Skip to content
This repository has been archived by the owner on Nov 8, 2021. It is now read-only.

add comments, make expression styles uniform #134

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add comments, make expression styles uniform #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
24d352e
add comments, make expression styles uniform
tamsky Jul 26, 2018
17e23a9
README: fix typos
tamsky Jul 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,12 +102,12 @@ one or more of the following lines:
```
ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info
IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma separated list of IAM groups to import
SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access or `##ALL##` to allow all users
SUDOERS_GROUPS="GROUPNAMES" # Comma separated list of IAM groups that should have sudo access or `##ALL##` to allow all users
IAM_AUTHORIZED_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups to import - IAM_AUTHORIZED_GROUPS_TAG will override IAM_AUTHORIZED_GROUPS, you can use only one of them
SUDOERS_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups that should have sudo access - SUDOERS_GROUPS_TAG will override SUDOERS_GROUPS, you can use only one of them
SUDOERSGROUP="GROUPNAME" # Deprecated! IAM group that should have sudo access. Please use SUDOERS_GROUPS as this variable will be removed in future release.
LOCAL_MARKER_GROUP="iam-synced-users" # Dedicated UNIX group to mark imported users. Used for deleting removed IAM users
LOCAL_GROUPS="GROUPNAMES" # Comma seperated list of UNIX groups to add the users in
LOCAL_GROUPS="GROUPNAMES" # Comma separated list of UNIX groups to add the users in
USERADD_PROGRAM="/usr/sbin/useradd" # The useradd program to use. defaults to `/usr/sbin/useradd`
USERADD_ARGS="--create-home --shell /bin/bash" # Arguments for the useradd program. defaults to `--create-home --shell /bin/bash`
```
Expand Down
22 changes: 12 additions & 10 deletions import_users.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,19 @@ function log() {
}

# check if AWS CLI exists
if ! [ -x "$(which aws)" ]; then
if ! [[ -x "$(which aws)" ]]
then
log "aws executable not found - exiting!"
exit 1
fi

# source configuration if it exists
[ -f /etc/aws-ec2-ssh.conf ] && . /etc/aws-ec2-ssh.conf
[[ -f /etc/aws-ec2-ssh.conf ]] && source /etc/aws-ec2-ssh.conf

# Should we actually do something?
: ${DONOTSYNC:=0}

if [ ${DONOTSYNC} -eq 1 ]
if [[ ${DONOTSYNC} -eq 1 ]]
then
log "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf"
exit 1
Expand Down Expand Up @@ -78,9 +79,9 @@ function setup_aws_credentials() {

# Get list of iam groups from tag
function get_iam_groups_from_tag() {
if [ "${IAM_AUTHORIZED_GROUPS_TAG}" ]
if [[ "${IAM_AUTHORIZED_GROUPS_TAG}" ]]
then
IAM_AUTHORIZED_GROUPS=$(\
IAM_AUTHORIZED_GROUPS=$(
aws --region $REGION ec2 describe-tags \
--filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=$IAM_AUTHORIZED_GROUPS_TAG" \
--query "Tags[0].Value" --output text \
Expand All @@ -91,7 +92,7 @@ function get_iam_groups_from_tag() {
# Get all IAM users (optionally limited by IAM groups)
function get_iam_users() {
local group
if [ -z "${IAM_AUTHORIZED_GROUPS}" ]
if [[ -z "${IAM_AUTHORIZED_GROUPS}" ]]
then
aws iam list-users \
--query "Users[].[UserName]" \
Expand Down Expand Up @@ -126,9 +127,9 @@ function get_local_users() {

# Get list of IAM groups marked with sudo access from tag
function get_sudoers_groups_from_tag() {
if [ "${SUDOERS_GROUPS_TAG}" ]
if [[ "${SUDOERS_GROUPS_TAG}" ]]
then
SUDOERS_GROUPS=$(\
SUDOERS_GROUPS=$(
aws --region $REGION ec2 describe-tags \
--filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=$SUDOERS_GROUPS_TAG" \
--query "Tags[0].Value" --output text \
Expand Down Expand Up @@ -175,7 +176,7 @@ function create_or_update_local_user() {
exit 1
fi

if [ ! -z "${LOCAL_GROUPS}" ]
if [[ ! -z "${LOCAL_GROUPS}" ]]
then
localusergroups="${LOCAL_GROUPS},${LOCAL_MARKER_GROUP}"
fi
Expand All @@ -190,8 +191,9 @@ function create_or_update_local_user() {
# Should we add this user to sudo ?
if [[ ! -z "${SUDOERS_GROUPS}" ]]
then
# sudo will ignore file names that contain a ‘.’, so we remove those here:
SaveUserFileName=$(echo "${username}" | tr "." " ")
SaveUserSudoFilePath="/etc/sudoers.d/$SaveUserFileName"
SaveUserSudoFilePath="/etc/sudoers.d/${SaveUserFileName}"
if [[ "${SUDOERS_GROUPS}" == "##ALL##" ]] || echo "${sudousers}" | grep "^${username}\$" > /dev/null
then
echo "${username} ALL=(ALL) NOPASSWD:ALL" > "${SaveUserSudoFilePath}"
Expand Down