#!/bin/sh

check_empty () {
  # $1 is variable name
  
  # Write status
  echo "checking variable ${1} ..."
  
  # check if variable is empty - unset or ''
  if [ -z "$(eval echo \$"$1")" ]; then
    echo "${1} is empty!"
    exit 1
  fi
}

# perform validation
check_empty ASSUME_ROLE_ARN
check_empty AWS_ACCESS_KEY_ID
check_empty AWS_SECRET_ACCESS_KEY

# create temporary directory for aws config & credentials
mkdir -p "$(pwd)/.aws"
# configure aws cli behaviour
AWS_CONFIG_FILE="$(pwd)/.aws/config"
AWS_SHARED_CREDENTIALS_FILE="$(pwd)/.aws/credentials"

cat <<EOT > "${AWS_CONFIG_FILE}"
[profile main]
region = eu-central-1
output = json

[profile default]
role_arn = ${ASSUME_ROLE_ARN}
source_profile = main
EOT

cat <<EOT > "${AWS_SHARED_CREDENTIALS_FILE}"
[main]
aws_access_key_id = ${AWS_ACCESS_KEY_ID}
aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY}
aws_session_token = ${AWS_SESSION_TOKEN}
EOT

# unset AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY,
# otherwise AWS_DEFAULT_PROFILE won't work
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN

# export AWS environment variables
export AWS_CONFIG_FILE
export AWS_SHARED_CREDENTIALS_FILE