added script tool for exploring AWS SSO cache

Author: neozenith

.pre-commit-config.yaml

@@ -9,7 +9,6 @@ repos:
     # Run the linter.
     - id: ruff
       types_or: [ python, pyi, jupyter ]
-      args: [ --fix ]
 - repo: https://codeberg.org/frnmst/md-toc
   # Release updates (ATOM) https://codeberg.org/frnmst/md-toc/tags.atom
   rev: 9.0.0 # set a GIT tag

scripts/aws-sso.py

@@ -0,0 +1,64 @@
+# ruff: noqa: E501
+# /// script
+# requires-python = ">=3.11"
+# dependencies = [
+# ]
+# ///
+# https://docs.astral.sh/uv/guides/scripts/#creating-a-python-script
+# https://packaging.python.org/en/latest/specifications/inline-script-metadata/#inline-script-metadata
+# Standard Library
+import configparser
+import hashlib
+import logging
+from pathlib import Path
+
+log = logging.getLogger(__name__)
+
+aws_config = Path("~/.aws/").expanduser()
+aws_sso_cache = aws_config / "sso/cache"
+aws_credentials_file = aws_config / "credentials"
+aws_config_file = aws_config / "config"
+
+credentials = aws_credentials_file.read_text()
+
+
+def main():
+    cache_files = [p.stem for p in list(aws_sso_cache.glob("*.json"))]
+    log.info(cache_files)
+
+    parser = configparser.ConfigParser()
+    parser.read(aws_config_file)
+    for section in parser.sections():
+        log.info(f"Section: {section}")
+        key = None
+        hash = None
+
+        if section.startswith("profile") and parser.has_option(section, "sso_session"):
+            key = parser.get(section, "sso_session")
+
+        elif section.startswith("sso-session") and parser.has_option(section, "sso_start_url"):
+            key = parser.get(section, "sso_start_url")
+
+        if key:
+            hash_object = hashlib.sha1(key.encode())
+            hash = hash_object.hexdigest()
+            log.info(hash)
+            if hash in cache_files:
+                log.info("Cache hit")
+                log.info(f"{key} = {hash}.json")
+                log.info((aws_sso_cache / f"{hash}.json").read_text())
+            else:
+                log.info("Cache miss")
+
+    # TODO: aws sso get-role-credentials --role-name <role-name> --account-id <account-id> --access-token <access-token> --region <region>
+    # aws sso list-accounts --profile <profile> --no-paginate --access-token <access-token> --region <region>
+    # aws sso list-account-roles --profile <profile> --no-paginate --access-token <access-token> --region <region> --account-id <account-id>
+
+
+if __name__ == "__main__":
+    logging.basicConfig(
+        level=logging.INFO,
+        format="%(asctime)s::%(name)s::%(levelname)s::%(module)s:%(lineno)d| %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S",
+    )
+    main()

scripts/injinja.py

@@ -1,4 +1,5 @@
 # ruff: noqa: E501
+# ruff: noqa: I001
 # /// script
 # requires-python = ">=3.11"
 # dependencies = [
@@ -43,11 +44,11 @@
 import logging
 import pathlib
 import sys
+import tomllib
 from typing import Any
 
 # Third Party
 import jinja2
-import tomllib
 import yaml
 
 log = logging.getLogger(__name__)