-
Notifications
You must be signed in to change notification settings - Fork 454
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial config profile writer sample #557
Conversation
function exportCredentialsToConfig(profile, params) { | ||
const awsConfigFile = "~/.aws/config"; | ||
if (fs.existsSync(awsConfigFile)) { | ||
var config = ini.parse(fs.readFileSync(awsConfigFile, "utf-8")); | ||
} else { | ||
var config = {}; | ||
} | ||
|
||
// Initialize the configuration object | ||
const profileName = `profile ${profile}`; | ||
config[profileName] = {}; | ||
|
||
// Configure the AWS CLI and AWS SDKs using environment variables and set them as secrets. | ||
// Setting the credentials as secrets masks them in Github Actions logs | ||
const { webIdentityTokenFile, roleArn, regionName } = params; | ||
|
||
// web_identity_token_file: | ||
// Specifies a web identity token file location | ||
config[profileName].web_identity_token_file = webIdentityTokenFile; | ||
|
||
// role_arn: | ||
// Specifies the role to assume by this profile | ||
config[profileName].role_arn = roleArn; | ||
|
||
// region: | ||
// Specifies the region for this profile | ||
config[profileName].region = regionName; | ||
|
||
fs.writeFileSync(awsConfigFile, ini.stringify(config)); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the main change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So you don't need a credentials file? Only a config file will suffice?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The config needs to point to a webIdentityToken file, which is already supported. We just need to point to it from multiple profiles.
Hi @pecigonzalo, I was just about to create a new PR to support this workflow. I understand you want to include the feature to save the assumed credentials in the In my use case I need the following step because a tool within the workflow requires to load the config from the - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE }}
role-session-name: session-role
- name: Set AWS Credentials file
run: |
[[ ! -d "${HOME}/.aws" ]] && mkdir ${HOME}/.aws
echo "[profile ${{ env.ENV }}]" >> ${HOME}/.aws/config && \
echo "aws_access_key_id=${{ env.AWS_ACCESS_KEY_ID }}" >> ${HOME}/.aws/config && \
echo "aws_secret_access_key=${{ env.AWS_SECRET_ACCESS_KEY }}" >> ${HOME}/.aws/config && \
echo "aws_session_token=${{ env.AWS_SESSION_TOKEN }}" >> ${HOME}/.aws/config Thanks! |
@jfagoagas Being able to set a custom path for the .aws directory would also be great. As an example with this action you need .aws to be in the action workspace, since ~/.aws isn't mounted to the image: |
@bconnorwhite totally agree, it would be great! |
Agree with all comments and features, I opened this to confirm the approach with the contributors in the linked issue. If they are happy with it, I'll gladly support the use cases you highlighted |
const nameTruncated = nameWithoutSpecialCharacters.slice(0, MAX_TAG_VALUE_LENGTH) | ||
return nameTruncated | ||
const nameWithoutSpecialCharacters = name.replace( | ||
/[^\p{L}\p{Z}\p{N}_:/=+.-@-]/gu, |
Check warning
Code scanning / CodeQL
Overly permissive regular expression range
Closing in favor of #633 |
Issue #: #112
Description of changes: Add support to store multiple profiles in config
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
I don't know what format this repo uses, VSCode by default formats like this.