feat: infer role ARN if given role name (#35)

Author: clareliguori

Diff for: index.js

@@ -42,8 +42,16 @@ async function assumeRole(params) {
     accessKeyId, secretAccessKey, sessionToken, region, endpoint, customUserAgent: USER_AGENT
   });
 
+  let roleArn = roleToAssume;
+  if (!roleArn.startsWith('arn:aws')) {
+    const identity = await sts.getCallerIdentity().promise();
+    const accountId = identity.Account;
+    // Supports only 'aws' partition. Customers in other partitions ('aws-cn') will need to provide full ARN
+    roleArn = `arn:aws:iam::${accountId}:role/${roleArn}`;
+  }
+
   const assumeRoleRequest = {
-    RoleArn: roleToAssume,
+    RoleArn: roleArn,
     RoleSessionName: roleSessionName,
     DurationSeconds: roleDurationSeconds,
     Tags: [

Diff for: index.test.js

@@ -14,6 +14,7 @@ const FAKE_STS_SESSION_TOKEN = 'STS-AWS-SESSION-TOKEN';
 const FAKE_REGION = 'fake-region-1';
 const FAKE_ACCOUNT_ID = '123456789012';
 const ROLE_NAME = 'MY-ROLE';
+const ROLE_ARN = 'arn:aws:iam::123456789012:role/MY-ROLE';
 const ENVIRONMENT_VARIABLE_OVERRIDES = {
     SHOW_STACK_TRACE: 'true',
     GITHUB_REPOSITORY: 'MY-REPOSITORY-NAME',
@@ -40,7 +41,7 @@ const DEFAULT_INPUTS = {
     'aws-region': FAKE_REGION,
     'mask-aws-account-id': 'TRUE'
 };
-const ASSUME_ROLE_INPUTS = {...REQUIRED_INPUTS, 'role-to-assume': ROLE_NAME, 'aws-region': FAKE_REGION};
+const ASSUME_ROLE_INPUTS = {...REQUIRED_INPUTS, 'role-to-assume': ROLE_ARN, 'aws-region': FAKE_REGION};
 
 const mockStsCallerIdentity = jest.fn();
 const mockStsAssumeRole = jest.fn();
@@ -201,7 +202,7 @@ describe('Configure AWS Credentials', () => {
 
         await run();
         expect(mockStsAssumeRole).toHaveBeenCalledWith({
-            RoleArn: ROLE_NAME,
+            RoleArn: ROLE_ARN,
             RoleSessionName: 'GitHubActions',
             DurationSeconds: 6 * 3600,
             Tags: [
@@ -223,7 +224,7 @@ describe('Configure AWS Credentials', () => {
 
         await run();
         expect(mockStsAssumeRole).toHaveBeenCalledWith({
-            RoleArn: ROLE_NAME,
+            RoleArn: ROLE_ARN,
             RoleSessionName: 'GitHubActions',
             DurationSeconds: 5,
             Tags: [
@@ -245,7 +246,7 @@ describe('Configure AWS Credentials', () => {
 
         await run();
         expect(mockStsAssumeRole).toHaveBeenCalledWith({
-            RoleArn: ROLE_NAME,
+            RoleArn: ROLE_ARN,
             RoleSessionName: 'MySessionName',
             DurationSeconds: 6 * 3600,
             Tags: [
@@ -260,14 +261,36 @@ describe('Configure AWS Credentials', () => {
         })
     });
 
+    test('role name provided instead of ARN', async () => {
+        core.getInput = jest
+            .fn()
+            .mockImplementation(mockGetInput({...REQUIRED_INPUTS, 'role-to-assume': ROLE_NAME, 'aws-region': FAKE_REGION}));
+
+        await run();
+        expect(mockStsAssumeRole).toHaveBeenCalledWith({
+            RoleArn: ROLE_ARN,
+            RoleSessionName: 'GitHubActions',
+            DurationSeconds: 6 * 3600,
+            Tags: [
+                {Key: 'GitHub', Value: 'Actions'},
+                {Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
+                {Key: 'Workflow', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_WORKFLOW},
+                {Key: 'Action', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_ACTION},
+                {Key: 'Actor', Value: GITHUB_ACTOR_SANITIZED},
+                {Key: 'Branch', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REF},
+                {Key: 'Commit', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_SHA},
+            ]
+        })
+    });
+
     test('role external ID provided', async () => {
         core.getInput = jest
             .fn()
             .mockImplementation(mockGetInput({...ASSUME_ROLE_INPUTS, 'role-external-id': 'abcdef'}));
 
         await run();
         expect(mockStsAssumeRole).toHaveBeenCalledWith({
-            RoleArn: ROLE_NAME,
+            RoleArn: ROLE_ARN,
             RoleSessionName: 'GitHubActions',
             DurationSeconds: 6 * 3600,
             Tags: [
@@ -294,7 +317,7 @@ describe('Configure AWS Credentials', () => {
 
         await run();
         expect(mockStsAssumeRole).toHaveBeenCalledWith({
-            RoleArn: ROLE_NAME,
+            RoleArn: ROLE_ARN,
             RoleSessionName: 'GitHubActions',
             DurationSeconds: 6 * 3600,
             Tags: [