From c43c7a3f1bc6d28d55254158493fb2734d0a77a8 Mon Sep 17 00:00:00 2001 From: Knut Eirik Leira Hjelle Date: Fri, 29 Dec 2023 23:56:47 +0530 Subject: [PATCH] Add support for aws session token (#16) * Added support for supplying session token * Update build * Updated documentation * Updated readme --- README.md | 11 +++++++---- action.yml | 3 +++ dist/restore-only/index.js | 5 ++++- dist/restore/index.js | 5 ++++- dist/save-only/index.js | 5 ++++- dist/save/index.js | 5 ++++- src/constants.ts | 1 + src/utils/actionUtils.ts | 5 ++++- 8 files changed, 31 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index beb41e1b1..992c65bb9 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ This Action provides Amazon Web Services S3 backend (and compatible software) for @actions/cache. +It supports assuming credentials from `aws-actions/configure-aws-credentials` directly from `env`, or you can supply them through inputs. + ## Usage ```yaml @@ -19,10 +21,11 @@ This Action provides Amazon Web Services S3 backend (and compatible software) fo aws-s3-bucket: ${{ secrets.AWS_S3_BUCKET_NAME }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 # Optional - aws-endpoint: https://example.com # Optional - aws-s3-bucket-endpoint: false # Optional - aws-s3-force-path-style: true # Optional + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Optionally supply session token from aws-actions/configure-aws-credentials + aws-region: us-east-1 # Optional + aws-endpoint: https://example.com # Optional + aws-s3-bucket-endpoint: false # Optional + aws-s3-force-path-style: true # Optional ``` Please see [actions.yml](https://github.com/whywaita/actions-cache-s3/blob/main/action.yml) about input parameters. diff --git a/action.yml b/action.yml index f5462125d..f5af63b3c 100644 --- a/action.yml +++ b/action.yml @@ -35,6 +35,9 @@ inputs: aws-secret-access-key: description: 'An AWS secret access key to access the bucket' required: false + aws-session-token: + description: 'An AWS session token to access the bucket' + required: false aws-region: description: 'An AWS region where the bucket is located' required: false diff --git a/dist/restore-only/index.js b/dist/restore-only/index.js index af91a81ad..5eddcc608 100644 --- a/dist/restore-only/index.js +++ b/dist/restore-only/index.js @@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() { accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) || process.env["AWS_ACCESS_KEY_ID"], secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) || - process.env["AWS_SECRET_ACCESS_KEY"] + process.env["AWS_SECRET_ACCESS_KEY"], + sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) || + process.env["AWS_SESSION_TOKEN"] }, region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"], endpoint: core.getInput(constants_1.Inputs.AWSEndpoint), @@ -46971,6 +46973,7 @@ var Inputs; Inputs["AWSS3Bucket"] = "aws-s3-bucket"; Inputs["AWSAccessKeyId"] = "aws-access-key-id"; Inputs["AWSSecretAccessKey"] = "aws-secret-access-key"; + Inputs["AWSSessionToken"] = "aws-session-token"; Inputs["AWSRegion"] = "aws-region"; Inputs["AWSEndpoint"] = "aws-endpoint"; Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint"; diff --git a/dist/restore/index.js b/dist/restore/index.js index 8f9812aed..d9d32b9aa 100644 --- a/dist/restore/index.js +++ b/dist/restore/index.js @@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() { accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) || process.env["AWS_ACCESS_KEY_ID"], secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) || - process.env["AWS_SECRET_ACCESS_KEY"] + process.env["AWS_SECRET_ACCESS_KEY"], + sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) || + process.env["AWS_SESSION_TOKEN"] }, region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"], endpoint: core.getInput(constants_1.Inputs.AWSEndpoint), @@ -46971,6 +46973,7 @@ var Inputs; Inputs["AWSS3Bucket"] = "aws-s3-bucket"; Inputs["AWSAccessKeyId"] = "aws-access-key-id"; Inputs["AWSSecretAccessKey"] = "aws-secret-access-key"; + Inputs["AWSSessionToken"] = "aws-session-token"; Inputs["AWSRegion"] = "aws-region"; Inputs["AWSEndpoint"] = "aws-endpoint"; Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint"; diff --git a/dist/save-only/index.js b/dist/save-only/index.js index c6ec1b79e..87e179245 100644 --- a/dist/save-only/index.js +++ b/dist/save-only/index.js @@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() { accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) || process.env["AWS_ACCESS_KEY_ID"], secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) || - process.env["AWS_SECRET_ACCESS_KEY"] + process.env["AWS_SECRET_ACCESS_KEY"], + sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) || + process.env["AWS_SESSION_TOKEN"] }, region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"], endpoint: core.getInput(constants_1.Inputs.AWSEndpoint), @@ -46971,6 +46973,7 @@ var Inputs; Inputs["AWSS3Bucket"] = "aws-s3-bucket"; Inputs["AWSAccessKeyId"] = "aws-access-key-id"; Inputs["AWSSecretAccessKey"] = "aws-secret-access-key"; + Inputs["AWSSessionToken"] = "aws-session-token"; Inputs["AWSRegion"] = "aws-region"; Inputs["AWSEndpoint"] = "aws-endpoint"; Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint"; diff --git a/dist/save/index.js b/dist/save/index.js index ce012d0ba..2ecef4bfc 100644 --- a/dist/save/index.js +++ b/dist/save/index.js @@ -15855,7 +15855,9 @@ function getInputS3ClientConfig() { accessKeyId: core.getInput(constants_1.Inputs.AWSAccessKeyId) || process.env["AWS_ACCESS_KEY_ID"], secretAccessKey: core.getInput(constants_1.Inputs.AWSSecretAccessKey) || - process.env["AWS_SECRET_ACCESS_KEY"] + process.env["AWS_SECRET_ACCESS_KEY"], + sessionToken: core.getInput(constants_1.Inputs.AWSSessionToken) || + process.env["AWS_SESSION_TOKEN"] }, region: core.getInput(constants_1.Inputs.AWSRegion) || process.env["AWS_REGION"], endpoint: core.getInput(constants_1.Inputs.AWSEndpoint), @@ -46971,6 +46973,7 @@ var Inputs; Inputs["AWSS3Bucket"] = "aws-s3-bucket"; Inputs["AWSAccessKeyId"] = "aws-access-key-id"; Inputs["AWSSecretAccessKey"] = "aws-secret-access-key"; + Inputs["AWSSessionToken"] = "aws-session-token"; Inputs["AWSRegion"] = "aws-region"; Inputs["AWSEndpoint"] = "aws-endpoint"; Inputs["AWSS3BucketEndpoint"] = "aws-s3-bucket-endpoint"; diff --git a/src/constants.ts b/src/constants.ts index b7d070ec9..a6e299874 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -9,6 +9,7 @@ export enum Inputs { AWSS3Bucket = "aws-s3-bucket", AWSAccessKeyId = "aws-access-key-id", AWSSecretAccessKey = "aws-secret-access-key", + AWSSessionToken = "aws-session-token", AWSRegion = "aws-region", AWSEndpoint = "aws-endpoint", AWSS3BucketEndpoint = "aws-s3-bucket-endpoint", diff --git a/src/utils/actionUtils.ts b/src/utils/actionUtils.ts index 24ae3a017..913944965 100644 --- a/src/utils/actionUtils.ts +++ b/src/utils/actionUtils.ts @@ -93,7 +93,10 @@ export function getInputS3ClientConfig(): S3ClientConfig | undefined { process.env["AWS_ACCESS_KEY_ID"], secretAccessKey: core.getInput(Inputs.AWSSecretAccessKey) || - process.env["AWS_SECRET_ACCESS_KEY"] + process.env["AWS_SECRET_ACCESS_KEY"], + sessionToken: + core.getInput(Inputs.AWSSessionToken) || + process.env["AWS_SESSION_TOKEN"] }, region: core.getInput(Inputs.AWSRegion) || process.env["AWS_REGION"], endpoint: core.getInput(Inputs.AWSEndpoint),