-
Notifications
You must be signed in to change notification settings - Fork 25
/
_aws_vault
106 lines (99 loc) · 3.5 KB
/
_aws_vault
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#compdef aws-vault
local context state state_desc line
local curcontext="$curcontext"
_vault_cmds() {
local -a commands
commands=(
'help:Show help'
'add:Adds credentials to the secure keystore'
'list:List profiles, along with their credentials and sessions'
'rotate:Rotates credentials'
'exec:Executes a command with AWS credentials in the environment'
'clear:Clear temporary credentials from the secure keystore'
'remove:Removes credentials from the secure keystore'
'login:Generate a login link for the AWS Console'
)
_describe 'command' commands
}
_vault_profiles() {
local -a profiles
IFS=$'\n'
profiles=($(aws-vault list --profiles))
_describe 'PROFILE' profiles
}
_vault_credentials() {
local -a creds
IFS=$'\n'
creds=($(aws-vault list --credentials))
_describe 'CREDENTIALS' creds
}
_arguments -C \
'1:COMMAND:->cmds' \
'*::ARG:->args'
global_flags=(
'--help[Show context-sensitive help]'
'--version[Show application version]'
'--debug[Show debugging output]'
)
flags=()
case "$state" in
cmds)
_arguments ${global_flags} '1:COMMAND:_vault_cmds'
;;
args)
case $words[1] in
help)
_arguments '1:COMMANDS:_vault_cmds'
;;
add)
flags=(
--env'[Read the credentials from the environment]'
--add-config"[Add a profile to ~/.aws/config if one doesn't exist]"
)
_arguments ${flags[@]} '1:PROFILE:_vault_profiles'
;;
list)
flags=(
--profiles'[Show only the profile names]'
--sessions'[Show only the session names]'
--credentials'[Show only the profiles with stored credential]'
)
_arguments "${flags[@]}"
;;
rotate)
flags=(
--no-session'[Use master credentials, no session or role used]'
)
_arguments ${flags[@]} '1:CREDENTIALS:_vault_credentials'
;;
exec)
flags=(
{-d,--duration}='[Duration of the temporary or assume-role session]'
{-n,--no-session}'[Skip creating STS session with GetSessionToken]'
--region='[The AWS region]'
{-t,--mfa-token}='[The MFA token to use]'
{-j,--json}'[Output credentials in JSON that can be used by credential_process]'
{-s,--server,--ec2-server}'[Run a EC2 metadata server in the background for credentials]'
--ecs-server'[Run a ECS credential server in the background for credentials]'
)
_arguments ${flags[@]} '1:PROFILE:_vault_profiles'
;;
clear)
_arguments '1:CREDENTIALS:_vault_credentials'
;;
remove)
_arguments '1:CREDENTIALS:_vault_credentials'
;;
login)
flags=(
{-d,--duration}='[Duration of the assume-role or federated session]'
{-n,--no-session}'[Skip creating STS session with GetSessionToken]'
{-t,--mfa-token}='[The MFA token to use]'
--path='[The AWS service you would like access]'
{-s,--stdout}'[Print login URL to stdout instead of opening in default browser]'
)
_arguments ${flags[@]} '1:PROFILE:_vault_profiles'
;;
esac
;;
esac