-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdev_setup.sh
More file actions
executable file
·72 lines (60 loc) · 2.47 KB
/
Copy pathdev_setup.sh
File metadata and controls
executable file
·72 lines (60 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env bash
# dev_setup.sh — configure the local environment to send AWS requests through
# the iam-agent-proxy.
#
# Usage (sourceable):
# source dev_setup.sh
# aws sts get-caller-identity
# bash test_resign.sh
#
# Usage (exec a command directly):
# bash dev_setup.sh aws sts get-caller-identity
#
# Prerequisites:
# - ./start_proxy.sh running in a separate terminal
# - creds.sock present at PROXY_SOCK_PATH (default: /tmp/proxy/creds.sock)
# (use /tmp/proxy/creds.sock locally; /run/proxy/creds.sock requires root on macOS)
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROXY="http://localhost:8080"
PROXY_CREDS="${SCRIPT_DIR}/proxy-creds"
SOCK_PATH="${PROXY_SOCK_PATH:-/tmp/proxy/creds.sock}"
# ── sanity checks ─────────────────────────────────────────────────────────────
if ! python3 -c "
import socket, sys
s = socket.socket()
s.settimeout(2)
try:
s.connect(('localhost', 8080))
s.close()
except OSError:
sys.exit(1)
" 2>/dev/null; then
echo "ERROR: Nothing is listening on ${PROXY}." >&2
echo " Start the proxy first: PROXY_SOCK_PATH=${SOCK_PATH} bash start_proxy.sh" >&2
exit 1
fi
if [[ ! -S "${SOCK_PATH}" ]]; then
echo "ERROR: creds.sock not found at ${SOCK_PATH}" >&2
echo " The proxy creates it on startup. Is start_proxy.sh running?" >&2
exit 1
fi
# ── fetch proxy-issued keypair ────────────────────────────────────────────────
CREDS_JSON=$(PROXY_SOCK_PATH="${SOCK_PATH}" "${PROXY_CREDS}")
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID=$(echo "${CREDS_JSON}" | python3 -c "import sys,json; print(json.load(sys.stdin)['AccessKeyId'])")
AWS_SECRET_ACCESS_KEY=$(echo "${CREDS_JSON}" | python3 -c "import sys,json; print(json.load(sys.stdin)['SecretAccessKey'])")
unset AWS_SESSION_TOKEN 2>/dev/null || true
unset AWS_PROFILE 2>/dev/null || true
export HTTPS_PROXY="${PROXY}"
export HTTP_PROXY="${PROXY}"
echo "Proxy environment set:" >&2
echo " AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" >&2
echo " HTTPS_PROXY=${HTTPS_PROXY}" >&2
echo " (ca_bundle written to ~/.aws/config by the proxy on startup)" >&2
echo >&2
# ── exec a command if one was provided, otherwise return (for sourcing) ───────
if [[ $# -gt 0 ]]; then
exec "$@"
fi