#!/usr/bin/env bash

# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.


# Get whoami in AWS, who is the user running this shell script
# Get a list of all available AWS Regions
# sice describe-regions doesn't seem to work at me-south-1|eu-south-1|ap-east-1|af-south-1.
# Probably dased on https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
# when invoking regions with -r, those regions with STS disabled make GETCALLER fail then
# this if will filter them out (Africa (Cape Town), Asia Pacific (Hong Kong), Europe (Milan) and Middle East (Bahrain) ):

print_whoami(){
    echo -e "\n This report is being generated using credentials below:\n"
    echo -e " AWS-CLI Profile: ${NOTICE}[${PROFILE}]${NORMAL} AWS API Region: ${NOTICE}[${REGION}]${NORMAL} AWS Filter Region: ${NOTICE}[${FILTERREGION:-all}]${NORMAL}"
    echo -e " AWS Account: ${NOTICE}[${ACCOUNT_NUM}]${NORMAL} UserId: ${NOTICE}[${USER_ID}]${NORMAL}"
    echo -e " Caller Identity ARN: ${NOTICE}[${CALLER_ARN}]${NORMAL}\n"
}

get_caller_identity() {
  case "$REGION" in
    me-south-1|eu-south-1|ap-east-1|af-south-1)
      REGION_FOR_STS="us-east-1"
    ;;
    *)
      REGION_FOR_STS=$REGION
    ;;
  esac

  if ! GETCALLER=$("${AWSCLI}" sts get-caller-identity \
                    ${PROFILE_OPT} \
                  --output text \
                  --region "${REGION_FOR_STS}" \
                  --query '[Arn,UserId,Account]' 2>&1)
  then
    echo -e "$RED ERROR Getting credentials to run Prowler - EXITING! $NORMAL"
    EXITCODE=2
    exit $EXITCODE
  fi
  read -r CALLER_ARN USER_ID ACCOUNT_NUM <<< "${GETCALLER}"

  if [[ $ACCOUNT_TO_ASSUME ]]
  then
    ACCOUNT_NUM=$ACCOUNT_TO_ASSUME
  fi

  # Set AWS partition
  AWS_PARTITION=$(cut -d: -f2 <<< "${CALLER_ARN}")
  export AWS_PARTITION
}
