forked from makethunder/awsudo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall
executable file
·218 lines (161 loc) · 5.35 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#!/bin/bash
# This script may help people in installing and configuring awsudo
# and awsrotate in the simplest way. It can also be done manually; see
# README.md.
#
# The install is done into a virtualenv because it's more robust. In
# particular, Mac OS X system Python installs six in such a way that it can't
# be overridden by user packages, and comes with an old version that doesn't
# have the "wraps" method. Using a virtualenv steps around all that.
default_path="$HOME/Documents/awsudo"
read_with_default() {
prompt="$1"
default="$2"
read -p "$prompt [$default] " value || exit
echo "${value:-$default}"
}
confirm() {
prompt="$1"
read -p "$prompt [y] " response || exit
[[ "${response:-y}" = 'y' ]]
}
install_virtualenv() {
if ! hash virtualenv &>/dev/null; then
echo "I'll need to install virtualenv to proceed."
if ! hash pip &>/dev/null; then
echo "But first I'll need to install pip to install virtualenv."
confirm "Shall I install pip?" || exit 1
sudo easy_install pip || exit
fi
confirm "Shall I install virtualenv?" || exit 1
sudo pip install virtualenv || exit
fi
}
# check that a program is installed; create a symlink if not.
check_symlink() {
local prog="$1"
if hash "$prog" &>/dev/null; then
cat <<-EOF
$prog is already installed at $(hash -t "$prog").
Maybe you have a preexisting installation? Things could be confusing.
EOF
confirm "Proceed anyway?" || exit
else
echo "Looks like $prog is not in your \$PATH."
confirm "Should I make a symlink?" || return 0
local bin=$(read_with_default \
"Where?" \
"/usr/local/bin")
if [[ -w "$bin" ]]; then
local ln="ln"
else
local ln="sudo ln"
fi
$ln -s "$path/bin/$prog" "$bin" || exit
if ! hash $prog &>/dev/null; then
cat >&2 <<-EOF
Something is wrong: I can't find $prog even though I just
created a symlink in in $bin. Maybe $bin isn't in your
\$PATH?
EOF
confirm "Proceed anyway?" || exit 1
else
local actual_location=$(hash -t "$prog")
if [[ "$actual_location" != "$bin/$prog" ]]; then
cat >&2 <<-EOF
This is odd: even though I just made a symlink for $prog in
$bin, bash thinks $prog is at $actual_location.
Maybe you need to adjust the order of your \$PATH?
EOF
confirm "Proceed anyway?" || exit 1
fi
fi
fi
}
rotate_key() {
confirm "Do you want to rotate your key now?" || return 0
echo "Running 'awsrotate'. It takes about 10 seconds..."
if ! awsrotate; then
cat >&2 <<-EOF
Looks like it didn't work :(
Things to check:
- the correct credentials are in ~/.aws/credentials
- AWS account permissions allow you to modify your own API access keys
- "awsrotate" and "awsudo" and "aws" are executable and in \$PATH
To try again, later you can just run "awsrotate".
Would you like to proceed? I can still help you set up cron to run
awsrotate automatically, and you can troubleshoot this failure later.
EOF
confirm "Proceed on to configuring cron?" || exit 1
fi
echo "Success!"
echo
}
create_cron_entry() {
if ! crontab -l &>/dev/null; then
cat <<-EOF
I can't run 'crontab -l', so I can't configure cron for you."
For great security, consider configuring something to run 'awsrotate'
periodically (daily, perhaps) so your API key is automatically rotated.
EOF
return 0
fi
cat <<-EOF
I can add an entry to your crontab to automatically rotate your key daily at
noon. Cron works pretty well as long as your machine is usually on at the
scheduled time. There are other tools (anacron, upstart, systemd, launchd)
which might work better, but I don't know how to configure those.
If you want to edit the cron entry later, you can do that by running:
crontab -e
EOF
confirm "Should I add a crontab entry now?" || return 0
(crontab -l; echo "00 12 * * * $path/bin/awsrotate") | crontab - || exit
}
install_in_virtualenv() {
path=$(read_with_default \
"Where would you like awsudo installed?" \
"$HOME/Documents/awsudo")
# expand ~ to the home directory like Bash does
path="${path/#\~/$HOME}"
if [[ -e "$path" ]] && [[ ! -d "$path" ]]; then
echo "$path already exists but is not a directory! Aborting." >&2
exit 1
fi
mkdir -p "$path" || exit
if [[ ! -e "$path/bin/python" ]]; then
echo "Creating a virtualenv at $path"
virtualenv -q "$path" || exit
fi
echo "Updating pip and setuptools to the latest version"
"$path/bin/pip" -q install --upgrade pip setuptools || exit
echo "Installing awsudo and awsrotate"
"$path/bin/pip" -q install --upgrade git+https://github.com/makethunder/awsudo.git || exit
echo
}
configure_aws() {
if [[ ! -e ~/.aws/credentials ]]; then
echo "Looks like the AWS CLI isn't configured."
if confirm "Configure it now?"; then
"$path/bin/aws" configure || exit
fi
fi
}
cat <<-EOF
This interactive script will help you to:
- install awsudo and awsrotate,
- perform a minimal configuration, and
- (optionally) configure cron to automatically rotate your AWS API keys.
It will install in a Python virtualenv, an isolated Python environment. This
helps to make the installation more robust against environmental variations.
If you want to abort installation, press CTRL-C now. Otherwise answer the
questions that follow, or press enter to accept the defaults in square
brackets.
EOF
install_virtualenv
install_in_virtualenv
for prog in awsudo awsrotate; do
check_symlink "$prog"
done
configure_aws
rotate_key
create_cron_entry