#17 - Write aws config file to a temporary directory (#20)

mrchief · Aug 19, 2021 · 2f8a4ff · 2f8a4ff
1 parent 12ba236
commit 2f8a4ff
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -4,19 +4,22 @@ set -u
 set -o pipefail
 
 awsDir="${HOME}/.aws"
-config="${awsDir}/config"
+config="$(mktemp)"
 credentials="${awsDir}/credentials"
 
+# Delete the temporary file when this script finishes running, is interrupted, or exits abnormally
+trap "rm -f $config" 0 2 3 15
+
 mkdir -p "${awsDir}"
-echo -e "[profile default]\noutput = json" >>"$config"
+echo -e "[profile default]\noutput = json" >"$config"
 
 # Attempt to get aws credentials via tokendito
 max_attempts=10
 totp_time=30
 totp_error='Each code can only be used once. Please wait for a new code and try again.'
 for ((attempts = 1; attempts <= $max_attempts; attempts++)); do
     echo "Requesting AWS credentials via Tokendito."
-    t_error=$(tokendito --aws-profile default -ou $INPUT_OKTA_APP_URL -R $INPUT_AWS_ROLE_ARN --username $INPUT_OKTA_USERNAME --password $INPUT_OKTA_PASSWORD --mfa-method ${INPUT_OKTA_MFA_METHOD:=token:software:totp} --mfa-response $(echo $INPUT_OKTA_MFA_SEED | mintotp ${totp_time}) 2>&1 1>/dev/null)
+    t_error=$(tokendito --config-file $config --aws-profile default -ou $INPUT_OKTA_APP_URL -R $INPUT_AWS_ROLE_ARN --username $INPUT_OKTA_USERNAME --password $INPUT_OKTA_PASSWORD --mfa-method ${INPUT_OKTA_MFA_METHOD:=token:software:totp} --mfa-response $(echo $INPUT_OKTA_MFA_SEED | mintotp ${totp_time}) 2>&1 1>/dev/null)
 
     if [[ $? == 0 ]]; then
         echo "Succeeded getting credentials in attempt #${attempts}."