From 7385941c96ed833d5a2d77272bd3fe265b84e40d Mon Sep 17 00:00:00 2001 From: arnie Date: Thu, 21 Aug 2025 12:33:12 +0200 Subject: [PATCH] Implement okta aws cli --- home-manager/lcech-mac-veracode.nix | 9 +++++-- home-manager/veracode/.okta_aws_login_config | 16 +++++++++++++ home-manager/veracode/aws-cli.nix | 25 ++++++-------------- 3 files changed, 30 insertions(+), 20 deletions(-) create mode 100644 home-manager/veracode/.okta_aws_login_config diff --git a/home-manager/lcech-mac-veracode.nix b/home-manager/lcech-mac-veracode.nix index dd53e86..c978308 100644 --- a/home-manager/lcech-mac-veracode.nix +++ b/home-manager/lcech-mac-veracode.nix @@ -1,4 +1,5 @@ { + config, lib, pkgs, ... @@ -11,12 +12,16 @@ let gitUsername = "Lukas Cech"; gitEmail = "lcech@veracode.com"; - in { imports = [ (import ./veracode/aws-cli.nix { - inherit homedir lib pkgs; + inherit + config + homedir + lib + pkgs + ; }) ]; diff --git a/home-manager/veracode/.okta_aws_login_config b/home-manager/veracode/.okta_aws_login_config new file mode 100644 index 0000000..0d3bcdd --- /dev/null +++ b/home-manager/veracode/.okta_aws_login_config @@ -0,0 +1,16 @@ +[govus-stage] +okta_org_url = https://govus-staging-veracode.okta.com +gimme_creds_server = appurl +aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer +write_aws_creds = False +cred_profile = role +okta_username = lcech@veracode.com +app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272 +resolve_aws_alias = False +include_path = True +preferred_mfa_type = push +remember_device = True +aws_default_duration = 3600 +output_format = export +force_classic = True +enable_keychain = True diff --git a/home-manager/veracode/aws-cli.nix b/home-manager/veracode/aws-cli.nix index e399770..85ad4c1 100644 --- a/home-manager/veracode/aws-cli.nix +++ b/home-manager/veracode/aws-cli.nix @@ -1,4 +1,5 @@ { + config, homedir, lib, pkgs, @@ -551,24 +552,7 @@ in }; home.file."${homedir}/.okta_aws_login_config" = { - text = '' -[DEFAULT] -okta_org_url = https://govus-staging-veracode.okta.com -gimme_creds_server = appurl -aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer -write_aws_creds = False -cred_profile = role -okta_username = lcech@veracode.com -app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272 -resolve_aws_alias = False -include_path = True -preferred_mfa_type = push -remember_device = True -aws_default_duration = 3600 -output_format = export -force_classic = True -enable_keychain = True - ''; + source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config"; }; home.packages = [ @@ -576,6 +560,11 @@ enable_keychain = True ]; programs.zsh.shellAliases = { + export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" '' + gimme-aws-creds --profile govus-stage + echo "export AWS_REGION=us-gov-west-1" + ''}''; + veracode-find = ''${pkgs.writeShellScript "veracode-find" '' for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do echo "=== $profile ==="