#!/bin/bash
script_name=`basename "$0"`

text_bold=$(tput bold)
text_normal=$(tput sgr0)

showHelp() {
  echo -e "${script_name}

${text_bold}DESCRIPTION${text_normal}
        The aws configure set command can be used to set a single configuration
        Script to issue a STS token using an AWS profile  credential  that  set
        another AWS profile credential with  the  result  configuration  values
        from the config file.

        See '${script_name} help' for descriptions of global parameters.

${text_bold}SYNOPSIS${text_normal}
        ${script_name}
        [--profile-mfa <value>]
        [--profile-set <value>]
        [--duration-seconds <value>]
        [--serial-number <value>]
        [--token-code <mfa-code>]

${text_bold}EXAMPLES${text_normal}
        Issue a STS token using example.mfa profile to set the example profile
            $ ${script_name} --profile-mfa example.mfa --profile-set example --duration-seconds 129600 --serial-number arn:aws:iam::000000000000:mfa/iam_user
            $ ${script_name} --profile-mfa example.mfa --profile-set example --duration-seconds 129600 --serial-number arn:aws:iam::000000000000:mfa/iam_user --token-code 000000

                                                        ${script_name}" | less
}

if (( ${#@} == 0 )); then
	showHelp
	exit 1
fi

while [ "$1" != "" ]; do
  case $1 in
    --profile-mfa )
                            shift
                            profile_mfa=$1
                            ;;
    --profile-set )
                            shift
                            profile_set=$1
                            ;;
    --duration-seconds )
                            shift
                            duration_seconds=$1
                            ;;

    --serial-number )
                            shift
                            serial_number=$1
                            ;;

    --token-code )
                            shift
                            token_code=$1
                            ;;
    help | --help | -h )
                            showHelp
                            exit 0
                            ;;
    * )
                            showHelp
                            exit 1
                            ;;
  esac
  shift
done

if [ -z "${profile_set}" ]; then
    profile_set="default"
fi

if [ -z "${token_code}" ]; then
    echo -n "Enter token code: "
    read -r token_code
    if [ -z "${token_code}" ]; then
        echo "--token-code is required"
        exit 1
    fi
fi

command="aws sts get-session-token --output text --query '*.[AccessKeyId,SecretAccessKey,SessionToken]'"
if [ "${profile_mfa}" ]; then
    command="${command} --profile ${profile_mfa}"
fi
if [ "${duration_seconds}" ]; then
    command="${command} --duration-seconds ${duration_seconds}"
fi
if [ "${serial_number}" ]; then
    command="${command} --serial-number ${serial_number}"
fi
if [ "${token_code}" ]; then
    command="${command} --token-code ${token_code}"
fi

result=$(eval ${command}) || exit 1;
access_key_id=$(printf '%s' "${result}" | awk '{print $1;}')
secret_access_key=$(printf '%s' "${result}" | awk '{print $2;}')
session_token=$(printf '%s' "${result}" | sed 's/[[:blank:]]$//g' | awk '{print $3;}')

aws configure set profile.${profile_set}.aws_access_key_id $access_key_id
aws configure set profile.${profile_set}.aws_secret_access_key $secret_access_key
aws configure set profile.${profile_set}.aws_session_token $session_token

exit 0