Skip to content

Commit b3e05da

Browse files
hari-radhari-rad
authored
OPS-3584 Add SourceIdentity parameter to assumeRole call (#1)
* OPS-3584 Add SourceIdentity parameter to assumeRole call * OPS-3584 Update dist
1 parent dfe0255 commit b3e05da

File tree

3 files changed

+25
-6
lines changed

3 files changed

+25
-6
lines changed

dist/index.js

Lines changed: 4 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

index.js

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,12 +52,14 @@ async function assumeRole(params) {
5252
roleArn = `arn:aws:iam::${sourceAccountId}:role/${roleArn}`;
5353
}
5454

55+
const githubActor = sanitizeGithubActor(GITHUB_ACTOR);
56+
5557
const tagArray = [
5658
{Key: 'GitHub', Value: 'Actions'},
5759
{Key: 'Repository', Value: GITHUB_REPOSITORY},
5860
{Key: 'Workflow', Value: sanitizeGithubWorkflowName(GITHUB_WORKFLOW)},
5961
{Key: 'Action', Value: GITHUB_ACTION},
60-
{Key: 'Actor', Value: sanitizeGithubActor(GITHUB_ACTOR)},
62+
{Key: 'Actor', Value: githubActor},
6163
{Key: 'Commit', Value: GITHUB_SHA},
6264
];
6365

@@ -77,6 +79,7 @@ async function assumeRole(params) {
7779
RoleArn: roleArn,
7880
RoleSessionName: roleSessionName,
7981
DurationSeconds: roleDurationSeconds,
82+
SourceIdentity: githubActor,
8083
Tags: roleSessionTags
8184
};
8285

index.test.js

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -471,6 +471,7 @@ describe('Configure AWS Credentials', () => {
471471
RoleArn: ROLE_ARN,
472472
RoleSessionName: 'GitHubActions',
473473
DurationSeconds: 6 * 3600,
474+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
474475
Tags: [
475476
{Key: 'GitHub', Value: 'Actions'},
476477
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -493,6 +494,7 @@ describe('Configure AWS Credentials', () => {
493494
RoleArn: ROLE_ARN,
494495
RoleSessionName: 'GitHubActions',
495496
DurationSeconds: 5,
497+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
496498
Tags: [
497499
{Key: 'GitHub', Value: 'Actions'},
498500
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -515,6 +517,7 @@ describe('Configure AWS Credentials', () => {
515517
RoleArn: ROLE_ARN,
516518
RoleSessionName: 'MySessionName',
517519
DurationSeconds: 6 * 3600,
520+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
518521
Tags: [
519522
{Key: 'GitHub', Value: 'Actions'},
520523
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -537,6 +540,7 @@ describe('Configure AWS Credentials', () => {
537540
RoleArn: 'arn:aws:iam::123456789012:role/MY-ROLE',
538541
RoleSessionName: 'GitHubActions',
539542
DurationSeconds: 6 * 3600,
543+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
540544
Tags: [
541545
{Key: 'GitHub', Value: 'Actions'},
542546
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -559,7 +563,8 @@ describe('Configure AWS Credentials', () => {
559563
RoleArn: 'arn:aws:iam::111111111111:role/MY-ROLE',
560564
RoleSessionName: 'GitHubActions',
561565
DurationSeconds: 6 * 3600,
562-
WebIdentityToken: 'testpayload'
566+
WebIdentityToken: 'testpayload',
567+
SourceIdentity: GITHUB_ACTOR_SANITIZED
563568
})
564569
});
565570

@@ -573,7 +578,8 @@ describe('Configure AWS Credentials', () => {
573578
RoleArn: 'arn:aws:iam::111111111111:role/MY-ROLE',
574579
RoleSessionName: 'GitHubActions',
575580
DurationSeconds: 6 * 3600,
576-
WebIdentityToken: 'testpayload'
581+
WebIdentityToken: 'testpayload',
582+
SourceIdentity: GITHUB_ACTOR_SANITIZED
577583
})
578584
});
579585

@@ -590,7 +596,8 @@ describe('Configure AWS Credentials', () => {
590596
RoleArn: 'arn:aws:iam::111111111111:role/MY-ROLE',
591597
RoleSessionName: 'GitHubActions',
592598
DurationSeconds: 3600,
593-
WebIdentityToken: 'testtoken'
599+
WebIdentityToken: 'testtoken',
600+
SourceIdentity: GITHUB_ACTOR_SANITIZED
594601
});
595602
expect(core.setSecret).toHaveBeenNthCalledWith(1, FAKE_STS_ACCESS_KEY_ID);
596603
expect(core.setSecret).toHaveBeenNthCalledWith(2, FAKE_STS_SECRET_ACCESS_KEY);
@@ -610,7 +617,8 @@ describe('Configure AWS Credentials', () => {
610617
RoleArn: 'arn:aws:iam::111111111111:role/MY-ROLE',
611618
RoleSessionName: 'GitHubActions',
612619
DurationSeconds: CUSTOM_ROLE_DURATION,
613-
WebIdentityToken: 'testtoken'
620+
WebIdentityToken: 'testtoken',
621+
SourceIdentity: GITHUB_ACTOR_SANITIZED
614622
});
615623
expect(core.setSecret).toHaveBeenNthCalledWith(1, FAKE_STS_ACCESS_KEY_ID);
616624
expect(core.setSecret).toHaveBeenNthCalledWith(2, FAKE_STS_SECRET_ACCESS_KEY);
@@ -644,6 +652,7 @@ describe('Configure AWS Credentials', () => {
644652
RoleArn: ROLE_ARN,
645653
RoleSessionName: 'GitHubActions',
646654
DurationSeconds: 6 * 3600,
655+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
647656
Tags: [
648657
{Key: 'GitHub', Value: 'Actions'},
649658
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -671,6 +680,7 @@ describe('Configure AWS Credentials', () => {
671680
RoleArn: ROLE_ARN,
672681
RoleSessionName: 'GitHubActions',
673682
DurationSeconds: 6 * 3600,
683+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
674684
Tags: [
675685
{Key: 'GitHub', Value: 'Actions'},
676686
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -693,6 +703,7 @@ describe('Configure AWS Credentials', () => {
693703
RoleArn: ROLE_ARN,
694704
RoleSessionName: 'GitHubActions',
695705
DurationSeconds: 21600,
706+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
696707
Tags: undefined
697708
})
698709
});
@@ -707,6 +718,7 @@ describe('Configure AWS Credentials', () => {
707718
RoleArn: ROLE_ARN,
708719
RoleSessionName: 'GitHubActions',
709720
DurationSeconds: 21600,
721+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
710722
Tags: [
711723
{Key: 'GitHub', Value: 'Actions'},
712724
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},
@@ -729,6 +741,7 @@ describe('Configure AWS Credentials', () => {
729741
RoleArn: ROLE_ARN,
730742
RoleSessionName: 'GitHubActions',
731743
DurationSeconds: 21600,
744+
SourceIdentity: GITHUB_ACTOR_SANITIZED,
732745
Tags: [
733746
{Key: 'GitHub', Value: 'Actions'},
734747
{Key: 'Repository', Value: ENVIRONMENT_VARIABLE_OVERRIDES.GITHUB_REPOSITORY},

0 commit comments

Comments
 (0)