bash - 执行 aws mfa 脚本时无法摆脱脚本输出
问题描述
我已强制在 AWS 帐户上使用 MFA,并实施了一个脚本以将 CLA 与 MFA 一起使用,该脚本在 ~/.bashrc 的每个新终端会话中执行,在此处输入图像描述。一切正常,但是当 MFA 未过期时,我得到以下 2 行作为输出:
/Users/maxim.gordeev/.ssh/aws-mfa.sh:64: condition expected: <
[mfa] not expired yet! Please add --profile mfa to aws commands you want to run. Eg: aws s3 ls --profile mfa
第一行似乎让一些用户感到困惑,而第二行完全没问题。只有当它说条件是预期的并且只留下第二行时,我才能摆脱第一条输出线。
以下是完整的脚本:
#!/bin/sh
# Default filename values
MFA_SERIAL_FILE=`echo ${HOME}/.aws/.mfaserial`
Temp_MFA_SERIAL_FILE=`echo ${HOME}/.aws/.mfaserial-temp`
AWS_TOKEN_FILE=`echo ${HOME}/.aws/.awstoken`
AWS_CREDENTIALS_PATH=`echo ${HOME}/.aws/credentials`
DURATION_SECONDS=129600
inputMFASerial() {
MFA_SERIAL_number=`aws iam list-mfa-devices --output text`;
echo "$MFA_SERIAL_number" > "$Temp_MFA_SERIAL_FILE";
echo "`awk '{print $3}' $Temp_MFA_SERIAL_FILE`" >> ${MFA_SERIAL_FILE}
rm -f $Temp_MFA_SERIAL_FILE
echo "your mfaserial has been saved"
}
getTempCredential(){
while true; do
read -p "Please input your 6 digit MFA token: " token
case $token in
[0-9][0-9][0-9][0-9][0-9][0-9] ) MFA_TOKEN=$token; break;;
* ) echo "Please enter a valid 6 digit pin." ;;
esac
done
authenticationOutput=`aws sts get-session-token --serial-number ${MFA_SERIAL} --token-code ${MFA_TOKEN} --duration-seconds ${DURATION_SECONDS} --output text`
if [ ! -z "$authenticationOutput" ]; then
# Save authentication to some file
echo "$authenticationOutput" > "$AWS_TOKEN_FILE";
storeTempCredential
echo '[mfa] profle has been updated! Please add --profile mfa to aws commands you want to run. Eg: aws s3 ls --profile mfa'
fi
}
storeTempCredential() {
perl -0777 -i -pe 's/\n+\[mfa\]\naws_access_key_id = [[:upper:][:digit:]]+\naws_secret_access_key = [[:alnum:]+\/]+\naws_session_token = [[:alnum:]+\/]+\n?//igs' ${AWS_CREDENTIALS_PATH}
echo "
[mfa]
aws_access_key_id = `awk '{print $2}' $AWS_TOKEN_FILE `
aws_secret_access_key = `awk '{print $4}' $AWS_TOKEN_FILE`
aws_session_token = `awk '{print $5}' $AWS_TOKEN_FILE` " >> ${AWS_CREDENTIALS_PATH}
}
if [ ! -e $MFA_SERIAL_FILE ]; then
inputMFASerial
fi
# Retrieve the serial code
MFA_SERIAL=`cat $MFA_SERIAL_FILE`
if [ -e $AWS_TOKEN_FILE ]; then
authenticationOutput=`cat $AWS_TOKEN_FILE`
authExpiration=`awk '{print $3}' $AWS_TOKEN_FILE`
nowTime=`date -u +'%Y-%m-%dT%H:%M:%SZ'`
if [ "$authExpiration" \< "$nowTime" ]; then
echo "Your last token has expired"
getTempCredential
else
echo '[mfa] not expired yet! Please add --profile mfa to aws commands you want to run. Eg: aws s3 ls --profile mfa'
fi
else
getTempCredential
fi
解决方案
推荐阅读
- adobe - 如何将 RGB 更改为 Adobe Illustrator 中特定的 CMYK 颜色?
- javascript - jQuery Datepicker 不适用于追加
- yaml - 从 cloudformation 运行 yaml 时出错
- .net - ToLowerInvariant 错误时的实际示例
- python - 'ItemIterator' 对象没有属性 'to_csv'
- php - 已保存文档中的表格和文本
- java - BufferedReader() 构造函数的参数是抽象类的对象
- laravel - 在 Laravel 中登录多个角色后重定向
- qt - 拖动 RangeSlider 的范围
- c++ - 录制视频时 Gstreamer x264enc 意外丢失