@@ -60,6 +60,23 @@ if [[ "$ONEPROFILE" = "false" ]]; then
6060
6161else
6262
63+ # Check OS for some supported platforms
64+ OS=" ` uname` "
65+ case $OS in
66+ ' Linux'
67+ OS=' Linux'
68+ ;;
69+ ' Darwin'
70+ OS=' macOS'
71+ ;;
72+ * )
73+ OS=' unknown'
74+ echo
75+ echo " ** NOTE: THIS SCRIPT HAS NOT BEEN TESTED ON YOUR CURRENT PLATFORM."
76+ echo
77+ ;;
78+ esac
79+
6380 # # PREREQS PASSED; PROCEED..
6481
6582 declare -a cred_profiles
@@ -86,45 +103,57 @@ else
86103
87104 cred_profiles[$cred_profilecounter ]=$profile_ident
88105
89- # get user ARN; this should be always available
106+ # get user ARN; this should be always available if the access_key_id is valid
90107 user_arn=" $( aws sts get-caller-identity --profile " $profile_ident " ' Arn' 2>&1 ) "
91108 if [[ " $user_arn " =~ ^arn:aws ]]; then
92109 cred_profile_arn[$cred_profilecounter ]=$user_arn
110+ elif [[ " $user_arn " =~ InvalidClientTokenId ]]; then
111+ cred_profile_arn[$cred_profilecounter ]=" INVALID"
93112 else
94113 cred_profile_arn[$cred_profilecounter ]=" "
95114 fi
96115
97116 # get the actual username (may be different from the arbitrary profile ident)
98- [[ " $user_arn " =~ ([^/]+)$ ]] &&
99- profile_username=" ${BASH_REMATCH[1]} "
100- if [[ " $profile_username " =~ error ]]; then
101- cred_profile_user[$cred_profilecounter ]=" "
117+ if [[ " ${cred_profile_arn[$cred_profilecounter]} " =~ ^arn:aws ]]; then
118+ [[ " $user_arn " =~ ([^/]+)$ ]] &&
119+ cred_profile_user[$cred_profilecounter ]=" ${BASH_REMATCH[1]} "
120+ elif [ " ${cred_profile_arn[$cred_profilecounter]} " = " INVALID" ; then
121+ cred_profile_user[$cred_profilecounter ]=" CHECK CREDENTIALS!"
102122 else
103- cred_profile_user[$cred_profilecounter ]=" $profile_username "
123+ cred_profile_user[$cred_profilecounter ]=" "
104124 fi
105125
106126 # get access keys & their ages for the profile
107- key_status_array=(` aws iam list-access-keys --profile " $profile_ident " * ].[Status,CreateDate,AccessKeyId] | grep -A2 ctive | awk -F\" ' {print $2}' `
108127 key_status_accumulator=" "
109128
110- s_no=0
111- for s in ${key_status_array[@]} ; do
112- if [[ " $s " == " Active" || " $s " == " Inactive" ; then
113-
114- if [ " $s " == " Active" ; then
115- statusword=" Active"
129+ if [ ${cred_profile_arn[$cred_profilecounter]} != " INVALID" ; then
130+
131+ key_status_array=(` aws iam list-access-keys --profile " $profile_ident " * ].[Status,CreateDate,AccessKeyId] | grep -A2 ctive | awk -F\" ' {print $2}' `
132+
133+ s_no=0
134+ for s in ${key_status_array[@]} ; do
135+ if [[ " $s " == " Active" || " $s " == " Inactive" ; then
136+
137+ if [ " $s " == " Active" ; then
138+ statusword=" Active"
139+ else
140+ statusword=" Inactive"
141+ fi
142+
143+ let " s_no++"
144+ kcd=` echo ${key_status_array[$s_no]} | sed ' s/T/ /' | awk ' {print $1}' `
145+ let keypos=${s_no} +1
146+ if [ " $OS " = " macOS" ; then
147+ key_status_accumulator=" ${statusword} key ${key_status_array[$keypos]} is $(( (`date - jf % Y-% m-% d $TODAY +% s` - `date - jf % Y-% m-% d $kcd +% s`)/ 86400 )) ${key_status_accumulator} "
148+ else
149+ key_status_accumulator=" ${statusword} key ${key_status_array[$keypos]} is $(( (`date - d "$TODAY " "+% s"` - `date - d "$kcd " "+% s"`)/ 86400 )) ${key_status_accumulator} "
150+ fi
116151 else
117- statusword= " Inactive "
152+ let " s_no++ "
118153 fi
154+ done
119155
120- let " s_no++"
121- kcd=` echo ${key_status_array[$s_no]} | sed ' s/T/ /' | awk ' {print $1}' `
122- let keypos=${s_no} +1
123- key_status_accumulator=" ${statusword} key ${key_status_array[$keypos]} is $(( (`date - jf % Y-% m-% d $TODAY +% s` - `date - jf % Y-% m-% d $kcd +% s`)/ 86400 )) ${key_status_accumulator} "
124- else
125- let " s_no++"
126- fi
127- done
156+ fi
128157 cred_profile_keys[$cred_profilecounter ]=$key_status_accumulator
129158
130159# # DEBUG
@@ -150,8 +179,12 @@ else
150179 ITER=1
151180 for i in " ${cred_profiles[@]} "
152181 do
153- echo " ${ITER} : $i (${cred_profile_user[$SELECTR]} )"
154- printf " ${cred_profile_keys[$SELECTR]} "
182+ if [ " ${cred_profile_arn[$SELECTR]} " = " INVALID" ; then
183+ echo " X: $i (${cred_profile_user[$SELECTR]} )"
184+ else
185+ echo " ${ITER} : $i (${cred_profile_user[$SELECTR]} )"
186+ printf " ${cred_profile_keys[$SELECTR]} "
187+ fi
155188 echo
156189 let ITER=${ITER} +1
157190 let SELECTR=${SELECTR} +1
@@ -176,26 +209,38 @@ else
176209 if [[ $actual_selprofile -ge $profilecount ||
177210 $actual_selprofile -lt 0 ]]; then
178211 # a selection outside of the existing range was specified
212+ echo
179213 echo " There is no profile '${selprofile} '."
180214 echo
181215 exit 1
182216 fi
183217
184218 # a base profile was selected
185219 if [[ $selprofile =~ ^[[:digit:]]+$ ]]; then
186- echo " SELECTED PROFILE: ${cred_profiles[$actual_selprofile]} "
187- final_selection=" ${cred_profiles[$actual_selprofile]} "
188- final_selection_name=" ${cred_profile_user[$actual_selprofile]} "
189- echo " SELECTED USER: $final_selection_name "
220+
221+ if [ " ${cred_profile_arn[$actual_selprofile]} " = " INVALID" ; then
222+ echo
223+ echo " PROFILE \" ${cred_profiles[$actual_selprofile]} \" HAS INVALID ACCESS KEYS. Cannot proceed."
224+ echo
225+ exit 1
226+ else
227+ echo
228+ echo " SELECTED PROFILE: ${cred_profiles[$actual_selprofile]} "
229+ final_selection=" ${cred_profiles[$actual_selprofile]} "
230+ final_selection_name=" ${cred_profile_user[$actual_selprofile]} "
231+ echo " SELECTED USER: $final_selection_name "
232+ fi
190233 else
191234 # non-acceptable characters were present in the selection
235+ echo
192236 echo " There is no profile '${selprofile} '."
193237 echo
194238 exit 1
195239 fi
196240
197241 else
198242 # no numeric part in selection
243+ echo
199244 echo " There is no profile '${selprofile} '."
200245 echo
201246 exit 1
0 commit comments