#!/bin/bash
#AWSume - a bash script shell wrapper to awsumepy, a cli that makes using AWS IAM credentials easy

#AWSUME_FLAG - what awsumepy told the shell to do
#AWSUME_n - the data from awsumepy
read AWSUME_FLAG AWSUME_1 AWSUME_2 AWSUME_3 AWSUME_4 AWSUME_5 AWSUME_6 <<< $(awsumepy "$@")
# remove carraige return
AWSUME_FLAG=$(echo "$AWSUME_FLAG" | tr -d '\r')

#if incorrect flag/help
if [ "$AWSUME_FLAG" = "usage:" ]; then
    awsumepy -h
#if version check
elif [ "$AWSUME_FLAG" = "Version" ]; then
    awsumepy -v
#if -l flag passed
elif [ "$AWSUME_FLAG" = "Listing..." ]; then
    awsumepy -l
#set up auto-refreshing role
elif [ "$AWSUME_FLAG" = "Auto" ]; then
    unset AWS_SECRET_ACCESS_KEY
    unset AWS_SESSION_TOKEN
    unset AWS_SECURITY_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_REGION
    unset AWS_DEFAULT_REGION
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE
    unset AWSUME_PROFILE

    #set the profile that will contain the session credentials
    export AWS_PROFILE=$AWSUME_1
    export AWS_DEFAULT_PROFILE=$AWSUME_1

    if [ ! "$AWSUME_2" = "None" ]; then
        export AWS_REGION=$AWSUME_2
        export AWS_DEFAULT_REGION=$AWSUME_2
    fi

    export AWSUME_PROFILE=$AWSUME_3
    #run the background autoawsume process
    autoawsume & disown

#user sent the kill flag, so do no more
elif [ "$AWSUME_FLAG" = "Kill" ]; then
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE
    unset AWS_SECRET_ACCESS_KEY
    unset AWS_SESSION_TOKEN
    unset AWS_SECURITY_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_REGION
    unset AWS_DEFAULT_REGION
    unset AWSUME_PROFILE
    return

elif [ "$AWSUME_FLAG" = "Stop" ]; then
    if [ "auto-refresh-$AWSUME_1" == "$AWS_PROFILE" ]; then
        unset AWS_PROFILE
        unset AWS_DEFAULT_PROFILE
    fi
    return

#awsume the profile
elif [ "$AWSUME_FLAG" = "Awsume" ]; then
    unset AWS_SECRET_ACCESS_KEY
    unset AWS_SESSION_TOKEN
    unset AWS_SECURITY_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_REGION
    unset AWS_DEFAULT_REGION
    unset AWS_PROFILE
    unset AWS_DEFAULT_PROFILE
    unset AWSUME_PROFILE

    export AWS_ACCESS_KEY_ID=$AWSUME_1
    export AWS_SECRET_ACCESS_KEY=$AWSUME_2

    if [ ! "$AWSUME_3" = "None" ]; then
        export AWS_SESSION_TOKEN=$AWSUME_3
        export AWS_SECURITY_TOKEN=$AWSUME_3
    fi

    if [ ! "$AWSUME_4" = "None" ]; then
        export AWS_REGION=$AWSUME_4
        export AWS_DEFAULT_REGION=$AWSUME_4
    fi

    export AWSUME_PROFILE=$AWSUME_5

    #if enabled, show the exact commands to use in order to assume the role we just assumed
    for AWSUME_var in "$@"
    do
        #show commands
        if [[ "$AWSUME_var" == "-s"* ]]; then
            echo export AWS_ACCESS_KEY_ID=$AWSUME_1
            echo export AWS_SECRET_ACCESS_KEY=$AWSUME_2

            if [ ! "$AWSUME_3" = "None" ]; then
                echo export AWS_SESSION_TOKEN=$AWSUME_3
                echo export AWS_SECURITY_TOKEN=$AWSUME_3
            fi

            if [ ! "$AWSUME_4" = "None" ]; then
                echo export AWS_REGION=$AWSUME_4
                echo export AWS_DEFAULT_REGION=$AWSUME_4
            fi

            echo export AWSUME_PROFILE=$AWSUME_5

        fi
    done
fi
