aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of https://github.com/aws-actions/configure-aws-credentials.git synced 2026-03-12 18:07:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add option to provide external ID (#32)

Browse Source 
Fixes #28
This commit is contained in:
Clare Liguori
2020-03-02 18:11:27 -08:00
committed by GitHub
parent 4d0082acf8
commit 1c435bbd5e
4 changed files with 62 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
index.js
View File

@@ -15,7 +15,16 @@ async function assumeRole(params) {
// Assume a role to get short-lived credentials using longer-lived credentials.
const isDefined = i => !!i;
const {roleToAssume, roleDurationSeconds, roleSessionName, accessKeyId, secretAccessKey, sessionToken, region} = params;
const {
roleToAssume,
roleExternalId,
roleDurationSeconds,
roleSessionName,
accessKeyId,
secretAccessKey,
sessionToken,
region,
} = params;
assert(
[roleToAssume, roleDurationSeconds, roleSessionName, accessKeyId, secretAccessKey, region].every(isDefined),
"Missing required input when assuming a Role."
@@ -32,7 +41,8 @@ async function assumeRole(params) {
const sts = new aws.STS({
accessKeyId, secretAccessKey, sessionToken, region, endpoint, customUserAgent: USER_AGENT
});
return sts.assumeRole({
const assumeRoleRequest = {
RoleArn: roleToAssume,
RoleSessionName: roleSessionName,
DurationSeconds: roleDurationSeconds,
@@ -45,7 +55,13 @@ async function assumeRole(params) {
{Key: 'Branch', Value: GITHUB_REF},
{Key: 'Commit', Value: GITHUB_SHA},
]
})
};
if (roleExternalId) {
assumeRoleRequest.ExternalId = roleExternalId;
}
return sts.assumeRole(assumeRoleRequest)
.promise()
.then(function (data) {
return {
@@ -121,13 +137,14 @@ async function run() {
const sessionToken = core.getInput('aws-session-token', { required: false });
const maskAccountId = core.getInput('mask-aws-account-id', { required: false });
const roleToAssume = core.getInput('role-to-assume', {required: false});
const roleExternalId = core.getInput('role-external-id', { required: false });
const roleDurationSeconds = core.getInput('role-duration-seconds', {required: false}) || MAX_ACTION_RUNTIME;
const roleSessionName = core.getInput('role-session-name', { required: false }) || ROLE_SESSION_NAME;
// Get role credentials if configured to do so
if (roleToAssume) {
const roleCredentials = await assumeRole(
{accessKeyId, secretAccessKey, sessionToken, region, roleToAssume, roleDurationSeconds, roleSessionName}
{accessKeyId, secretAccessKey, sessionToken, region, roleToAssume, roleExternalId, roleDurationSeconds, roleSessionName}
);
exportCredentials(roleCredentials);
} else {