Skip to content
This repository was archived by the owner on Nov 8, 2021. It is now read-only.

Added option to remove email domain from usernames #126

Closed
wants to merge 1 commit into from
Closed

Added option to remove email domain from usernames #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,13 @@ This solution will use the following mapping for those special characters when c

So instead of `name@email.com` you will need to use `name.at.email.com` when login via SSH.


Optionally, set `STRIP_EMAILS_FROM_USERNAME=1` in the config file, in which case `user.name@email.com` will become simply `user.name`.

Note that to reverse-engineer the remainder of the username, we look up the IAM users via the cli. This means usernames must be unique, exclusive of the email domain.
E.g. `my.user@email.com` and `my.user@anotherEmail.com` will not be differentiated and will not be able to use this method.


Linux user names may only be up to 32 characters long.

## Configuration
Expand Down
27 changes: 19 additions & 8 deletions authorized_keys_command.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,23 @@ then
export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN
fi

UnsaveUserName="$1"
UnsaveUserName=${UnsaveUserName//".plus."/"+"}
UnsaveUserName=${UnsaveUserName//".equal."/"="}
UnsaveUserName=${UnsaveUserName//".comma."/","}
UnsaveUserName=${UnsaveUserName//".at."/"@"}

aws iam list-ssh-public-keys --user-name "$UnsaveUserName" --query "SSHPublicKeys[?Status == 'Active'].[SSHPublicKeyId]" --output text | while read -r KeyId; do
aws iam get-ssh-public-key --user-name "$UnsaveUserName" --ssh-public-key-id "$KeyId" --encoding SSH --query "SSHPublicKey.SSHPublicKeyBody" --output text
raw_username="$1"
raw_username=${raw_username//".plus."/"+"}
raw_username=${raw_username//".equal."/"="}
raw_username=${raw_username//".comma."/","}

if [ "${STRIP_EMAILS_FROM_USERNAME}" -eq 1 ]; then
iam_username=$(aws iam list-users --query "Users[*].[UserName]" --output text | fgrep "$raw_username@")
Copy link
Contributor

@michaelwittig michaelwittig May 14, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will only get the first page of users. So with many IAM users, not all users will be returned on the first page.


if [ $(echo "${iam_username}" | wc -w) -gt 1 ]; then
echo "Multiple IAM users matched: - exiting!"
echo "${iam_username}"
exit 2
fi
else
iam_username=${raw_username//".at."/"@"}
fi

aws iam list-ssh-public-keys --user-name "${iam_username}" --query "SSHPublicKeys[?Status == 'Active'].[SSHPublicKeyId]" --output text | while read -r KeyId; do
aws iam get-ssh-public-key --user-name "${iam_username}" --ssh-public-key-id "$KeyId" --encoding SSH --query "SSHPublicKey.SSHPublicKeyBody" --output text
done
6 changes: 5 additions & 1 deletion import_users.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,11 @@ function clean_iam_username() {
clean_username=${clean_username//"+"/".plus."}
clean_username=${clean_username//"="/".equal."}
clean_username=${clean_username//","/".comma."}
clean_username=${clean_username//"@"/".at."}
if [ "${STRIP_EMAILS_FROM_USERNAME}" -eq 1 ]; then
clean_username=${clean_username%%@*}
else
clean_username=${clean_username//"@"/".at."}
fi
echo "${clean_username}"
}

Expand Down