Skip to content

Commit

Permalink
Merge branch 'main' of github.com:saml-to/assume-aws-role-action
Browse files Browse the repository at this point in the history
  • Loading branch information
cnuss committed Oct 7, 2022
2 parents 0dbbd52 + 149186a commit 92ded78
Show file tree
Hide file tree
Showing 15 changed files with 140 additions and 19 deletions.
2 changes: 1 addition & 1 deletion .openapis
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
# This file is *safe* to add to source control and will increase the speed of builds
---
- serviceName: github-sls-rest-api
version: 1.0.66-2
version: 1.0.68-0

6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,12 @@ If there are multiple `provider` entries in the `saml-to.yml` configuration file
Specify an alternative path to the `saml-to.yml` configuration file.
### `profile` (_Optional_)
Store the credentials to the provided named profile in `~/.aws` (instead of writing them to Environment Variables)
**Default**: `` (_Empty String_)
**Default**: `saml-to.yml`
## Outputs
Expand Down
3 changes: 3 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ inputs:
configPath:
description: "Specify a path to the SAML.to config file (Default: 'saml-to.yml')"
required: false
profile:
description: 'Store the credentials to the provided named profile in `~/.aws` (instead of writing them to Environment Variables)'
required: false
outputs:
region:
description: The AWS region
Expand Down
46 changes: 45 additions & 1 deletion api/github-sls-rest-api/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.66-2
* The version of the OpenAPI document: 1.0.68-0
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down Expand Up @@ -273,6 +273,12 @@ export interface GithubSlsRestApiCloudFormationResponse {
* @interface GithubSlsRestApiConfigBaseSupportedVersions
*/
export interface GithubSlsRestApiConfigBaseSupportedVersions {
/**
*
* @type {string}
* @memberof GithubSlsRestApiConfigBaseSupportedVersions
*/
'ts'?: string;
/**
*
* @type {string}
Expand Down Expand Up @@ -316,6 +322,12 @@ export interface GithubSlsRestApiConfigBaseSupportedVersions {
* @interface GithubSlsRestApiConfigV20220101
*/
export interface GithubSlsRestApiConfigV20220101 {
/**
*
* @type {string}
* @memberof GithubSlsRestApiConfigV20220101
*/
'ts'?: string;
/**
*
* @type {string}
Expand Down Expand Up @@ -434,6 +446,38 @@ export interface GithubSlsRestApiConfigVariablesResponse {
*/
'results': Array<GithubSlsRestApiConfigVariable>;
}
/**
*
* @export
* @interface GithubSlsRestApiConsolidateRequest
*/
export interface GithubSlsRestApiConsolidateRequest {
/**
*
* @type {Array<string>}
* @memberof GithubSlsRestApiConsolidateRequest
*/
'repos'?: Array<string>;
}
/**
*
* @export
* @interface GithubSlsRestApiConsolidateResponse
*/
export interface GithubSlsRestApiConsolidateResponse {
/**
*
* @type {GithubSlsRestApiConfigV20220101}
* @memberof GithubSlsRestApiConsolidateResponse
*/
'after': GithubSlsRestApiConfigV20220101;
/**
*
* @type {{ [key: string]: GithubSlsRestApiConfigV20220101; }}
* @memberof GithubSlsRestApiConsolidateResponse
*/
'before': { [key: string]: GithubSlsRestApiConfigV20220101; };
}
/**
*
* @export
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/base.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.66-2
* The version of the OpenAPI document: 1.0.68-0
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/common.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.66-2
* The version of the OpenAPI document: 1.0.68-0
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/configuration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.66-2
* The version of the OpenAPI document: 1.0.68-0
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* github-sls-rest-api
* To generate a JWT token, go to the <a href=\"https://sso.saml.to/auth/jwt.html\" target=\"_blank\">JWT Token Generator</a>
*
* The version of the OpenAPI document: 1.0.66-2
* The version of the OpenAPI document: 1.0.68-0
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
Expand Down
2 changes: 1 addition & 1 deletion api/github-sls-rest-api/version.json
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"version":"1.0.66-2"}
{"version":"1.0.68-0"}
2 changes: 1 addition & 1 deletion dist/main.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/main.js.map

Large diffs are not rendered by default.

6 changes: 4 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@saml-to/assume-aws-role-action",
"version": "1.0.9",
"version": "1.0.10",
"description": "Assume an AWS Role using SAML.to",
"repository": "git@github.com:saml-to/assume-aws-role-action.git",
"author": "Scaffoldly",
Expand Down Expand Up @@ -39,7 +39,8 @@
"dependencies": {
"@actions/core": "^1.6.0",
"@aws-sdk/client-sts": "^3.43.0",
"axios": "^0.24.0"
"axios": "^0.24.0",
"which": "^2.0.2"
},
"devDependencies": {
"@babel/core": "^7.16.0",
Expand All @@ -48,6 +49,7 @@
"@types/inquirer": "^8.1.3",
"@types/js-yaml": "^4.0.5",
"@types/node": "14",
"@types/which": "^2.0.1",
"@types/yargs": "^17.0.7",
"@typescript-eslint/eslint-plugin": "^4.29.3",
"@typescript-eslint/parser": "^4.29.3",
Expand Down
40 changes: 33 additions & 7 deletions src/action.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import {
GithubSlsRestApiSamlResponseContainer,
GithubSlsRestApiAwsAssumeSdkOptions,
} from '../api/github-sls-rest-api';
import { exec } from './exec';

const { GITHUB_TOKEN, GITHUB_REPOSITORY, GITHUB_SHA, SAML_TO_NONLIVE, SAML_TO_API_KEY } =
process.env;
Expand Down Expand Up @@ -34,6 +35,7 @@ export class Action {
const region = getInput('region', { required: false }) || 'us-east-1';
const configOwner = getInput('configOwner', { required: false }) || org;
const configPath = getInput('configPath', { required: false }) || 'saml-to.yml';
const profile = getInput('profile', { required: false }) || undefined;

if (provider) {
info(`Assuming ${provider} Role: ${role} in ${region}`);
Expand Down Expand Up @@ -72,7 +74,7 @@ SAML Attributes:`);
Object.entries(response.attributes).forEach(([k, v]) => info(` - ${k}: ${v}`));
}

await this.assumeAws(response, region);
await this.assumeAws(response, region, profile);
// eslint-disable-next-line @typescript-eslint/no-explicit-any
} catch (e: any) {
const providerHint = sdkOpts ? ` (${sdkOpts.PrincipalArn}) ` : ' ';
Expand Down Expand Up @@ -139,7 +141,11 @@ https://docs.saml.to/usage/github-actions/assume-aws-role-action#centrally-manag
}
}

async assumeAws(response: GithubSlsRestApiSamlResponseContainer, region: string): Promise<void> {
async assumeAws(
response: GithubSlsRestApiSamlResponseContainer,
region: string,
profile?: string,
): Promise<void> {
const sts = new STS({ region });
const opts = response.sdkOptions as GithubSlsRestApiAwsAssumeSdkOptions;
if (!opts) {
Expand Down Expand Up @@ -174,11 +180,6 @@ https://docs.saml.to/usage/github-actions/assume-aws-role-action#centrally-manag
info(`
Assumed ${opts.RoleArn}: ${callerIdentity.Arn} (Credential expiration at ${assumeResponse.Credentials.Expiration})`);

exportVariable('AWS_DEFAULT_REGION', region);
exportVariable('AWS_ACCESS_KEY_ID', assumeResponse.Credentials.AccessKeyId);
exportVariable('AWS_SECRET_ACCESS_KEY', assumeResponse.Credentials.SecretAccessKey);
exportVariable('AWS_SESSION_TOKEN', assumeResponse.Credentials.SessionToken);

setOutput('region', region);
setOutput('accountId', callerIdentity.Account);
setOutput('userId', callerIdentity.UserId);
Expand All @@ -187,5 +188,30 @@ Assumed ${opts.RoleArn}: ${callerIdentity.Arn} (Credential expiration at ${assum
setOutput('accessKeyId', assumeResponse.Credentials.AccessKeyId);
setOutput('secretAccessKey', assumeResponse.Credentials.SecretAccessKey);
setOutput('sessionToken', assumeResponse.Credentials.SessionToken);

if (profile) {
exportVariable('AWS_PROFILE', profile);

const base = ['aws', 'configure'];

if (profile !== 'default') {
base.push('--profile', profile);
}
base.push('set');
await exec([...base, 'region', region]);
await exec([...base, 'aws_access_key_id', assumeResponse.Credentials.AccessKeyId]);
await exec([...base, 'aws_secret_access_key', assumeResponse.Credentials.SecretAccessKey]);
await exec([...base, 'aws_session_token', assumeResponse.Credentials.SessionToken]);

info(`AWS Profile has been set!`);
return;
}

exportVariable('AWS_DEFAULT_REGION', region);
exportVariable('AWS_ACCESS_KEY_ID', assumeResponse.Credentials.AccessKeyId);
exportVariable('AWS_SECRET_ACCESS_KEY', assumeResponse.Credentials.SecretAccessKey);
exportVariable('AWS_SESSION_TOKEN', assumeResponse.Credentials.SessionToken);

info(`Environment Variables have been set!`);
}
}
35 changes: 35 additions & 0 deletions src/exec.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
import proc from 'child_process';
import which from 'which';

export const exec = (argv: string[]): Promise<void> => {
return new Promise((resolve, reject) => {
const env = {
...process.env,
};

let command: string;
try {
command = which.sync(argv[0]);
} catch (e) {
reject(new Error(`Unable to locate the '${argv[0]}' command on this system`));
return;
}

const p = proc.spawn(command, argv.slice(1), {
shell: true,
env,
});

p.on('error', (err) => {
reject(err);
});

p.on('exit', () => {
resolve();
});

p.stdin.pipe(process.stdin);
p.stdout.pipe(process.stdout);
p.stderr.pipe(process.stderr);
});
};
7 changes: 6 additions & 1 deletion yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -957,6 +957,11 @@
dependencies:
"@types/node" "*"

"@types/which@^2.0.1":
version "2.0.1"
resolved "https://registry.yarnpkg.com/@types/which/-/which-2.0.1.tgz#27ecd67f915b7c3d6ba552135bb1eecd66e63501"
integrity sha512-Jjakcv8Roqtio6w1gr0D7y6twbhx6gGgFGF5BLwajPpnOIOxFkakFhCq+LmyyeAz7BX6ULrjBOxdKaCDy+4+dQ==

"@types/yargs-parser@*":
version "20.2.1"
resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-20.2.1.tgz#3b9ce2489919d9e4fea439b76916abc34b2df129"
Expand Down Expand Up @@ -3288,7 +3293,7 @@ which-boxed-primitive@^1.0.2:
is-string "^1.0.5"
is-symbol "^1.0.3"

which@^2.0.1:
which@^2.0.1, which@^2.0.2:
version "2.0.2"
resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1"
integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==
Expand Down

0 comments on commit 92ded78

Please sign in to comment.