C3C/nix-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement okta aws cli

Browse Source
This commit is contained in:
Arnie 2025-08-21 12:33:12 +02:00
parent 22511d0238
commit 7385941c96
No known key found for this signature in database
GPG Key ID: 4BDFA3BCF2999D11
3 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
home-manager/lcech-mac-veracode.nix
View File

@ -1,4 +1,5 @@
{ {
config,
lib, lib,
pkgs, pkgs,
... ...
@ -11,12 +12,16 @@ let
gitUsername = "Lukas Cech"; gitUsername = "Lukas Cech";
gitEmail = "lcech@veracode.com"; gitEmail = "lcech@veracode.com";
in in
{ {
imports = [ imports = [
(import ./veracode/aws-cli.nix { (import ./veracode/aws-cli.nix {
inherit homedir lib pkgs; inherit
config
homedir
lib
pkgs
;
}) })
]; ];

16
home-manager/veracode/.okta_aws_login_config Normal file
View File

@ -0,0 +1,16 @@
[govus-stage]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = False
cred_profile = role
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True

25
home-manager/veracode/aws-cli.nix
View File

@ -1,4 +1,5 @@
{ {
config,
homedir, homedir,
lib, lib,
pkgs, pkgs,
@ -551,24 +552,7 @@ in
}; };
home.file."${homedir}/.okta_aws_login_config" = { home.file."${homedir}/.okta_aws_login_config" = {
text = '' source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
[DEFAULT]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = False
cred_profile = role
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True
'';
}; };
home.packages = [ home.packages = [
@ -576,6 +560,11 @@ enable_keychain = True
]; ];
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
gimme-aws-creds --profile govus-stage
echo "export AWS_REGION=us-gov-west-1"
''}'';
veracode-find = ''${pkgs.writeShellScript "veracode-find" '' veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
echo "=== $profile ===" echo "=== $profile ==="