in src/main/java/com/amazonaws/codebuild/jenkinsplugin/CodeBuildBaseCredentials.java [183:218]
public FormValidation doCheckIamRoleArn(@QueryParameter("proxyHost") final String proxyHost,
@QueryParameter("proxyPort") final String proxyPort,
@QueryParameter("accessKey") final String accessKey,
@QueryParameter("secretKey") final String secretKey,
@QueryParameter("iamRoleArn") final String iamRoleArn,
@QueryParameter("externalId") final String externalId) {
if (accessKey.isEmpty() || secretKey.isEmpty()) {
return FormValidation.error("AWS access and secret keys are required to use an IAM role for authorization");
}
if(iamRoleArn.isEmpty()) {
return FormValidation.ok();
}
try {
AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey);
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn(iamRoleArn)
.withExternalId(externalId)
.withDurationSeconds(3600)
.withRoleSessionName(ROLE_SESSION_NAME);
new AWSSecurityTokenServiceClient(initialCredentials, getClientConfiguration(proxyHost, proxyPort)).assumeRole(assumeRequest);
} catch (Exception e) {
String errorMessage = e.getMessage();
if(errorMessage.length() >= ERROR_MESSAGE_MAX_LENGTH) {
errorMessage = errorMessage.substring(ERROR_MESSAGE_MAX_LENGTH);
}
return FormValidation.error("Authorization failed: " + errorMessage);
}
return FormValidation.ok("IAM role authorization successful.");
}