in index.js [39:110]
async function run() {
if (roleChaining) {
if (!roleToAssume) {
throw new Error("'role-to-assume' must be provided if 'role-chaining' is provided");
}
const provider = RAMRoleARNCredentialsProvider.builder()
.withCredentialsProvider(EnvironmentVariableCredentialsProvider.builder().build())
.withRoleArn(roleToAssume)
.withRoleSessionName(ROLE_SESSION_NAME)
.withDurationSeconds(roleSessionExpiration)
.build();
{
const cred = new CredentialClient(null, provider);
const { accessKeyId, accessKeySecret, securityToken } = await cred.getCredential();
setOutput(accessKeyId, accessKeySecret, securityToken);
}
return;
}
if (roleToAssume && oidcProviderArn) {
const audience = core.getInput('audience');
const idToken = await core.getIDToken(audience);
const oidcTokenFilePath = path.join(os.tmpdir(), 'token');
// write into token file
await fsx.writeFile(oidcTokenFilePath, idToken);
const config = new Config({
type: 'oidc_role_arn',
roleArn: roleToAssume,
oidcProviderArn,
oidcTokenFilePath,
roleSessionExpiration,
roleSessionName: ROLE_SESSION_NAME
});
const client = new CredentialClient(config);
const { accessKeyId, accessKeySecret, securityToken } = await client.getCredential();
setOutput(accessKeyId, accessKeySecret, securityToken);
return;
}
const config = new Config({
type: 'ecs_ram_role'
});
const client = new CredentialClient(config);
const { accessKeyId, accessKeySecret, securityToken } = await client.getCredential();
if (roleToAssume) {
const config = new Config({
type: 'ram_role_arn',
accessKeyId,
accessKeySecret,
securityToken,
roleArn: roleToAssume,
roleSessionExpiration,
roleSessionName: ROLE_SESSION_NAME
});
{
const cred = new CredentialClient(config);
const { accessKeyId, accessKeySecret, securityToken } = await cred.getCredential();
setOutput(accessKeyId, accessKeySecret, securityToken);
}
return;
}
setOutput(accessKeyId, accessKeySecret, securityToken);
return;
}