126 lines
5.5 KiB
PowerShell
126 lines
5.5 KiB
PowerShell
|
function Update-AWSAccessKey {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Update the AWS access key and secret in a reasonable fashion
|
||
|
|
||
|
.PARAMETER RoleToReplaceFor
|
||
|
The role you are replacing the key value for. Example: [teamcity-packer] or [Prod]
|
||
|
|
||
|
.PARAMETER Key
|
||
|
The value given by the Access Key ID for AWS when choosing a new IAM Access Key
|
||
|
|
||
|
.PARAMETER Secret
|
||
|
The value given by the secret for AWS when choosing a new IAM Access Key
|
||
|
|
||
|
.PARAMETER ComputerName
|
||
|
Denotes the computers you wish to change the value on
|
||
|
|
||
|
.PARAMETER Force
|
||
|
Will create the value if it does not exist
|
||
|
#>
|
||
|
param (
|
||
|
[Parameter(Mandatory = $true, Position = 0)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[Alias('ProfileName')]
|
||
|
[string]$RoleToReplaceFor,
|
||
|
[Parameter(Mandatory = $true, Position = 1)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[Alias('Key')]
|
||
|
[string]$AccessKeyId,
|
||
|
[Parameter(Mandatory = $true, Position = 2)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[Alias('Secret')]
|
||
|
[string]$AccessKeySecret,
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[Alias('Servers')]
|
||
|
[string[]]$ComputerName = (Get-CachedInstances -ProfileName temp-prod -TeamCity).Hostname,
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[Alias('Create')]
|
||
|
[switch]$Force
|
||
|
)
|
||
|
|
||
|
$logLead = Get-LogLeadName
|
||
|
|
||
|
if (-not $RoleToReplaceFor.StartsWith("[")) {
|
||
|
$RoleToReplaceFor = "[$RoleToReplaceFor"
|
||
|
}
|
||
|
if (-not $RoleToReplaceFor.EndsWith("]")) {
|
||
|
$RoleToReplaceFor = "$RoleToReplaceFor]"
|
||
|
}
|
||
|
|
||
|
Write-Host "$logLead : Replacing key for profile $RoleToReplaceFor with key: $AccessKeyId"
|
||
|
|
||
|
Invoke-Command -ComputerName $ComputerName -ArgumentList ($RoleToReplaceFor , $AccessKeyId, $AccessKeySecret, $Force) -ScriptBlock {
|
||
|
param ($sb_role, $sb_keyId, $sb_keySecret, $sb_force)
|
||
|
$userPaths = @("C:\Users\ci.migrate`$\.aws\credentials", "C:\Users\dev.migrate`$\.aws\credentials", "C:\Users\qa.migrate`$\.aws\credentials", "C:\Users\jumpbox.jenkins\.aws\credentials")
|
||
|
foreach ($path in $userPaths) {
|
||
|
if (-not (Test-Path -Path $path)) {
|
||
|
continue
|
||
|
}
|
||
|
if ((Select-String -Path $path -Pattern $sb_keyId -SimpleMatch) -and (Select-String -Path $path -Pattern $sb_keySecret -SimpleMatch)) {
|
||
|
Write-Host "$env:COMPUTERNAME $path - File already matched"
|
||
|
return
|
||
|
}
|
||
|
if (-not (Select-String -Path $path -Pattern $sb_role -SimpleMatch) -and -not $sb_force) {
|
||
|
Write-Host "$env:COMPUTERNAME $path - File does not contain profile, and force was not supplied"
|
||
|
return
|
||
|
}
|
||
|
Write-Host "Backing up and saving $env:COMPUTERNAME $path"
|
||
|
Copy-Item -Path $path -Destination "$path.bak.$([Math]::Floor((Get-Date -UFormat "%s")))"
|
||
|
try {
|
||
|
$nextLine = $false
|
||
|
$replacedKeyId = $false
|
||
|
$replacedKeySecret = $false
|
||
|
$lines = ((Get-Content -Path $path) | ForEach-Object {
|
||
|
if ($nextLine) {
|
||
|
if ($_.Trim().StartsWith("aws_access_key_id")) {
|
||
|
if ($replacedKeyId -eq $true) {
|
||
|
throw "Attempted to set the key twice. Please confirm the file contents and try again $env:COMPUTERNAME $path"
|
||
|
}
|
||
|
Write-Output "aws_access_key_id = $sb_keyId"
|
||
|
$replacedKeyId = $true
|
||
|
if ($replacedKeySecret) {
|
||
|
$nextLine = $false
|
||
|
}
|
||
|
} elseif ($_.Trim().StartsWith("aws_secret_access_key")) {
|
||
|
if ($replacedKeySecret -eq $true) {
|
||
|
throw "Attempted to set the secret twice. Please confirm the file contents and try again. $env:COMPUTERNAME $path"
|
||
|
}
|
||
|
Write-Output "aws_secret_access_key = $sb_keySecret"
|
||
|
$replacedKeySecret = $true
|
||
|
if ($replacedKeyId) {
|
||
|
$nextLine = $false
|
||
|
}
|
||
|
} else {
|
||
|
Write-Output $_
|
||
|
}
|
||
|
} else {
|
||
|
if ($_ -eq $sb_role) {
|
||
|
$nextLine = $true
|
||
|
}
|
||
|
Write-Output $_
|
||
|
}
|
||
|
})
|
||
|
|
||
|
if (-not $replacedKeyId -and -not $replacedKeySecret) {
|
||
|
Write-Host "$env:COMPUTERNAME $path - Value for $sb_role not found"
|
||
|
if ($sb_force) {
|
||
|
# We didn't find the key, let's add it
|
||
|
Write-Host "$env:COMPUTERNAME $path - Value for $sb_role not found, adding"
|
||
|
$lines += $sb_role
|
||
|
$lines += "aws_access_key_id = $sb_keyId"
|
||
|
$lines += "aws_secret_access_key = $sb_keySecret"
|
||
|
}
|
||
|
} else {
|
||
|
if (($true -eq ($replacedKeyId -or $replacedKeySecret)) -and ($false -eq ($replacedKeyId -and $replacedKeySecret))) {
|
||
|
# only one was set to true, not both
|
||
|
throw "The key was not updated correctly. Please confirm the file contents and try again. $env:COMPUTERNAME $path"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$lines | Set-Content -Path $path
|
||
|
} catch {}
|
||
|
}
|
||
|
}
|
||
|
}
|