#!/bin/bash
#Author: Michael Barney, Trek10 Intern
#Date: June 2, 2017
#AWSume - a bash script to assume an AWS IAM role from the command-line

#grab the environment variables from the python script
#AWSUME_FLAG - what awsumepy told the shell to do
#AWSUME_1 - secret access key / autoAwsumeProfileName
#AWSUME_2 - security token / fileName
#AWSUME_3 - access key id
#awsume_4 - region
read AWSUME_FLAG AWSUME_1 AWSUME_2 AWSUME_3 AWSUME_4 <<< $(awsumepy "$@")

#if incorrect flag/help
if [ "$AWSUME_FLAG" = "usage:" ]; then
    awsumepy -h
#if version check
elif [ "$AWSUME_FLAG" = "Version" ]; then
    echo "$AWSUME_1"
#set up auto-refreshing role
elif [ "$AWSUME_FLAG" = "Auto" ]; then
    unset AWS_SECRET_ACCESS_KEY
    unset AWS_SESSION_TOKEN
    unset AWS_SECURITY_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_REGION
    unset AWS_DEFAULT_REGION
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE
    #set the profile that will contain the session credentials
    export AWS_PROFILE=$AWSUME_1
    export AWS_DEFAULT_PROFILE=$AWSUME_1
    #run the background autoAwsume process
    autoAwsume & disown

#user sent the kill flag, so do no more
elif [ "$AWSUME_FLAG" = "Kill" ]; then
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE
    return

elif [ "$AWSUME_FLAG" = "Stop" ]; then
    if [ "auto-refresh-$AWSUME_1" == "$AWS_PROFILE" ]; then
        unset AWS_PROFILE
        unset AWS_DEFAULT_PROFILE
    fi
    return

#awsume the profile
elif [ "$AWSUME_FLAG" = "Awsume" ]; then
    unset AWS_SECRET_ACCESS_KEY
    unset AWS_SESSION_TOKEN
    unset AWS_SECURITY_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_REGION
    unset AWS_DEFAULT_REGION
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE

    export AWS_SECRET_ACCESS_KEY=$AWSUME_1
    export AWS_ACCESS_KEY_ID=$AWSUME_3

    if [ ! "$AWSUME_2" = "None" ]; then
        export AWS_SESSION_TOKEN=$AWSUME_2
        export AWS_SECURITY_TOKEN=$AWSUME_2
    fi

    if [ ! "$AWSUME_4" = "None" ]; then
        export AWS_REGION=$AWSUME_4
        export AWS_DEFAULT_REGION=$AWSUME_4
    fi

    #if enabled, show the exact commands to use in order to assume the role we just assumed
    for AWSUME_var in "$@"
    do
        if [[ "$AWSUME_var" == "-s"* ]]; then
            echo export AWS_SECRET_ACCESS_KEY=$AWSUME_1
            echo export AWS_SESSION_TOKEN=$AWSUME_2
            echo export AWS_SECURITY_TOKEN=$AWSUME_2
            echo export AWS_ACCESS_KEY_ID=$AWSUME_3
            if [ ! "$AWSUME_4" = "None" ]; then
                echo export AWS_REGION=$AWSUME_4
                echo export AWS_DEFAULT_REGION=$AWSUME_4
            fi
        fi
    done
fi