From ef2dc5c21603e6cc27a4d7c549bad93c608c8719 Mon Sep 17 00:00:00 2001 From: Lukas Cech Date: Mon, 13 Jan 2025 14:39:45 +0100 Subject: [PATCH] Implement aws-cli configuration --- home-manager/common.nix | 2 +- home-manager/lcech-mac-veracode.nix | 11 +- home-manager/veracode/aws-cli.nix | 265 ++++++++++++++++++++++++++++ 3 files changed, 275 insertions(+), 3 deletions(-) create mode 100644 home-manager/veracode/aws-cli.nix diff --git a/home-manager/common.nix b/home-manager/common.nix index bb30462..c4352dc 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -41,7 +41,7 @@ in { } ); - initExtra = '' + initExtra = lib.mkBefore '' for file in ${zshSourceCommon}/*.zsh; do source "$file" done diff --git a/home-manager/lcech-mac-veracode.nix b/home-manager/lcech-mac-veracode.nix index b3fe6a7..6ce14c8 100644 --- a/home-manager/lcech-mac-veracode.nix +++ b/home-manager/lcech-mac-veracode.nix @@ -8,8 +8,15 @@ let homedir = "/Users/${username}"; zshSourceDirs = [ ]; + in { + imports = [ + (import ./veracode/aws-cli.nix { + inherit homedir lib; + }) + ]; + home.username = username; home.homeDirectory = homedir; @@ -166,8 +173,8 @@ in autoload -U +X bashcompinit && bashcompinit - source <(kubectl completion zsh) - complete -C '/usr/local/bin/aws_completer' aws + source <(${pkgs.kubectl}/bin/kubectl completion zsh) + complete -C '${pkgs.awscli2}/bin/aws_completer' aws ''; }; diff --git a/home-manager/veracode/aws-cli.nix b/home-manager/veracode/aws-cli.nix new file mode 100644 index 0000000..b0db5e3 --- /dev/null +++ b/home-manager/veracode/aws-cli.nix @@ -0,0 +1,265 @@ +{ + lib, + homedir, + ... +}: +let + accounts = { + eu = { + "905326657474" = { + name = "log-archive"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "864021117189" = { + name = "security"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "296441839393" = { + name = "shared-services"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "714966795542" = { + name = "veracode-eu-devops"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "359955634867" = { + name = "veracode-eu-master"; + role = "ReadOnly"; + }; + "675053010029" = { + name = "veracode-eu-networking"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "377019361040" = { + name = "veracode-eu-platform-nonprod"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "962291324749" = { + name = "veracode-eu-platform-prod"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + "090139405064" = { + name = "veracode-status-eu"; + role = "EngineerAdmin-Veracode-EU-All"; + }; + }; + us = { + "339712784947" = { + name = "aws-corp-it-prod"; + role = "EngineerAdmin"; + }; + "077230771307" = { + name = "aws-syseng"; + role = "EngineerAdmin"; + }; + "854207236867" = { + name = "devops"; + role = "EngineerAdmin"; + }; + "419928441445" = { + name = "hunter2"; + role = "EngineerAdmin"; + }; + "201152413784" = { + name = "hunter2-nonprod"; + role = "EngineerAdmin"; + }; + "234742391591" = { + name = "logging"; + role = "EngineerAdmin"; + }; + "373670440571" = { + name = "mars-archive"; + role = "EngineerAdmin"; + }; + "389203956472" = { + name = "mvsa-dev"; + role = "EngineerAdmin"; + }; + "120705294404" = { + name = "networking"; + role = "EngineerAdmin"; + }; + "540592891828" = { + name = "repo-tools-nonprod"; + role = "EngineerAdmin"; + }; + "199128305162" = { + name = "security"; + role = "EngineerAdmin"; + }; + "205744758777" = { + name = "shared-services"; + role = "EngineerAdmin"; + }; + "502262283075" = { + name = "staticengine-ci"; + role = "EngineerAdmin"; + }; + "593005598611" = { + name = "Veracode Marketplace Sales Account"; + role = "EngineerAdmin"; + }; + "544286724460" = { + name = "veracode-api-security-dev"; + role = "EngineerAdmin"; + }; + "426703640137" = { + name = "veracode-cmk-production"; + role = "EngineerAdmin"; + }; + "227890167531" = { + name = "veracode-cmk-staging"; + role = "EngineerAdmin"; + }; + "833309876439" = { + name = "veracode-datalake-nonprod"; + role = "EngineerAdmin"; + }; + "231215122795" = { + name = "veracode-datalake-prod"; + role = "EngineerAdmin"; + }; + "556105087578" = { + name = "veracode-devops-sandbox"; + role = "EngineerAdmin"; + }; + "419934374614" = { + name = "veracode-dynamic-nonprod"; + role = "EngineerAdmin"; + }; + "743424160468" = { + name = "veracode-dynamic-prod"; + role = "EngineerAdmin"; + }; + "026090546337" = { + name = "veracode-extcmk-c01"; + role = "EngineerAdmin"; + }; + "026090544016" = { + name = "veracode-extcmk-dev"; + role = "EngineerAdmin"; + }; + "527791905507" = { + name = "veracode-gov-production"; + role = "EngineerAdmin"; + }; + "241823169104" = { + name = "veracode-gov-security"; + role = "EngineerAdmin"; + }; + "337544356528" = { + name = "veracode-gov-staging"; + role = "EngineerAdmin"; + }; + "125763904786" = { + name = "veracode-l2-support"; + role = "EngineerAdmin"; + }; + "361598275817" = { + name = "veracode-laputa-sandbox"; + role = "EngineerAdmin"; + }; + "165970187232" = { + name = "veracode-lz-data-dr"; + role = "EngineerAdmin"; + }; + "135394645105" = { + name = "veracode-lz-data-nonprod"; + role = "EngineerAdmin"; + }; + "041513053014" = { + name = "veracode-lz-data-prod"; + role = "EngineerAdmin"; + }; + "341176679750" = { + name = "veracode-lz-futureville"; + role = "EngineerAdmin"; + }; + "011479462201" = { + name = "veracode-lz-master"; + role = "ReadOnly"; + }; + "900979254221" = { + name = "veracode-lz-static-non-prod"; + role = "EngineerAdmin"; + }; + "867871251596" = { + name = "veracode-lz-static-prod"; + role = "EngineerAdmin"; + }; + "621415697837" = { + name = "veracode-pac-lz-nonproduction"; + role = "EngineerAdmin"; + }; + "677563424528" = { + name = "veracode-pac-lz-production"; + role = "EngineerAdmin"; + }; + "055143528572" = { + name = "veracode-platform-nonprod"; + role = "EngineerAdmin"; + }; + "432322876094" = { + name = "veracode-platform-prod"; + role = "EngineerAdmin"; + }; + "772788280252" = { + name = "veracode-sca-nonprod"; + role = "EngineerAdmin"; + }; + "978530908597" = { + name = "veracode-sca-prod"; + role = "EngineerAdmin"; + }; + "129575015961" = { + name = "veracode-sky-github"; + role = "EngineerAdmin"; + }; + "157122231047" = { + name = "veracode-status"; + role = "EngineerAdmin"; + }; + }; + }; +in +{ + home.file."${homedir}/.aws/config" = { + text = '' + [default] + region = us-east-1 + + [sso-session veracode-us] + sso_start_url = https://d-906716ce52.awsapps.com/start/ + sso_region = us-east-1 + sso_registration_scopes = sso:account:access + + [sso-session veracode-eu] + sso_start_url = https://d-996723c1d4.awsapps.com/start + sso_region = eu-central-1 + sso_registration_scopes = sso:account:access + + ${builtins.concatStringsSep "\n" ( + lib.mapAttrsToList (id: account: '' + [profile us-${account.name}] + sso_account_id = ${id} + sso_role_name = ${account.role} + sso_session = veracode-us + region = us-east-1 + output = json + '') accounts.us + )} + + ${builtins.concatStringsSep "\n" ( + lib.mapAttrsToList (id: account: '' + [profile eu-${account.name}] + sso_account_id = ${id} + sso_role_name = ${account.role} + sso_session = veracode-eu + region = eu-central-1 + output = json + '') accounts.eu + )} + ''; + }; +}