Implement okta aws cli

2025-08-21 12:33:12 +02:00 · 2025-08-21 12:33:12 +02:00 · 7385941c96
commit 7385941c96
parent 22511d0238
3 changed files with 30 additions and 20 deletions
--- a/home-manager/lcech-mac-veracode.nix
+++ b/home-manager/lcech-mac-veracode.nix
@ -1,4 +1,5 @@
 {
+  config,
  lib,
  pkgs,
  ...
@ -11,12 +12,16 @@ let

  gitUsername = "Lukas Cech";
  gitEmail = "lcech@veracode.com";
-
 in
 {
  imports = [
    (import ./veracode/aws-cli.nix {
-      inherit homedir lib pkgs;
+      inherit
+        config
+        homedir
+        lib
+        pkgs
+        ;
    })
  ];

--- a/home-manager/veracode/.okta_aws_login_config
+++ b/home-manager/veracode/.okta_aws_login_config
@ -0,0 +1,16 @@
+[govus-stage]
+okta_org_url = https://govus-staging-veracode.okta.com
+gimme_creds_server = appurl
+aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
+write_aws_creds = False
+cred_profile = role
+okta_username = lcech@veracode.com
+app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
+resolve_aws_alias = False
+include_path = True
+preferred_mfa_type = push
+remember_device = True
+aws_default_duration = 3600
+output_format = export
+force_classic = True
+enable_keychain = True
--- a/home-manager/veracode/aws-cli.nix
+++ b/home-manager/veracode/aws-cli.nix
@ -1,4 +1,5 @@
 {
+  config,
  homedir,
  lib,
  pkgs,
@ -551,24 +552,7 @@ in
  };

  home.file."${homedir}/.okta_aws_login_config" = {
-    text = ''
-[DEFAULT]
-okta_org_url = https://govus-staging-veracode.okta.com
-gimme_creds_server = appurl
-aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
-write_aws_creds = False
-cred_profile = role
-okta_username = lcech@veracode.com
-app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
-resolve_aws_alias = False
-include_path = True
-preferred_mfa_type = push
-remember_device = True
-aws_default_duration = 3600
-output_format = export
-force_classic = True
-enable_keychain = True
-    '';
+    source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
  };

  home.packages = [
@ -576,6 +560,11 @@ enable_keychain = True
  ];

  programs.zsh.shellAliases = {
+    export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
+      gimme-aws-creds --profile govus-stage
+      echo "export AWS_REGION=us-gov-west-1"
+    ''}'';
+
    veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
      for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
        echo "=== $profile ==="