#!/bin/bash

set -Eeuo pipefail
trap cleanup SIGINT SIGTERM ERR EXIT

usage() {
  cat <<EOF
Usage: awshttp [-h] [-v] [--url] [--service]

Makes an HTTP request with AWS sigv4 authorization

Available options:

-h, --help       Print this help and exit
-v, --verbose    Print script debug info
--url            Request URL
--service        AWS service to use for sigv4 authorization
EOF
  exit
}

cleanup() {
  trap - SIGINT SIGTERM ERR EXIT

  # script cleanup here
}

setup_colors() {
  if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then
    NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m'
  else
    NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW=''
  fi
}

msg() {
  echo >&2 -e "${1-}"
}

die() {
  local msg=$1
  local code=${2-1} # default exit status 1
  msg "$msg"
  exit "$code"
}

parse_params() {
  # default values of variables set from params
  url=''
  aws_service=''
  method='GET'

  while :; do
    case "${1-}" in
    -h | --help) usage ;;
    -v | --verbose) set -x ;;
    --no-color) NO_COLOR=1 ;;
    --service)
      aws_service="${2-}"
      shift
      ;;
    --url)
      url="${2-}"
      shift
      ;;
    -X)
      method="${2-}"
      shift
      ;;
    -?*) die "Unknown option: $1" ;;
    *) break ;;
    esac
    shift
  done

  args=("$@")

  if [ -z "$url" ]; then
    echo "Error: Must provide URL with --url"
    return 1
  fi

  if [ -z "$aws_service" ]; then
    echo "Error: Must provide AWS service with --service"
    return 1
  fi
 
  return 0
}

parse_params "$@"
setup_colors

AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-""}

if [ -z "$AWS_ACCESS_KEY_ID" ]; then
  role_name=$( curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ )
  security_credentials=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${role_name})

  AWS_ACCESS_KEY_ID=$(echo $security_credentials | jq -r '.AccessKeyId')
  AWS_SECRET_ACCESS_KEY=$(echo $security_credentials | jq -r '.SecretAccessKey')
  AWS_SESSION_TOKEN=$(echo $security_credentials | jq -r '.Token')
fi

curl \
  -X "${method}" \
  --aws-sigv4 "aws:amz:${AWS_REGION}:${aws_service}" \
  --user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" \
  -H "x-amz-security-token:$AWS_SESSION_TOKEN" $url