Update local agent wrapper script with AWS config/creds flag

AWSstangers · AWSstangers · commit 74d0b9f037e1 · 2018-06-22T15:07:21.000-07:00
diff --git a/local_builds/codebuild_build.sh b/local_builds/codebuild_build.sh
@@ -1,12 +1,20 @@
 #!/bin/sh
 
+function allOSRealPath() {
+    case $1 in
+        /* ) echo "$1"; exit;;
+        *  ) echo "$PWD/${1#./}"; exit;;
+    esac
+}
+
 function usage {
     echo "usage: codebuild_build.sh [-i image_name] [-a artifact_output_directory] [options]"
     echo "Required:"
     echo "  -i        Used to specify the customer build container image."
     echo "  -a        Used to specify an artifact output directory."
     echo "Options:"
     echo "  -s        Used to specify a source directory. Defaults to the current working directory."
+    echo "  -c        Use the AWS configuration and credentials from your local host. This includes ~/.aws and any AWS_* environment variables."
     echo "  -b        Used to specify a buildspec override file. Defaults to buildspec.yml in the source directory."
     echo "  -e        Used to specify a file containing environment variables."
     echo "            Environment variable file format:"
@@ -20,12 +28,14 @@ function usage {
 
 image_flag=false
 artifact_flag=false
+awsconfig_flag=false
 
-while getopts "i:a:s:b:e:h" opt; do
+while getopts "ci:a:s:b:e:h" opt; do
     case $opt in
         i  ) image_flag=true; image_name=$OPTARG;;
         a  ) artifact_flag=true; artifact_dir=$OPTARG;;
         b  ) buildspec=$OPTARG;;
+        c  ) awsconfig_flag=true;;
         s  ) source_dir=$OPTARG;;
         e  ) environment_variable_file=$OPTARG;;
         h  ) usage; exit;;
@@ -50,34 +60,52 @@ then
     exit 1
 fi
 
-
 if [ -z "$source_dir" ]
 then
     source_dir="$(pwd)"
 else
-    source_dir=$(realpath $source_dir)
+    source_dir=$(allOSRealPath $source_dir)
 fi
 
 docker_command="docker run -it -v /var/run/docker.sock:/var/run/docker.sock -e \
     \"IMAGE_NAME=$image_name\" -e \
-    \"ARTIFACTS=$(realpath $artifact_dir)\" -e \
+    \"ARTIFACTS=$(allOSRealPath $artifact_dir)\" -e \
     \"SOURCE=$source_dir\""
 
 if [ -n "$buildspec" ]
 then
-    docker_command+=" -e \"BUILDSPEC=$buildspec\""
+    docker_command+=" -e \"BUILDSPEC=$(allOSRealPath $buildspec)\""
 fi
 
 if [ -n "$environment_variable_file" ]
 then
-    docker_command+=" -v $(dirname $(realpath $environment_variable_file)):/LocalBuild/envFile/ -e \"ENV_VAR_FILE=$(basename $environment_variable_file)\""
+    docker_command+=" -v $(dirname $(allOSRealPath $environment_variable_file)):/LocalBuild/envFile/ -e \"ENV_VAR_FILE=$(basename $environment_variable_file)\""
+fi
+
+if  $awsconfig_flag
+then
+    if [ -d "$HOME/.aws" ]
+    then
+        docker_command+=" -e \"AWS_CONFIGURATION=$HOME/.aws\""
+    else
+        docker_command+=" -e \"AWS_CONFIGURATION=NONE\""
+    fi
+    docker_command+="$(env | grep ^AWS_ | while read -r line; do echo " -e \"$line\""; done )"
 fi
 
 docker_command+=" amazon/aws-codebuild-local:latest"
 
+# Note we do not expose the AWS_SECRET_ACCESS_KEY or the AWS_SESSION_TOKEN
+exposed_command=$docker_command
+secure_variables=( "AWS_SECRET_ACCESS_KEY=" "AWS_SESSION_TOKEN=")
+for variable in "${secure_variables[@]}"
+do
+    exposed_command="$(echo $exposed_command | sed "s/\($variable\)[^ ]*/\1********\"/")"
+done
+
 echo "Build Command:"
 echo ""
-echo $docker_command
+echo $exposed_command
 echo ""
 
 eval $docker_command
