name, access_key_id, secret_access_key)
  `security add-generic-password -a '#{access_key_id}' -s 'aws' -w '#{secret_access_key}' -l '#{name}' -T ""`
 end

 def rm_aws_account(name, access_key_id)
  `security delete-generic-password -a '#{access_key_id}' -s 'aws'`
 end

 def password_for_account(account)
  `security find-generic-password -a '#{account}' -w`.chomp
 end

 ARGV << 'help' if ARGV.length == 0
 command = ARGV.shift

 case command
 when 'ls'
  list_aws_accounts.each_with_index do |acct, idx|
    puts "  * #{acct[0]}"
  end
  exit 0
 when 'add'
  name =                     ask("      account name: ")
  access_key_id =            ask("     access key id: ")
  secret_access_key = ask_secure(" secret_access_key: ")
  add_aws_account(name, access_key_id, secret_access_key)
  exit 0
 when 'rm'
  if ARGV.length != 1
    puts "Usage: aws-creds rm <name>"
    exit 1
  end
  name = ARGV.shift
  acct = account_with_name(name)
  rm_aws_account(acct[0], acct[1])
  exit 0
 when 'cat'
  if ARGV.length != 1
    puts "Usage: aws-creds cat <name>"
    exit 1
  end

  name = ARGV.shift
  acct = account_with_name(name)
  secret = password_for_account(acct[1])
  puts "access_key_id: #{acct[1]}"
  puts "secret_access_key: #{secret}"
  exit 0
 when 'shell'
  if ARGV.length != 1
    puts "Usage: aws-creds shell <name>"
    exit 1
  end

  if ENV['AWS_CREDS_NAME']
    puts "already in aws-creds shell (AWS_CREDS_NAME env var is set)"
    exit 1
  end

  name = ARGV.shift
  acct = account_with_name(name)

  aws_env = {}
  aws_env['AWS_ACCESS_KEY_ID'] = acct[1]
  aws_env['AWS_SECRET_ACCESS_KEY'] = password_for_account(acct[1])
  aws_env['AWS_CREDS_NAME'] = name
  aws_env['RPROMPT'] = "(aws #{name})" # zsh only

  exec(aws_env, ENV['SHELL'])
 end

 puts "Usage: aws-creds <command> <args>"
 puts "  Commands: ls, cat, rm, add, shell"
	#!/usr/bin/env ruby

	require 'rubygems'
	require 'highline'

	def ask(question)
	HighLine.new.ask(question)
	end

	def ask_secure(question)
	HighLine.new.ask(question) { \|q\| q.echo = '*' }
	end

	def list_aws_accounts
	res = []

	current = nil
	`security dump-keychain`.each_line do \|line\|
	if line =~ /^keychain/
	if current && current[:service] == "aws"
	res << [ current[:name], current[:access_key_id] ]
	end
	current = {}
	elsif line =~ /0x00000007 <blob>="(.*)"/
	current[:name] = $1
	elsif line =~ /"acct"<blob>="(.*)"/
	current[:access_key_id] = $1
	elsif line =~ /"svce"<blob>="(.*)"/
	current[:service] = $1
	end
	end

	res.sort {\|a, b\| a[0] <=> b[0] }
	end

	def account_with_name(name)
	list_aws_accounts.find {\|acct\| acct[0] == name }
	end

	def add_aws_account(name, access_key_id, secret_access_key)
	`security add-generic-password -a '#{access_key_id}' -s 'aws' -w '#{secret_access_key}' -l '#{name}' -T ""`
	end

	def rm_aws_account(name, access_key_id)
	`security delete-generic-password -a '#{access_key_id}' -s 'aws'`
	end

	def password_for_account(account)
	`security find-generic-password -a '#{account}' -w`.chomp
	end

	ARGV << 'help' if ARGV.length == 0
	command = ARGV.shift

	case command
	when 'ls'
	list_aws_accounts.each_with_index do \|acct, idx\|
	puts " * #{acct[0]}"
	end
	exit 0
	when 'add'
	name = ask(" account name: ")
	access_key_id = ask(" access key id: ")
	secret_access_key = ask_secure(" secret_access_key: ")
	add_aws_account(name, access_key_id, secret_access_key)
	exit 0
	when 'rm'
	if ARGV.length != 1
	puts "Usage: aws-creds rm <name>"
	exit 1
	end
	name = ARGV.shift
	acct = account_with_name(name)
	rm_aws_account(acct[0], acct[1])
	exit 0
	when 'cat'
	if ARGV.length != 1
	puts "Usage: aws-creds cat <name>"
	exit 1
	end

	name = ARGV.shift
	acct = account_with_name(name)
	secret = password_for_account(acct[1])
	puts "access_key_id: #{acct[1]}"
	puts "secret_access_key: #{secret}"
	exit 0
	when 'shell'
	if ARGV.length != 1
	puts "Usage: aws-creds shell <name>"
	exit 1
	end

	if ENV['AWS_CREDS_NAME']
	puts "already in aws-creds shell (AWS_CREDS_NAME env var is set)"
	exit 1
	end

	name = ARGV.shift
	acct = account_with_name(name)

	aws_env = {}
	aws_env['AWS_ACCESS_KEY_ID'] = acct[1]
	aws_env['AWS_SECRET_ACCESS_KEY'] = password_for_account(acct[1])
	aws_env['AWS_CREDS_NAME'] = name
	aws_env['RPROMPT'] = "(aws #{name})" # zsh only

	exec(aws_env, ENV['SHELL'])
	end

	puts "Usage: aws-creds <command> <args>"
	puts " Commands: ls, cat, rm, add, shell"