removed dry-run; update help.

7139d69e · Xueshan Feng · 581f54c2 · 7139d69e
Commit 7139d69e authored Aug 22, 2018 by Xueshan Feng
--- a/upload_cert_to_aws.sh
+++ b/upload_cert_to_aws.sh
-#!/bin/bash
+#!/bin/bash -e
 # For AWS ELB, the cert chain file needs to be in reverse order - root cert at the top (the 3rd file)
-# Usage: ./upload_cert_to_aws.sh foo.stanford.edu awsprofile
+# Usage: ./upload_cert_to_aws.sh  -p anchorage -s foo.stanford.edu
 #
 # To get arn: aws --profile awsprofile iam get-server-certificate --server-certificate-name=<fqdn>
 #
@@ -14,7 +14,6 @@ function init(){
    domaincert=${body:-'stanford_edu_cert.cer'}
    intermcert=${chain:='stanford_edu_interm.cer'}
    server_name=$server.$domain
-    dryrun=0
 }

 function upload_cert(){
@@ -37,21 +36,19 @@ function upload_cert(){
 }

 help(){
-  echo "upload_cert_to_aws.sh -p <profile> -s <server> [-d <domain>] -c <chain file> -b <body> [-n] [-y]"
+  echo "upload_cert_to_aws.sh -p <profile> -s <server> [-d <domain>] [-c <chain file>] [-b <body>]"
  echo ""
  echo " -p <aws profile>: authenticate as this profile."
  echo " -s <server>: server name. e.g. foo.stanford.edu"
  echo " -d <domain>: default to stanford.edu."
-  echo " -b <cert file>: default to <server>_stanford_edu_cert.cer"
-  echo " -c <chain file>: default to <server>_stanford_edu_interm.cer"
-  echo " -y     : non-interative mode. Answer to yes to all default values."
-  echo " -n     : dryrun. print out the commands"
+  echo " -b <cert file>: default to <server>_stanford_edu_cert.cer in current directory."
+  echo " -c <chain file>: default to <server>_stanford_edu_interm.cer in current directory"
  echo " -h     : Help"
 }

 # Main

-while getopts "b:c:d:p:s:hny" OPTION
+while getopts "b:c:d:p:s:h" OPTION
 do
  case $OPTION in
    b)
@@ -69,12 +66,6 @@ do
    s)
      server=$OPTARG
      ;;
-    n)
-      dryrun=1
-      ;;
-    y)
-      interactive=0
-      ;;
    [h?])
      help
      exit
@@ -91,7 +82,7 @@ else
 fi

 echo "Getting AWS account number ..."
-accountId=$(aws --profile $profile iam get-user | jq '.User.Arn' | grep -Eo '[[:digit:]]{12}')
+accountId=$(aws --profile $profile sts get-caller-identity | jq -r ".Account")
 if [ -z "$accountId" ]; then
  echo "Cannot find AWS account number."
  exit 1
@@ -105,6 +96,4 @@ else
  exit 1
 fi

-[ $dryrun -eq 1 ] && echo "Dryrun mode. Nothing is changed."
-
 exit 0