Merge pull request 'Make FiSH >3.3 compatible + Update AWS SSM remote port forwarding config' (#4) from bugfix/make-fish-3-3-compatible into master

Reviewed-on: #4

fish/theme-t31m/functions/cdk.fish

@@ -1,3 +1,4 @@
-function cdk -d "execute aws cdk" -w cdk
+# Defined in - @ line 1
-  __nvm_run "cdk" $argv
+function cdk --wraps='npx aws-cdk@1.x' --description 'alias cdk=npx aws-cdk@1.x'
+  npx aws-cdk@1.x $argv;
 end

fish/theme-t31m/functions/envAWS.fish

@@ -4,6 +4,7 @@
 set AWS_IAM_USER ""
 
 # TODO setup your aws-mfa credential keys in the credentials file
+# TODO replace "PLACE_YOUR_ROLE_HERE" with the actual role you want to assume.
 
 # AWS Account details
 set DEV_ACCOUNT_ID ""
@@ -11,6 +12,7 @@ set STG_ACCOUNT_ID ""
 set PROD_ACCOUNT_ID ""
 set OPS_ACCOUNT_ID ""
 
+# Update if different regions are used in your setup
 export AWS_REGION=eu-west-1
 export AWS_DEFAULT_REGION=eu-west-1
 
@@ -24,19 +26,19 @@ function envAWS --description 'switch to different aws account environments (-)
 	switch $argv[1]
 	case dev
 		echo "switching to /refreshing dev"
-		aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER
+		aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
 		getAWSenv
 	case stg
 		echo "switching to /refreshing staging"
-		aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER
+		aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
 		getAWSenv
 	case prod
 		echo "switching to /refreshing prod"
-		aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER
+		aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
 		getAWSenv
 	case ops
 		echo "switching to /refreshing ops"
-		aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER
+		aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
 		getAWSenv
 	case '*'
 		echo "Wrong / Invalid Environment provided"
@@ -65,3 +67,12 @@ function getAWSenv --description 'verify and set environment'
 		return 1
 	end
 end
+
+function getSecretAWS --description 'get & decrypt secrets from ssm parameter store via cli command if permissions are granted'
+    if test (count $argv) -lt 1
+        echo "Provide a Path to the Secret"
+        return
+    end
+
+    aws ssm get-parameter --name "$argv[1]" --with-decryption | jq .Parameter.Value -r
+end 

fish/theme-t31m/functions/fish_prompt.fish

@@ -1,9 +1,97 @@
+# Colors
+function orange
+    set_color -o ee5819
+end
+
+function yellow
+    set_color -o b58900
+end
+
+function red
+    set_color -o d30102
+end
+
+function cyan
+    set_color -o 2aa198
+end
+
+function white
+    set_color -o fdf6e3
+end
+
+function dim
+    set_color -o 4f4f4f
+end
+
+function off
+    set_color -o normal
+end
+
+# Git
+function git::is_repo
+	test -d .git; or command git rev-parse --git-dir >/dev/null 2>/dev/null
+end
+
+function git::ahead -a ahead behind diverged none
+	not git::is_repo; and return
+
+	set -l commit_count (command git rev-list --count --left-right "@{upstream}...HEAD" 2>/dev/null)
+
+	switch "$commit_count"
+  case ""
+	  # no upstream
+  case "0"\t"0"
+	  test -n "$none"; and echo "$none"; or echo ""
+  case "*"\t"0"
+	  test -n "$behind"; and echo "$behind"; or echo "-"
+  case "0"\t"*"
+	  test -n "$ahead"; and echo "$ahead"; or echo "+"
+  case "*"
+	  test -n "$diverged"; and echo "$diverged"; or echo "±"
+	end
+end
+
+function git::branch_name
+	git::is_repo; and begin
+		command git symbolic-ref --short HEAD 2>/dev/null;
+		or command git show-ref --head -s --abbrev | head -n1 2>/dev/null
+	end
+end
+
+function git::is_dirty
+	git::is_repo; and not command git diff --no-ext-diff --quiet --exit-code
+end
+
+function git::is_staged
+	git::is_repo; and begin
+		not command git diff --cached --no-ext-diff --quiet --exit-code
+	end
+end
+
+function git::is_stashed
+	git::is_repo; and begin
+		command git rev-parse --verify --quiet refs/stash >/dev/null
+	end
+end
+
+function git::is_touched
+	git::is_repo; and begin
+		test -n (echo (command git status --porcelain))
+	end
+end
+
+function git::untracked
+	git::is_repo; and begin
+		command git ls-files --other --exclude-standard
+	end
+end
+
 function fish_prompt
 	set -l symbol "λ "
 	set -l code $status
-    set t31m_custom_right (t31m_prompt_right)
+    set t31m_custom_left (t31m_prompt_left)
 
-    echo -ns "$t31m_custom_right"
+    echo -ns "$t31m_custom_left"
 
 	if test -n "$ssh_client"
 		set -l host (hostname -s)
@@ -12,7 +100,7 @@ function fish_prompt
 	end
 
 	if git::is_repo
-		set -l branch (git::branch_name ^/dev/null)
+		set -l branch (git::branch_name 2>/dev/null)
 		set -l ref (git show-ref --head --abbrev | awk '{print substr($0,0,7)}' | sed -n 1p)
 
         printf '%s ' \U1F6E0
@@ -26,7 +114,7 @@ function fish_prompt
 			printf (white)"*"(off)
 		end
 
-		if command git symbolic-ref HEAD > /dev/null ^/dev/null
+		if command git symbolic-ref HEAD > /dev/null 2>/dev/null
 			if git::is_staged
 				printf (cyan)"$branch"(off)
 			else
@@ -37,8 +125,8 @@ function fish_prompt
 		end
 
 		for remote in (git remote)
-			set -l behind_count (echo (command git rev-list $branch..$remote/$branch ^/dev/null | wc -l | tr -d " "))
+			set -l behind_count (echo (command git rev-list $branch..$remote/$branch 2>/dev/null | wc -l | tr -d " "))
-			set -l ahead_count (echo (command git rev-list $remote/$branch..$branch ^/dev/null | wc -l | tr -d " "))
+			set -l ahead_count (echo (command git rev-list $remote/$branch..$branch 2>/dev/null | wc -l | tr -d " "))
 
 			if test $ahead_count -ne 0; or test $behind_count -ne 0; and test (git remote | wc -l) -gt 1
 				echo -n -s " "(orange)$remote(off)

fish/theme-t31m/functions/fish_right_prompt.fish

@@ -1,107 +0,0 @@
-# Colors
-function orange
-    set_color -o ee5819
-end
-
-function yellow
-    set_color -o b58900
-end
-
-function red
-    set_color -o d30102
-end
-
-function cyan
-    set_color -o 2aa198
-end
-
-function white
-    set_color -o fdf6e3
-end
-
-function dim
-    set_color -o 4f4f4f
-end
-
-function off
-    set_color -o normal
-end
-
-# Git
-function git::is_repo
-	test -d .git; or command git rev-parse --git-dir >/dev/null ^/dev/null
-end
-
-function git::ahead -a ahead behind diverged none
-	not git::is_repo; and return
-
-	set -l commit_count (command git rev-list --count --left-right "@{upstream}...HEAD" ^/dev/null)
-
-	switch "$commit_count"
-  case ""
-	  # no upstream
-  case "0"\t"0"
-	  test -n "$none"; and echo "$none"; or echo ""
-  case "*"\t"0"
-	  test -n "$behind"; and echo "$behind"; or echo "-"
-  case "0"\t"*"
-	  test -n "$ahead"; and echo "$ahead"; or echo "+"
-  case "*"
-	  test -n "$diverged"; and echo "$diverged"; or echo "±"
-	end
-end
-
-function git::branch_name
-	git::is_repo; and begin
-		command git symbolic-ref --short HEAD ^/dev/null;
-		or command git show-ref --head -s --abbrev | head -n1 ^/dev/null
-	end
-end
-
-function git::is_dirty
-	git::is_repo; and not command git diff --no-ext-diff --quiet --exit-code
-end
-
-function git::is_staged
-	git::is_repo; and begin
-		not command git diff --cached --no-ext-diff --quiet --exit-code
-	end
-end
-
-function git::is_stashed
-	git::is_repo; and begin
-		command git rev-parse --verify --quiet refs/stash >/dev/null
-	end
-end
-
-function git::is_touched
-	git::is_repo; and begin
-		test -n (echo (command git status --porcelain))
-	end
-end
-
-function git::untracked
-	git::is_repo; and begin
-		command git ls-files --other --exclude-standard
-	end
-end
-
-function fish_right_prompt
-
-	if test "$theme_complete_path" = "yes"
-		set cwd (prompt_pwd)
-	else
-		set cwd (basename (prompt_pwd))
-
-		if git::is_repo
-			set root_folder (command git rev-parse --show-toplevel ^/dev/null)
-			set parent_root_folder (dirname $root_folder)
-			set cwd (echo $PWD | sed -e "s|$parent_root_folder/||")
-		end
-	end
-
-	# Because of having a two line promt now we dont need right anymore so we dont print anything here atm
-	#printf (yellow)"("(off)$cwd(yellow)") "(off)
-	#printf (off)(date +%H(yellow):(off)%M(yellow):(off)%S)(off)"\n"
-
-end

fish/theme-t31m/functions/ssm_tunnel.fish

@@ -1,13 +1,58 @@
-function ssm_tunnel --description 'access private AWS ressources via Bastion Host'
+# See: https://aws.amazon.com/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/
+# And: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding
+function ssm_tunnel --description 'Access private AWS ressources via native SSM port forwarding through bastion'
 
     if test (count $argv) -lt 2
         echo "Provide an Host:Port Mapping & an Local Port"
         return
     end
 
+    if [ "$env" != "ops" ]
+        echo "Switch to OPS ENV first"
+        return
+    end
+
     # Get bastion host ID using it's name
     set INSTANCE_ID (aws ec2 describe-instances \
-            --filter 'Name=tag:Name,Values=ops-infrastructure-bastion'\
+            --filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
+            --query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
+            --output text)
+   
+    # AWS Remote host i.e internal.s.twaice / dualstack.internal-stg-s-inter-9ov8h1o4saoa-793915940.eu-west-1.elb.amazonaws.com
+    set REMOTE_HOST (string split -f1 : $argv[1])
+    set REMOTE_PORT (string split -f2 : $argv[1])
+    # Local port to bind for forwarding
+    set LOCAL_PORT $argv[2]
+
+     # Seconds until forwarding session times out (6h max)
+    set TIMEOUT 21600
+
+    # Start tunnel session
+    echo "Starting Tunnel"
+    aws ssm start-session --target $INSTANCE_ID \
+    --document-name "AWS-StartPortForwardingSessionToRemoteHost" \
+    --parameters "host=[$REMOTE_HOST],portNumber=[$REMOTE_PORT],localPortNumber=[$LOCAL_PORT]"
+
+    echo "Tunneling Session Exited."
+end
+
+# This function is for Platform Admin / Infrastructure users only.
+# @TODO: It still utilized the old style of ssm tunneling -> needs c&p of new style as well
+function ssm_tunnel_admin --description 'access private AWS ressources via Bastion Host'
+
+    if test (count $argv) -lt 2
+        echo "Provide an Host:Port Mapping & an Local Port"
+        return
+    end
+
+    if [ "$env" != "ops" ]
+        echo "Switch to OPS ENV first"
+        return
+    end
+
+    # Get bastion host ID using it's name
+    set INSTANCE_ID (aws ec2 describe-instances \
+            --filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
             --query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
             --output text)
     

fish/theme-t31m/functions/t31m_prompt.fish

@@ -22,7 +22,6 @@ function prompt::pyenv
         set venv (echo "$VIRTUAL_ENV" | grep -Eo '[^/]+/?$' | cut -d / -f1)
         echo -n -s (printf '%s' \U1F40D)(yellow)"["(cyan)"$venv"(yellow)"@"(off)"$python_version"(yellow)"]"(off)
     else if test -n "$PYENV_VERSION"; and [ "$PYENV_VERSION" != "$python_version" ]
-        # echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name | sed 's/:.*$//' )(off)"@$python_version"(yellow)"]"(off)
         echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name )(off)"@$python_version"(yellow)"]"(off)
     else if test -n "$python_version"
        echo -n -s (yellow)(printf '%s' \U1F40D)"["(off)$python_version(yellow)"]"(off) 

fish/theme-t31m/functions/t31m_prompt_left.fish

@@ -1,5 +1,5 @@
-# moved original theme right prompt to left as we are working with a new line promt now.
+# moved original theme right prompt to left
-function t31m_prompt_right
+function t31m_prompt_left
 
 	if test "$theme_complete_path" = "yes"
 		set cwd (prompt_pwd)
@@ -7,7 +7,7 @@ function t31m_prompt_right
 		set cwd (basename (prompt_pwd))
 
 		if git::is_repo
-			set root_folder (command git rev-parse --show-toplevel ^/dev/null)
+			set root_folder (command git rev-parse --show-toplevel 2> /dev/null)
 			set parent_root_folder (dirname $root_folder)
 			set cwd (echo $PWD | sed -e "s|$parent_root_folder/||")
 		end

main.sh

@@ -16,7 +16,10 @@ curl -fsSL https://get.docker.com | sh
 #curl -fsSL https://test.docker.com | sh
 
 # install docker-compose
-curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+# v1
+# curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+# v2
+curl -L https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
 
 usermod -aG docker t31m