src/AWSCredentials.ps1
|
$CredentialsFilePath = Join-Path $env:DEVOPTOOLS_HOME aws_credentials function New-AWSCredential { [CmdletBinding()] param( [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [string]$Username, [switch]$Recreate ) begin { if (-not (Test-Path $CredentialsFilePath)) { Write-Verbose "Creating new AWS credentials file at '$CredentialsFilePath'" New-Item $CredentialsFilePath -Force -ItemType File 1> $null } } process { if ($Recreate) { Write-Verbose "Recreating AWS credentials for user '$Username'" Remove-IAMCredential $Username } else { if (Test-AwsCredential $Username) { Write-Error "User '$Username' already has cached credentials. Pass -Recreate to recreate them" Get-Help New-AWSCredential -Parameter Recreate throw } Write-Verbose "Creating new AWS credentials for user '$Username'" } Write-AWSCredential $Username } } function Read-AWSCredential { [CmdletBinding()] [OutputType([hashtable])] param( [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [string]$Username ) process { if (-not (Test-AWSCredential $Username)) { Write-Error "Crendentials not found for user '$Username'" throw } $accessKey = git config --file $CredentialsFilePath --get "$Username.accessKey" $secretKey = git config --file $CredentialsFilePath --get "$Username.secretKey" return @{ AccessKey = $accessKey SecretKey = $secretKey } } } function Remove-AWSCredential { [CmdletBinding()] param( [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [string]$Username ) process { Write-Verbose "Removing AWS credentials for user '$Username'" Remove-IAMCredential $Username git config --file $CredentialsFilePath --remove-section $Username } } function Write-AWSCredential { param( [Parameter(Mandatory)] [string]$Username ) $credentials = (aws iam create-access-key --user-name $Username --query 'AccessKey.[AccessKeyId, SecretAccessKey]' --output text) -split '\s+' git config --file $CredentialsFilePath "$Username.accessKey" $credentials[0] git config --file $CredentialsFilePath "$Username.secretKey" $credentials[1] } function Test-AWSCredential { [OutputType([bool])] param( [Parameter(Mandatory)] [string]$Username ) return [bool] (git config --get --file $CredentialsFilePath "$Username.accessKey") } function Remove-IAMCredential { param( [Parameter(Mandatory)] [string]$Username ) $accessKeys = (aws iam list-access-keys --user-name $Username --query 'AccessKeyMetadata[].AccessKeyId' --output text) -split '\s+' foreach ($accesKey in $accessKeys) { aws iam delete-access-key --access-key-id $accesKey --user-name $Username } } |