I have written a script where I need to input creds with the export command.
I am using read command to get those values in the script.
This is what I need to input when the script asks for input. I want to give entire input at one shot.
export AWS_ACCESS_KEY_ID="XXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXX"
export AWS_SESSION_TOKEN="XXXXXXX"
The portion of the script:
read inputawscreds
$aws cloudformation get-stack-policy --stack-name=$cloudformation_stack --region=$region | $jq '.StackPolicyBody' > $policy_backup_filename
This script takes the exported creds and then use creds to run aws cli.
This script runs in a loop where i need to give set of inputs creds (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) at each times
Related
I have a secret txt and want to pass the Variables in the Jenkins Shell script (Not the Pipeline)
Need help on this
withCredentials([string(credentialsId: 'API_TOKEN_ID', variable: 'TOKEN_VALUE')])
the above works in shell script inside the pipeline, but want to execute this in "Execute Shell" mode in Jenkins.
You may try this : https://plugins.jenkins.io/credentials-binding/
If it’s a token you can put it as an env variables
I have a Mac, on which I have installed and configured zsh to be my default shell. It has worked very well with simple Bash scripts. Until today.
I was trying to set up my AWS CLI access with MFA and used a script to do the same. Since I have multiple accounts, I used an aws_accounts file to store the account numbers with 400 permissions on it. (No real reason why, just felt like it and it works).
I then source this file and get to the part where I need to provide my MFA key, and those work too. The last step, where I export the access key, secret key and session token, works as long as the script is executing, but once done, echoing it shows a blank, because it now no longer has set it in the current shell.
I know the workaround is to do source aws_mfa_access default to run the script, but it doesn't work and I get a bad substitution error. I've tried various combinations of #!/usr/bin/env bash, #!/bin/bash and #!/usr/bin/env zsh, but to no avail. What's going on?
[aws_account_numbers]
default_account_number=<number>
sandbox_account_number=<number>
production_account_number=<number>
[aws_mfa_access]
#!/usr/bin/env bash
source aws_account_numbers
AWS_ENV="${1}"
AWS_ACCT_NBR="${AWS_ENV}"_account_number
#export your aws access key that matches with your account, username
export AWS_PROFILE="${AWS_ENV}"
#If there are existing environment variables set, this can cause issues so we unset them first
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
#Set the serial number of your MFA token
MFA="arn:aws:iam::${!AWS_ACCT_NBR}:mfa/codingincircles"
#Get the code from the MFA device
echo "Please enter the MFA code for the ${AWS_ENV} account: "
read -r code
#Get the credentials from AWS and store the response in a variable
creds="$( aws sts get-session-token --serial-number "${MFA}" --token-code "${code}" )"
#Parse the response into separate variables
AWS_ACCESS_KEY_ID="$( echo "${creds}" | jq -r .Credentials.AccessKeyId )"
AWS_SECRET_ACCESS_KEY="$( echo "${creds}" | jq -r .Credentials.SecretAccessKey )"
AWS_SESSION_TOKEN="$( echo "${creds}" | jq -r .Credentials.SessionToken )"
#Display the keys to the user for reference/confirm proper working
echo "${access_key}"
echo "${secret_key}"
echo "${session_token}"
#Set the appropriate environment variables
export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}"
export AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}"
EDIT: Two things of note:
The parameter substitution is not an issue at all. It works just fine as is, though the other methods suggested in the comments and answer work too. (I used the jq -r tip and it works like a charm! Thank you!)
I removed the source command in my script (on line 3) and then was able to, without any errors of any kind, able to invoke my script as source aws_mfa_access default. The exported variables persisted and I am able to use the CLI with no problems.
So why does this not like me using source in my script? I've also edited the script to reflect some of the changes.
Indirect parameter expansion is different in zsh than it is in bash
MFA="arn:aws:iam::${(P)AWS_ACCT_NBR}:mfa/codingincircles"
However, you can avoid indirect parameter expansion in the first place by using an associative array to store the account numbers.
typeset -A account_numbers
account_numbers[default]=...
account_numbers[sandbox]=...
account_numbers[production]=...
Then
MFA="arn:aws:iam::${account_numbers[$1]}:mfa/codingincircles"
Finally, source is not an external command that means "execute a bash script here". It's a shell built-in that executes a file in the current shell. If the current shell is bash, it will attempt to execute the contents of a file as a bash script; if it's zsh, as a zsh script; if it's dash, as a dash script.
I have a script called configAdmin.sh in remote node. I need to
invoke that script from local node, later it will open below session
and prompts for input.
some input like connect to domain
ConfigAdmin> -->
How can I achieve this through ansible?
To run a remote script that expects commands from standard input, you can use shell and provide the commands before your script with a pipe:
- shell: echo "some command" | myscript
I am using the BUILD STEP "Execute shell script on remote host" and I'm injecting a password to my project:
The jenkins call a script.sh, but the script does not print variable PASS passed by jenkins.
As a step variable issued by Jenkins to my external script?
PASS=${PASSWORD}
echo PASSWORD=$PASS
sh /root/script.sh
You need to export your variable in order to make it available to subshells:
export PASS=${PASSWORD}
If you don't want other programs you invoke in the same script to see your password, consider this safer way:
PASS=${PASSWORD} /root/script.sh
I know how to run shell scripts pretty easily.
I would have my file say:
#!/bin/zsh
python somefile.py
but the file, somefile in this case requires an input. example:
What is the password?
Can you write a script which will enter that password, or have pause while it waits for input?
My goal overall, is to run a tunneling python script to build a connection and watch a port, pull some data through the tunnel, and then close the python script.
Ideally: I want to have this shellscript option somefile.py in an alternate terminal, as i dont know if i can just no-hup until it is no longer needed then kill the process.
First thing is first. Can you have script which will do something like:
#!/bin/zsh
python somefile.py
echo admin12345
or something similar to auto enter info?
Assuming the python script reads from stdin, just do "echo admin12345 | somefile.py".
Usually, however, that's not the case, and scripts that read passwords will want to read from a terminal, not just any stdin.
In that case, look into "expect".
It worked for me with java and python examples:
#!/bin/bash
echo "1234" | python somefile.py
Just give some permissions to your script chmod +x yourscript.sh, and run it ./yourscript.sh.