Merge pull request #1 from djgoku/feat/allow-reconfigure-how-profile-names-are-created

Feat/allow reconfigure how profile names are created

Author: djgoku

.github/workflows/main.yml

@@ -3,6 +3,8 @@ on:
   push:
     branches:
       - main
+    tags:
+      - '**'
 env:
   DEVBOX_API_TOKEN: ${{ secrets.DEVBOX_API_TOKEN }}
   GH_TOKEN: ${{ secrets.GH_TOKEN }}

README.org

@@ -26,29 +26,37 @@ xattr -dr com.apple.quarantine ~/aws-sso-config-generator
 chmod +x ~/aws-sso-config-generator
 #+end_example
 
+More information here https://apple.stackexchange.com/a/436677
+
 ** Usage
 *Note: if no parameters are passed user will be prompted for ~region~ and ~start_url~.*
 
 Example call of ~aws-sso-config-generator~ where AWS access portal is in ~us-west-2~ with a url of ~https://​<example>.awsapps.com/start/#/~.
 
 #+begin_example
-aws-sso-config-generator --region us-west-2 --start-url https://<example>.awsapps.com/start/#/
+aws-sso-config-generator --region us-west-2 --sso-region us-east-1 --start-url https://<example>.awsapps.com/start/#/
 #+end_example
 
 #+begin_example
-aws-sso-config-generator -r us-west-2 -u https://<example>.awsapps.com/start/#/
+aws-sso-config-generator -r us-west-2 --sso-region us-east-1 -u https://<example>.awsapps.com/start/#/
 #+end_example
 
 ** Parameters
 
-| Option              | Type   | Example                                   | Description                               |
-|---------------------+--------+-------------------------------------------+-------------------------------------------|
-| --region or -r    | string | -r us-west-2                              | Region where AWS access portal is hosted. |
-| --start-url or -u | string | -u https://<example>.awsapps.com/start/#/ | The URL for the AWS access portal         |
-| --help or -h      | N/A    | -h                                        | Help menu                                 |
+| Option              | Type   | Example                                   | Description                                     | Default                     |
+|---------------------+--------+-------------------------------------------+-------------------------------------------------+-----------------------------|
+| --sso-region      | string | --sso-region us-west-2                    | Region where AWS resources are hosted.          |                             |
+| --region or -r    | string | -r us-west-2                              | Region where AWS access portal is hosted.       |                             |
+| --start-url or -u | string | -u https://<example>.awsapps.com/start/#/ | The URL for the AWS access portal               |                             |
+| --help or -h      | N/A    | -h                                        | Help menu                                       |                             |
+| --template or -t  | string | -t ~/.aws/config.template.json            | JSON template file to re-kap accounts and roles | ~/.aws/config.template.json |
+| --out or -o       | string | -o ~/.aws/config.generated                | Output file for generated AWS config file       | ~/.aws/config.generated     |
+
 
-** Example Config (~/.aws/sso.generated)
+** Example Config (~/.aws/config.generated)
 
+~/.aws/config.generated:
+#+name: ~/.aws/config.generated
 #+begin_example
 # config generated via https://github.com/djgoku/aws-sso-config-generator
 #
@@ -57,14 +65,45 @@ aws-sso-config-generator -r us-west-2 -u https://<example>.awsapps.com/start/#/
 # 1. log into aws sso via `aws sso login --profile use-any-profile-name`
 # 2. validate `AWS_PROFILE=use-any-profile-name aws sts get-caller-identity`
 
-# AWS_CONFIG_FILE=~/.aws/config.generated AWS_PROFILE=1111111-RoleName aws sts get-caller-identity
-[profile 1111111-RoleName]
+# AWS_CONFIG_FILE=~/.aws/config.generated AWS_PROFILE=1111111-ReadOnly aws sts get-caller-identity
+[profile 1111111-ReadOnly]
 sso_start_url = https://<example>.awsapps.com/start/#/
 sso_region = us-east-2
 sso_account_id = 1111111
-sso_role_name = RoleName
+sso_role_name = ReadOnly
 region = us-west-2
 output = json
+
+# AWS_CONFIG_FILE=~/.aws/config.generated AWS_PROFILE=1111111-ReadOnly aws sts get-caller-identity
+[profile 1111111-ReadOnly]
+sso_start_url = https://<example>.awsapps.com/start/#/
+sso_region = us-east-2
+sso_account_id = 1111111
+sso_role_name = ReadOnly
+region = us-west-2
+output = json
+#+end_example
+
+** Example JSON Template (~/.aws/config.template.json)
+
+In the =template.json= structure, the values under the =accounts= and =roles= keys are used to replace their respective keys during config generation. For example:
+- ="111111"= in =accounts= will be replaced with ="dev"=
+- ="Admin"= in =roles= will be replaced with =""= (empty string)
+
+~/.aws/config.template:
+#+name: ~/.aws/config.template
+#+begin_example
+{
+  "accounts": {
+    "111111": "dev",
+    "222222": "uat",
+    "333333": "prod"
+  },
+  "roles": {
+    "Admin": "",
+    "ReadOnly": "read"
+  }
+}
 #+end_example
 
 ** Development

devbox.json

@@ -3,7 +3,7 @@
   "packages": {
     "beam.packages.erlang_27.elixir_1_18": "",
     "erlang":                              "latest",
-    "beam27Packages.elixir-ls":            "latest",
+    "beam27Packages.elixir-ls":            "0.26.4",
     "git":                                 "latest",
     "zig":                                 "latest",
     "xz":                                  "latest",
@@ -32,14 +32,22 @@
       "mix local.rebar --force",
     ],
     "scripts": {
+      "escript": [
+        "MIX_ENV=escript mix escript.build"
+      ],
       "do-all": [
         "mix deps.get --only prod",
+        "mix test",
         "mix format --check-formatted",
         "MIX_ENV=prod mix release --overwrite"
       ],
+      "version-info-only": [
+        "MIX_APPLICATION_VERSION=$(elixir -e 'Regex.run(~r/version: \"(.*)\"/, File.read!(\"mix.exs\"), capture: :all_but_first) |> List.first() |> IO.puts()')",
+        "echo \"version '$MIX_APPLICATION_VERSION'\""
+      ],
       "version-info": [
-        "MIX_APPLICATION_VERSION=$(elixir -e 'Regex.run(~r/version: \"(\\d+.\\d+.\\d+)\"/, File.read!(\"mix.exs\"), capture: :all_but_first) |> List.first() |> IO.puts()')",
-        "echo \"version $MIX_APPLICATION_VERSION\"",
+        "MIX_APPLICATION_VERSION=$(elixir -e 'Regex.run(~r/version: \"(.*)\"/, File.read!(\"mix.exs\"), capture: :all_but_first) |> List.first() |> IO.puts()')",
+        "echo \"version '$MIX_APPLICATION_VERSION'\"",
         "cd burrito_out",
         "bash -c 'for file in *_*; do mv \"$file\" \"${file//_/-}\"; done'",
         "shasum -a 256 ./* > aws-sso-config-generator-checksums.txt",

devbox.lock

@@ -111,51 +111,51 @@
         }
       }
     },
-    "beam27Packages.elixir-ls@latest": {
-      "last_modified": "2025-04-05T00:48:53Z",
-      "resolved": "github:NixOS/nixpkgs/250b695f41e0e2f5afbf15c6b12480de1fe0001b#beam27Packages.elixir-ls",
+    "beam27Packages.elixir-ls@0.26.4": {
+      "last_modified": "2025-03-02T11:46:57Z",
+      "resolved": "github:NixOS/nixpkgs/b58e19b11fe72175fd7a9e014a4786a91e99da5f#beam27Packages.elixir-ls",
       "source": "devbox-search",
-      "version": "0.27.2",
+      "version": "0.26.4",
       "systems": {
         "aarch64-darwin": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/nxj7s2z8kfr6hisk94j6407ljh5aw1ck-elixir-ls-0.27.2",
+              "path": "/nix/store/xfgs8bich8hf9j0q3bx1nk0dqahd6j6c-elixir-ls-0.26.4",
               "default": true
             }
           ],
-          "store_path": "/nix/store/nxj7s2z8kfr6hisk94j6407ljh5aw1ck-elixir-ls-0.27.2"
+          "store_path": "/nix/store/xfgs8bich8hf9j0q3bx1nk0dqahd6j6c-elixir-ls-0.26.4"
         },
         "aarch64-linux": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/hcn1y1jbalmy9mknx4vb85mg7gcmv8ix-elixir-ls-0.27.2",
+              "path": "/nix/store/xmk26kzrxwlr8w9mvbdghfh1hqyninnw-elixir-ls-0.26.4",
               "default": true
             }
           ],
-          "store_path": "/nix/store/hcn1y1jbalmy9mknx4vb85mg7gcmv8ix-elixir-ls-0.27.2"
+          "store_path": "/nix/store/xmk26kzrxwlr8w9mvbdghfh1hqyninnw-elixir-ls-0.26.4"
         },
         "x86_64-darwin": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/0gisn7j9pr8d6fqnhcy9ibxxpz93w6ai-elixir-ls-0.27.2",
+              "path": "/nix/store/f05vh1vkd164kmhcg46k99hzhdk6my3i-elixir-ls-0.26.4",
               "default": true
             }
           ],
-          "store_path": "/nix/store/0gisn7j9pr8d6fqnhcy9ibxxpz93w6ai-elixir-ls-0.27.2"
+          "store_path": "/nix/store/f05vh1vkd164kmhcg46k99hzhdk6my3i-elixir-ls-0.26.4"
         },
         "x86_64-linux": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/279x4jxl422ly3q78ycx9m3rkds0kb3i-elixir-ls-0.27.2",
+              "path": "/nix/store/ph1xl3gmy92rlgipyjl7j361cjvcimw4-elixir-ls-0.26.4",
               "default": true
             }
           ],
-          "store_path": "/nix/store/279x4jxl422ly3q78ycx9m3rkds0kb3i-elixir-ls-0.27.2"
+          "store_path": "/nix/store/ph1xl3gmy92rlgipyjl7j361cjvcimw4-elixir-ls-0.26.4"
         }
       }
     },

lib/aws_sso_config_generator.ex

@@ -5,18 +5,28 @@ defmodule AwsSsoConfigGenerator do
   defstruct access_token: nil,
             account_list: [],
             account_roles: [],
+            args: [],
             client: nil,
             client_id: nil,
             client_secret: nil,
             client_name: "aws-sso-config-generator",
             device_code: nil,
             expires_in: nil,
             interval: nil,
+            output_file: nil,
             register_client: nil,
             region: nil,
+            sso_region: nil,
             start_url: nil,
+            template: %{},
+            template_file: nil,
             verification_uri_complete: nil
 
+  def main(_) do
+    # for escript use
+    start("not", "used")
+  end
+
   def start(_, _) do
     args = Util.parse_args(Burrito.Util.Args.argv())
 
@@ -25,23 +35,29 @@ defmodule AwsSsoConfigGenerator do
       System.halt(0)
     end
 
-    aws_region = Util.get_region(args)
-    start_url = Util.get_start_url(args)
-
     config =
-      %AwsSsoConfigGenerator{
-        region: aws_region,
-        start_url: start_url,
-        client: %AWS.Client{region: aws_region}
-      }
+      %AwsSsoConfigGenerator{args: args}
+      |> Util.map_args()
+      |> Util.get_region()
+      |> Util.get_start_url()
       |> Util.sso_oidc_register_client()
       |> Util.sso_oidc_start_device_authorization()
 
     Util.browser_open(config.verification_uri_complete)
 
-    IO.puts(
-      "\nVerification URI (copy and paste into browser if it doesn't open.)\n\n  #{config.verification_uri_complete}\n\n"
-    )
+    output = """
+    aws-sso-config-generator #{Application.spec(:aws_sso_config_generator, :vsn)}
+
+    Tool to generate an AWS config file (~/.aws/config) after authenticating and authorizing AWS SSO IAM Identity Center.
+
+    Source code: https://github.com/djgoku/aws-sso-config-generator
+
+    Verification URI (copy and paste into browser if it doesn't open.)
+
+      #{config.verification_uri_complete}
+    """
+
+    IO.puts(output)
 
     maybe_access_token = Util.request_until(config, config.expires_in)
 
@@ -54,13 +70,15 @@ defmodule AwsSsoConfigGenerator do
       %{config | access_token: maybe_access_token}
       |> Util.sso_list_accounts(nil)
       |> Util.sso_list_account_roles()
-      |> Util.config_sort_account_roles()
+      |> Util.duplicate_keys_with_new_keys()
+      |> Util.maybe_load_template()
+      |> Util.maybe_save_debug_data()
+      |> Util.maybe_rename_accounts_and_roles()
       |> Util.generate_config()
       |> Enum.join("\n")
 
-    file_path = Path.join(System.user_home!(), ".aws/config.generated")
-    File.write(file_path, config_data)
-    IO.puts("wrote generated to #{file_path}")
+    File.write(config.output_file, config_data)
+    IO.puts("wrote generated to #{config.output_file}")
 
     System.halt(0)
   end