Added option to remove email domain from usernames - with support for pagination

README.md

@@ -92,6 +92,13 @@ This solution will use the following mapping for those special characters when c
 
 So instead of `[email protected]` you will need to use `name.at.email.com` when login via SSH.
 
+
+Optionally, set `STRIP_EMAILS_FROM_USERNAME=1` in the config file, in which case `[email protected]` will become simply `user.name`.
+
+Note that to reverse-engineer the remainder of the username, we look up the IAM users via the cli. This means usernames must be unique, exclusive of the email domain.
+E.g. `[email protected]` and `[email protected]` will not be differentiated and will not be able to use this method.
+
+
 Linux user names may only be up to 32 characters long.
 
 ## Configuration

authorized_keys_command.sh

@@ -33,12 +33,34 @@ then
   export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN
 fi
 
-UnsaveUserName="$1"
-UnsaveUserName=${UnsaveUserName//".plus."/"+"}
-UnsaveUserName=${UnsaveUserName//".equal."/"="}
-UnsaveUserName=${UnsaveUserName//".comma."/","}
-UnsaveUserName=${UnsaveUserName//".at."/"@"}
-
-aws iam list-ssh-public-keys --user-name "$UnsaveUserName" --query "SSHPublicKeys[?Status == 'Active'].[SSHPublicKeyId]" --output text | while read -r KeyId; do
-  aws iam get-ssh-public-key --user-name "$UnsaveUserName" --ssh-public-key-id "$KeyId" --encoding SSH --query "SSHPublicKey.SSHPublicKeyBody" --output text
-done
+raw_username="$1"
+raw_username=${raw_username//".plus."/"+"}
+raw_username=${raw_username//".equal."/"="}
+raw_username=${raw_username//".comma."/","}
+
+if [ "${STRIP_EMAILS_FROM_USERNAME}" -eq 1 ]; then
+    list_users=$(aws iam list-users --max-items 50 --output text)
+    token=$(echo "$list_users" | grep ^NEXTTOKEN| awk '{print $2}')
+    all_users=$(echo "$list_users" | grep ^USERS | awk '{print $2}' | cut -d"/" -f2)
+
+    while [ -n "$token"  ]; do
+        list_users=$(aws iam list-users --max-items 50 --starting-token $token --output text)
+        token=$(echo "$list_users" | grep ^NEXTTOKEN| awk '{print $2}')
+        new_users=$(echo "$list_users" | grep ^USERS | awk '{print $2}' | cut -d"/" -f2)
+        all_users="${all_users}"$'\n'"${new_users}"
+    done
+
+    iam_username=$(echo "$all_users" | fgrep "$raw_username@")
+
+    if [ $(echo "${iam_username}" | wc -w) -gt 1 ]; then
+        echo "Multiple IAM users matched: - exiting!"
+        echo "${iam_username}"
+        exit 2
+    fi
+else
+    iam_username=${raw_username//".at."/"@"}
+fi
+
+aws iam list-ssh-public-keys --user-name "${iam_username}" --query "SSHPublicKeys[?Status == 'Active'].[SSHPublicKeyId]" --output text | while read -r KeyId; do
+    aws iam get-ssh-public-key --user-name "${iam_username}" --ssh-public-key-id "$KeyId" --encoding SSH --query "SSHPublicKey.SSHPublicKeyBody" --output text
+done

import_users.sh

@@ -220,7 +220,11 @@ function clean_iam_username() {
     clean_username=${clean_username//"+"/".plus."}
     clean_username=${clean_username//"="/".equal."}
     clean_username=${clean_username//","/".comma."}
-    clean_username=${clean_username//"@"/".at."}
+    if [ "${STRIP_EMAILS_FROM_USERNAME}" -eq 1 ]; then
+        clean_username=${clean_username%%@*}
+    else
+        clean_username=${clean_username//"@"/".at."}
+    fi
     echo "${clean_username}"
 }
 
@@ -234,9 +238,6 @@ function sync_accounts() {
     # Check if local marker group exists, if not, create it
     /usr/bin/getent group "${LOCAL_MARKER_GROUP}" >/dev/null 2>&1 || /usr/sbin/groupadd "${LOCAL_MARKER_GROUP}"
 
-    # setup the aws credentials if needed
-    setup_aws_credentials
-
     # declare and set some variables
     local iam_users
     local sudo_users
@@ -249,6 +250,9 @@ function sync_accounts() {
     get_iam_groups_from_tag
     get_sudoers_groups_from_tag
 
+    # setup the aws credentials if needed
+    setup_aws_credentials
+
     iam_users=$(get_clean_iam_users | sort | uniq)
     sudo_users=$(get_clean_sudoers_users | sort | uniq)
     local_users=$(get_local_users | sort | uniq)