From 9696582b94c32f24844277b169c9418cb231d506 Mon Sep 17 00:00:00 2001 From: Jonathan Segal Date: Wed, 1 Mar 2023 18:25:21 +0200 Subject: [PATCH 1/3] Add support for running with AWS_PROFILE extracting sso temporary creds --- aws-curl | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/aws-curl b/aws-curl index a52a873..9b4afde 100755 --- a/aws-curl +++ b/aws-curl @@ -499,6 +499,17 @@ fi if [ "$EC2_CREDS" = 1 ]; then ec2_import_creds fi +get_cred_value() { + echo "$1" | grep "$2 =" | cut -d ' ' -f 3- +} + +if [ -n "$AWS_PROFILE" ] && [ -z "$AWS_ACCESS_KEY_ID" ]; then + # this can work with AWS SSO based connections + block=$(sed -n '/\['$AWS_PROFILE'/,/^$/p' ~/.aws/credentials) + AWS_ACCESS_KEY_ID=$(get_cred_value "$block" aws_access_key_id) + AWS_SECRET_ACCESS_KEY=$(get_cred_value "$block" aws_secret_access_key) + AWS_SESSION_TOKEN=$(get_cred_value "$block" aws_session_token) +fi # check mandatory environment variables if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then From e4f7650806ebbe676422aed9ff7ea30b8f1801a0 Mon Sep 17 00:00:00 2001 From: Jonathan Segal Date: Wed, 1 Mar 2023 20:02:18 +0200 Subject: [PATCH 2/3] Add support for AWS_PROFILE and add --json and --xml options --- README.md | 11 +++++++---- aws-curl | 11 ++++++++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e2c386d..830c5e9 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Set AWS credentials and region using standard AWS CLI environment variables: - `AWS_SESSION_TOKEN` - temporary token received from STS or from EC2 metadata - `AWS_DEFAULT_REGION` - AWS default region, in case if region is not provided in URL or as command line argument `--region`. - +- `AWS_PROFILE` - AWS_PROFILE, will read the above from ~/.aws/credentials You can read more about AWS CLI environment variables here: @@ -129,8 +129,9 @@ aws-curl --request POST \ NOTE: Region can't be detected from URL, so it should be explicitly provided as argument or as `AWS_DEFAULT_REGION` env variable. -NOTE: This API has xml response format by default, pass -`Accept: application/json` header to change response format. +NOTE: This API has xml response format by default, pass `Accept: +application/json` header or give "--json" argument to change response +format. ### Example 3: S3 @@ -234,13 +235,15 @@ Wrapper recognizes these non-curl arguments: - `--region` - AWS region name, if can't be automatically detected from host or if not explicitly provided in `AWS_DEFAULT_REGION` environment variable - `--ec2-creds` - use attached to EC2 credentials (instance role) +- `--json` - force output in json format +- `--xml` - force output in xml format (default) ### Response format APIs for different services have different default response format. Sometimes it is json, sometimes xml. For most APIs you could enforce json output format by adding header `Accept: application/json` and xml output format by adding header -`Accept: application/xml`. +`Accept: application/xml` or use the --xml or --json arguments to specify this. ## Automatically computed headers diff --git a/aws-curl b/aws-curl index 9b4afde..5358145 100755 --- a/aws-curl +++ b/aws-curl @@ -414,6 +414,14 @@ while [ "$#" != 0 ]; do REQUEST_METHOD="$1" shift ;; + --json ) + shift + OUTPUT_FORMAT="application/json" + ;; + --xml ) + shift + OUTPUT_FORMAT="application/xml" + ;; -H | --header ) shift REQUEST_HEADERS=$(printf "%s\n%s" "$REQUEST_HEADERS" "$1") @@ -509,6 +517,7 @@ if [ -n "$AWS_PROFILE" ] && [ -z "$AWS_ACCESS_KEY_ID" ]; then AWS_ACCESS_KEY_ID=$(get_cred_value "$block" aws_access_key_id) AWS_SECRET_ACCESS_KEY=$(get_cred_value "$block" aws_secret_access_key) AWS_SESSION_TOKEN=$(get_cred_value "$block" aws_session_token) + AWS_DEFAULT_REGION=$(get_cred_value "$block" region) fi # check mandatory environment variables @@ -628,6 +637,6 @@ echo "$CURL_ARGS" \ | xargs -0 curl --request "$REQUEST_METHOD" \ --header "$AUTHORIZATION_HEADER" \ --header "User-Agent:" \ - --header "Accept:" \ + --header "Accept: $OUTPUT_FORMAT" \ --header "Content-Type:" \ --data-binary "$REQUEST_PAYLOAD" From 18b6ae7ceddfcd9272b44e20fdd2ae197a52289f Mon Sep 17 00:00:00 2001 From: Jonathan Segal Date: Wed, 1 Mar 2023 20:10:13 +0200 Subject: [PATCH 3/3] get default output format from AWS_PROFILE if present --- README.md | 4 ++-- aws-curl | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 830c5e9..216ca44 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Set AWS credentials and region using standard AWS CLI environment variables: - `AWS_SESSION_TOKEN` - temporary token received from STS or from EC2 metadata - `AWS_DEFAULT_REGION` - AWS default region, in case if region is not provided in URL or as command line argument `--region`. -- `AWS_PROFILE` - AWS_PROFILE, will read the above from ~/.aws/credentials +- `AWS_PROFILE` - AWS_PROFILE, will read the above and default format from ~/.aws/credentials You can read more about AWS CLI environment variables here: @@ -236,7 +236,7 @@ Wrapper recognizes these non-curl arguments: if not explicitly provided in `AWS_DEFAULT_REGION` environment variable - `--ec2-creds` - use attached to EC2 credentials (instance role) - `--json` - force output in json format -- `--xml` - force output in xml format (default) +- `--xml` - force output in xml format ### Response format diff --git a/aws-curl b/aws-curl index 5358145..9092350 100755 --- a/aws-curl +++ b/aws-curl @@ -518,6 +518,10 @@ if [ -n "$AWS_PROFILE" ] && [ -z "$AWS_ACCESS_KEY_ID" ]; then AWS_SECRET_ACCESS_KEY=$(get_cred_value "$block" aws_secret_access_key) AWS_SESSION_TOKEN=$(get_cred_value "$block" aws_session_token) AWS_DEFAULT_REGION=$(get_cred_value "$block" region) + output=$(get_cred_value "$block" output) + if [ -n "$output" ]; then + OUTPUT_FORMAT=application/$output + fi fi # check mandatory environment variables