Merge pull request #1 from coinbase/graham/updating-readme-fixing-bug

Updating README, fixing account_id bug
coinbase · Oct 13, 2017 · 9b543e5 · 9b543e5
2 parents 3997673 + 5904265
commit 9b543e5
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -2,12 +2,14 @@
 
 <img src="./assets/assume-role.png" align="right" alt="assume-role logo" />
 
-`assume-role` is a command line tool that makes it easy to assume IAM roles through an **AWS Bastion** account with **MFA**.
+Assume IAM roles through an **AWS Bastion** account with **MFA** via the command line.
 
 **AWS Bastion** accounts store only IAM users providing a central, isolated account to manage their credentials and access. Trusting AWS accounts create IAM roles that the Bastion users can assume, to allow a single user access to multiple accounts resources. Under this setup, `assume-role` makes it easier to follow the standard security practices of MFA and short lived credentials.
 
 ## Installation
 
+`assume-role` requires [`jq`](https://stedolan.github.io/jq/) and [`aws`](https://aws.amazon.com/cli/) CLI tools to be installed.
+
 ### via Homebrew (macOS)
 
 ```bash

diff --git a/assume-role b/assume-role
@@ -57,6 +57,7 @@ assume-role(){
   export AWS_REGION
   export AWS_ACCOUNT_ID
   export AWS_ACCOUNT_NAME
+  export AWS_ACCOUNT_ROLE
   export GEO_ENV
 
   # INPUTS
@@ -92,10 +93,14 @@ assume-role(){
   # set account_id
   if [ -f "$ACCOUNTS_FILE" ]; then
     account_id=$(jq ".[\"$account_name\"]" < "$ACCOUNTS_FILE" | jq "select(. != null)")
-  else
+  fi
+
+  # If cant find the alias then set the input as the account id
+  if [ -z "$account_id" ]; then
     account_id=$account_name
   fi
 
+  # Validate Account ID
   if [[ ! $account_id =~ ^[0-9]{12}$ ]]; then
     echo_out "account_id \"$account_id\" is incorrectly formatted AWS account id"
     return

diff --git a/test/assume-role.bats b/test/assume-role.bats
@@ -47,6 +47,12 @@ setup() {
 }
 
 teardown() {
+  # This will output the if the test fails
+  for i in "${!lines[@]}"
+  do
+     echo "$i: ${lines[$i]}"
+  done
+
   unset -f aws
   unset DEBUG_ASSUME_ROLE
   unset ACCOUNTS_FILE
@@ -55,12 +61,6 @@ teardown() {
 @test "should work" {
   run ./assume-role dev look_around 123456 us-east-1
 
-  # This will output the if the test fails
-  for i in ""${!lines[@]}""
-  do
-     echo "$i: ${lines[$i]}"
-  done
-
   [ "$status" -eq 0 ]
 
   [ "${lines[0]}" = 'echo "Success! IAM session envars are exported.";' ]
@@ -84,11 +84,17 @@ teardown() {
 }
 
 @test "should fail if the account_id is bad" {
-  run ./assume-role bad sudo 123456 us-east-1
+  run ./assume-role bad sudo 123456
   [ "$status" -eq 0 ]
   [ "${lines[0]}" = 'echo "account_id "12345678901212354" is incorrectly formatted AWS account id";' ]
 }
 
+@test "should assign the account_id if provided" {
+  run ./assume-role 111111111111 sudo 123456
+  [ "$status" -eq 0 ]
+  [ "${lines[5]}" = 'export AWS_ACCOUNT_ID="111111111111";' ]
+}
+
 @test "should fail if style is bad" {
   shellcheck ./assume-role
 }