Skip to content

Commit

Permalink
Merge branch 'main' of github.com:saml-to/assume-aws-role-action
Browse files Browse the repository at this point in the history
  • Loading branch information
cnuss committed Sep 27, 2022
2 parents 6f58305 + 47e337e commit 54e03da
Show file tree
Hide file tree
Showing 13 changed files with 274 additions and 39 deletions.
124 changes: 124 additions & 0 deletions .github/workflows/acceptance-tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
name: 'Run Acceptance Tests'

on:
workflow_dispatch:
push:
branches:
- main
pull_request:
branches:
- main

jobs:
assume-nonlive-fail:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
cache: 'yarn'
- run: yarn
- run: yarn build
- uses: ./
id: assume_doesnotexist
continue-on-error: true
with:
role: arn:aws:iam::000000000000:role/doesnotexist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SAML_TO_NONLIVE: true
SAML_TO_API_KEY: ${{ secrets.NONLIVE_API_KEY }}
- name: Assume Assertion (Success == Skipped)
if: job.steps.assume_doesnotexist.status == success()
run: exit 1
assume-fail:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
cache: 'yarn'
- run: yarn
- run: yarn build
- uses: ./
id: assume_doesnotexist
continue-on-error: true
with:
role: arn:aws:iam::000000000000:role/doesnotexist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Assume Assertion (Success == Skipped)
if: job.steps.assume_doesnotexist.status == success()
run: exit 1

assume-nonlive:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
cache: 'yarn'
- run: yarn
- run: yarn build
- uses: ./
name: Assume test-assume-aws-role-action-nonlive using saml-to/saml-to/saml-to.yml
with:
role: arn:aws:iam::580360238192:role/test-assume-aws-role-action-nonlive
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SAML_TO_NONLIVE: true
SAML_TO_API_KEY: ${{ secrets.NONLIVE_API_KEY }}
- uses: ./
name: Assume readonly-nonlive using slyo-org-01/saml-to/saml-to.yml
with:
role: arn:aws:iam::656716386475:role/readonly-nonlive
configOwner: slyo-org-01
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SAML_TO_NONLIVE: true
SAML_TO_API_KEY: ${{ secrets.NONLIVE_API_KEY }}
- uses: ./
name: Assume readonly using slyo-org-01/saml-to/saml-to.yml (with provider aws-nonlive)
with:
role: arn:aws:iam::656716386475:role/readonly
configOwner: slyo-org-01
provider: aws-nonlive
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SAML_TO_NONLIVE: true
SAML_TO_API_KEY: ${{ secrets.NONLIVE_API_KEY }}

assume:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
cache: 'yarn'
- run: yarn
- run: yarn build
- uses: ./
name: Assume test-assume-aws-role-action using saml-to/saml-to/saml-to.yml
with:
role: arn:aws:iam::580360238192:role/test-assume-aws-role-action
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: ./
name: Assume readonly-live using slyo-org-01/saml-to/saml-to.yml
with:
role: arn:aws:iam::656716386475:role/readonly-live
configOwner: slyo-org-01
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: ./
name: Assume readonly using slyo-org-01/saml-to/saml-to.yml (with provider aws)
with:
role: arn:aws:iam::656716386475:role/readonly
configOwner: slyo-org-01
provider: aws
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .openapis
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
# This file is *safe* to add to source control and will increase the speed of builds
---
- serviceName: github-sls-rest-api
version: 1.0.51-0
version: 1.0.58-7

3 changes: 3 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ inputs:
provider:
description: The provider to use in saml-to.yml
required: false
configOwner:
description: Specify a different GitHub Org/User that hosts the saml-to.yml, defaults to this repository's owner.
required: false
outputs:
region:
description: The AWS region
Expand Down
127 changes: 119 additions & 8 deletions api/github-sls-rest-api/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.51-0
* The version of the OpenAPI document: 1.0.58-7
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down Expand Up @@ -396,6 +396,49 @@ export interface GithubSlsRestApiHealthResponse {
*/
'name': string;
}
/**
*
* @export
* @interface GithubSlsRestApiIdentityResponse
*/
export interface GithubSlsRestApiIdentityResponse {
/**
*
* @type {string}
* @memberof GithubSlsRestApiIdentityResponse
*/
'type': string;
/**
*
* @type {string}
* @memberof GithubSlsRestApiIdentityResponse
*/
'name': string;
/**
*
* @type {number}
* @memberof GithubSlsRestApiIdentityResponse
*/
'id': number;
/**
*
* @type {string}
* @memberof GithubSlsRestApiIdentityResponse
*/
'fullName': string;
/**
*
* @type {string}
* @memberof GithubSlsRestApiIdentityResponse
*/
'email': string;
/**
*
* @type {string}
* @memberof GithubSlsRestApiIdentityResponse
*/
'clientId': string;
}
/**
*
* @export
Expand Down Expand Up @@ -1391,10 +1434,11 @@ export const IDPApiAxiosParamCreator = function (configuration?: Configuration)
* @param {string} role
* @param {string} [provider]
* @param {string} [commitSha]
* @param {string} [configOwner]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
assumeRoleForRepo: async (org: string, repo: string, role: string, provider?: string, commitSha?: string, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
assumeRoleForRepo: async (org: string, repo: string, role: string, provider?: string, commitSha?: string, configOwner?: string, options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
// verify required parameter 'org' is not null or undefined
assertParamExists('assumeRoleForRepo', 'org', org)
// verify required parameter 'repo' is not null or undefined
Expand Down Expand Up @@ -1428,6 +1472,10 @@ export const IDPApiAxiosParamCreator = function (configuration?: Configuration)
localVarQueryParameter['commitSha'] = commitSha;
}

if (configOwner !== undefined) {
localVarQueryParameter['configOwner'] = configOwner;
}



setSearchParams(localVarUrlObj, localVarQueryParameter);
Expand Down Expand Up @@ -1478,6 +1526,39 @@ export const IDPApiAxiosParamCreator = function (configuration?: Configuration)
options: localVarRequestOptions,
};
},
/**
*
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
getIdentity: async (options: AxiosRequestConfig = {}): Promise<RequestArgs> => {
const localVarPath = `/api/v1/idp/me`;
// use dummy base URL string because the URL constructor only accepts absolute URLs.
const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
let baseOptions;
if (configuration) {
baseOptions = configuration.baseOptions;
}

const localVarRequestOptions = { method: 'GET', ...baseOptions, ...options};
const localVarHeaderParameter = {} as any;
const localVarQueryParameter = {} as any;

// authentication jwt required
// http bearer authentication required
await setBearerAuthToObject(localVarHeaderParameter, configuration)



setSearchParams(localVarUrlObj, localVarQueryParameter);
let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers};

return {
url: toPathString(localVarUrlObj),
options: localVarRequestOptions,
};
},
/**
*
* @param {string} org
Expand Down Expand Up @@ -1857,11 +1938,12 @@ export const IDPApiFp = function(configuration?: Configuration) {
* @param {string} role
* @param {string} [provider]
* @param {string} [commitSha]
* @param {string} [configOwner]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
async assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GithubSlsRestApiSamlResponseContainer>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.assumeRoleForRepo(org, repo, role, provider, commitSha, options);
async assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, configOwner?: string, options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GithubSlsRestApiSamlResponseContainer>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.assumeRoleForRepo(org, repo, role, provider, commitSha, configOwner, options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
Expand All @@ -1875,6 +1957,15 @@ export const IDPApiFp = function(configuration?: Configuration) {
const localVarAxiosArgs = await localVarAxiosParamCreator.encrypt(org, githubSlsRestApiEncryptRequest, options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
async getIdentity(options?: AxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GithubSlsRestApiIdentityResponse>> {
const localVarAxiosArgs = await localVarAxiosParamCreator.getIdentity(options);
return createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration);
},
/**
*
* @param {string} org
Expand Down Expand Up @@ -2003,11 +2094,12 @@ export const IDPApiFactory = function (configuration?: Configuration, basePath?:
* @param {string} role
* @param {string} [provider]
* @param {string} [commitSha]
* @param {string} [configOwner]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, options?: any): AxiosPromise<GithubSlsRestApiSamlResponseContainer> {
return localVarFp.assumeRoleForRepo(org, repo, role, provider, commitSha, options).then((request) => request(axios, basePath));
assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, configOwner?: string, options?: any): AxiosPromise<GithubSlsRestApiSamlResponseContainer> {
return localVarFp.assumeRoleForRepo(org, repo, role, provider, commitSha, configOwner, options).then((request) => request(axios, basePath));
},
/**
*
Expand All @@ -2019,6 +2111,14 @@ export const IDPApiFactory = function (configuration?: Configuration, basePath?:
encrypt(org: string, githubSlsRestApiEncryptRequest: GithubSlsRestApiEncryptRequest, options?: any): AxiosPromise<GithubSlsRestApiEncryptResponse> {
return localVarFp.encrypt(org, githubSlsRestApiEncryptRequest, options).then((request) => request(axios, basePath));
},
/**
*
* @param {*} [options] Override http request option.
* @throws {RequiredError}
*/
getIdentity(options?: any): AxiosPromise<GithubSlsRestApiIdentityResponse> {
return localVarFp.getIdentity(options).then((request) => request(axios, basePath));
},
/**
*
* @param {string} org
Expand Down Expand Up @@ -2143,12 +2243,13 @@ export class IDPApi extends BaseAPI {
* @param {string} role
* @param {string} [provider]
* @param {string} [commitSha]
* @param {string} [configOwner]
* @param {*} [options] Override http request option.
* @throws {RequiredError}
* @memberof IDPApi
*/
public assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, options?: AxiosRequestConfig) {
return IDPApiFp(this.configuration).assumeRoleForRepo(org, repo, role, provider, commitSha, options).then((request) => request(this.axios, this.basePath));
public assumeRoleForRepo(org: string, repo: string, role: string, provider?: string, commitSha?: string, configOwner?: string, options?: AxiosRequestConfig) {
return IDPApiFp(this.configuration).assumeRoleForRepo(org, repo, role, provider, commitSha, configOwner, options).then((request) => request(this.axios, this.basePath));
}

/**
Expand All @@ -2163,6 +2264,16 @@ export class IDPApi extends BaseAPI {
return IDPApiFp(this.configuration).encrypt(org, githubSlsRestApiEncryptRequest, options).then((request) => request(this.axios, this.basePath));
}

/**
*
* @param {*} [options] Override http request option.
* @throws {RequiredError}
* @memberof IDPApi
*/
public getIdentity(options?: AxiosRequestConfig) {
return IDPApiFp(this.configuration).getIdentity(options).then((request) => request(this.axios, this.basePath));
}

/**
*
* @param {string} org
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/base.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.51-0
* The version of the OpenAPI document: 1.0.58-7
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/common.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.51-0
* The version of the OpenAPI document: 1.0.58-7
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/configuration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.51-0
* The version of the OpenAPI document: 1.0.58-7
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.51-0
* The version of the OpenAPI document: 1.0.58-7
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/version.json
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"version":"1.0.51-0"}
{"version":"1.0.58-7"}
Loading

0 comments on commit 54e03da

Please sign in to comment.