Skip to content

feat: Add MFA serial and token support #1124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ inputs:
aws-session-token:
description: AWS Session Token.
required: false
mfa-token:
description: Token when the user/role requires MFA.
required: false
mfa-serial:
description: Serial/ARN when the user/role requires MFA.
required: false
web-identity-token-file:
description: Use the web identity token file from the provided file system path in order to assume an IAM role using a web identity, e.g. from within an Amazon EKS worker node.
required: false
Expand Down
2 changes: 2 additions & 0 deletions dist/cleanup/src/assumeRole.d.ts

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions src/assumeRole.ts
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ export interface assumeRoleParams {
roleExternalId?: string;
webIdentityTokenFile?: string;
webIdentityToken?: string;
mfaSerial?: string;
mfaToken?: string;
inlineSessionPolicy?: string;
managedSessionPolicies?: any[];
}
Expand All @@ -89,6 +91,8 @@ export async function assumeRole(params: assumeRoleParams) {
roleSkipSessionTagging,
webIdentityTokenFile,
webIdentityToken,
mfaSerial,
mfaToken,
inlineSessionPolicy,
managedSessionPolicies,
} = { ...params };
Expand Down Expand Up @@ -137,6 +141,8 @@ export async function assumeRole(params: assumeRoleParams) {
ExternalId: roleExternalId ? roleExternalId : undefined,
Policy: inlineSessionPolicy ? inlineSessionPolicy : undefined,
PolicyArns: managedSessionPolicies?.length ? managedSessionPolicies : undefined,
SerialNumber: mfaSerial,
TokenCode: mfaToken,
};
const keys = Object.keys(commonAssumeRoleParams) as Array<keyof typeof commonAssumeRoleParams>;
keys.forEach((k) => commonAssumeRoleParams[k] === undefined && delete commonAssumeRoleParams[k]);
Expand Down
4 changes: 4 additions & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ export async function run() {
const maskAccountId = maskAccountIdInput.toLowerCase() === 'true';
const roleExternalId = core.getInput('role-external-id', { required: false });
const webIdentityTokenFile = core.getInput('web-identity-token-file', { required: false });
const mfaSerial = core.getInput('mfa-serial', { required: false });
const mfaToken = core.getInput('mfa-token', { required: false });
const roleDuration = parseInt(core.getInput('role-duration-seconds', { required: false })) || DEFAULT_ROLE_DURATION;
const roleSessionName = core.getInput('role-session-name', { required: false }) || ROLE_SESSION_NAME;
const roleSkipSessionTaggingInput = core.getInput('role-skip-session-tagging', { required: false }) || 'false';
Expand Down Expand Up @@ -159,6 +161,8 @@ export async function run() {
roleSkipSessionTagging,
webIdentityTokenFile,
webIdentityToken,
mfaSerial,
mfaToken,
inlineSessionPolicy,
managedSessionPolicies,
});
Expand Down
Loading