#!/bin/sh
#
# awsenv : AWS Environment Script
# 
# This script is to output information regarding AWS CLI and various files it uses. This script
# does nothing destructive.
#
# Author: Jonathan Cormier <jonathan@cormier.co>
#
AWS_SECRETS=~/.aws_secrets
AWS_S3_CURL=~/.s3curl
AWS_JSON_CREDENTIALS=~/.aws/credentials.json
AWS_FILES="AWS_SECRETS AWS_S3_CURL AWS_JSON_CREDENTIALS AWS_CONFIG_FILE AWS_CREDENTIAL_FILE EC2_CERT EC2_PRIVATE_KEY"

function aws_vecho {
	VAR=$1

	echo -n "${VAR}: "
	echo ${!VAR}
}

function aws_env {
	aws_vecho AWS_ACCESS_KEY_ID
	aws_vecho AWS_SECRET_ACCESS_KEY
	aws_vecho AWS_CONFIG_FILE
	aws_vecho AWS_CREDENTIAL_FILE	
	aws_vecho EC2_CERT
	aws_vecho EC2_PRIVATE_KEY
}

function aws_stat {
	stat -c "%a" $1 | tr -d '\n'
}

function aws_isperm {
	FILE=$1
	PERM=$2
	CUR_PERM=$(stat -c "%a" $FILE)

	[ $CUR_PERM = $PERM ] && return 1

	return 0
}

function aws_fix {
	FILE=$1

	while true; do
		read -p "Set permissions on $FILE to 600? " ANS
		
		case $ANS in
			[Yy]* ) chmod 600 $FILE;
				aws_isperm $FILE 600;
				if (( $? )); then
					echo "[x] Permissions on $FILE set to 600";
				fi
				break;;
			[Nn]* ) exit;;
		esac
	done
}

echo "[x] Amazon AWS CLI environment"
echo "[x] Checking for AWS CLI secrets and credential files..."

# Check for AWS CLI files and their permissions
for AWS_FILE in $AWS_FILES; do
	FILE=${!AWS_FILE}

	# Skip variables that are empty
	[ -z $FILE ] && continue;

	echo -n "Checking $FILE..."
	if [ -e $FILE ]; then
		echo "found"

		# Check permissions	
		aws_isperm $FILE 600
		if (( ! $? )); then
			echo "[!] Incorrect permissions on $FILE"
			aws_fix $FILE
		fi
	else
		echo "not found"
		echo "[!] $AWS_FILE contains path to file that doesn't exist."
	fi
done

echo 
echo "[x] AWS variables"

# Output environment variables
aws_env