From b7c5041508c1d14e86bdaed3b42c2d2b5323231f Mon Sep 17 00:00:00 2001 From: Duane Bondad Date: Thu, 16 Sep 2021 09:06:37 -0700 Subject: [PATCH 1/4] update assume_role to use session_token --- actions/assume_role.py | 6 +++++- actions/assume_role.yaml | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/actions/assume_role.py b/actions/assume_role.py index 5cf60bb..aeb5d28 100644 --- a/actions/assume_role.py +++ b/actions/assume_role.py @@ -13,7 +13,8 @@ class Boto3AssumeRoleRunner(Action): def run(self, role_arn, policy=None, duration=3600, external_id=None, aws_access_key_id=None, aws_secret_access_key=None, - use_mfa=False, serial_number=None, token_code=None): + use_mfa=False, serial_number=None, token_code=None, + use_session_token=False, aws_session_token=None): success = False result = dict() @@ -23,6 +24,9 @@ def run(self, role_arn, if aws_access_key_id and aws_secret_access_key: sts_kwargs['aws_access_key_id'] = aws_access_key_id sts_kwargs['aws_secret_access_key'] = aws_secret_access_key + + if aws_session_token: + sts_kwargs['aws_session_token'] = aws_session_token client = boto3.client('sts', **sts_kwargs) diff --git a/actions/assume_role.yaml b/actions/assume_role.yaml index fa33995..200a129 100644 --- a/actions/assume_role.yaml +++ b/actions/assume_role.yaml @@ -39,3 +39,9 @@ parameters: type: "string" description: "Token code from the MFA" secret: true + use_session_token: + type: "boolean" + description: "Include session token" + aws_session_token: + type: "string" + description: "Session token" From 179f59ef731e085b31e1001d9e207585e7719863 Mon Sep 17 00:00:00 2001 From: Duane Bondad Date: Thu, 16 Sep 2021 11:47:27 -0700 Subject: [PATCH 2/4] set session token parameter defaults --- actions/assume_role.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/actions/assume_role.yaml b/actions/assume_role.yaml index 200a129..e0d5079 100644 --- a/actions/assume_role.yaml +++ b/actions/assume_role.yaml @@ -42,6 +42,8 @@ parameters: use_session_token: type: "boolean" description: "Include session token" + default: False aws_session_token: type: "string" description: "Session token" + secret: true From 32e81035eb6eb09d0caf39e1c4292c02a9d8e2fc Mon Sep 17 00:00:00 2001 From: DuaneB-TD Date: Mon, 20 Sep 2021 15:59:05 -0700 Subject: [PATCH 3/4] Log changes and increment version --- CHANGES.md | 3 +++ pack.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index dd6d7e3..407bf0c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,8 @@ ## Change Log +## 1.0.1 +- Add support for AWS session token to `assume_role` action + ## 1.0.0 * Drop Python 2.7 support diff --git a/pack.yaml b/pack.yaml index e7aa242..52e00bc 100644 --- a/pack.yaml +++ b/pack.yaml @@ -19,7 +19,7 @@ keywords: - RDS - SQS - lambda -version: 1.0.0 +version: 1.0.1 author : StackStorm, Inc. email : info@stackstorm.com contributors: From eea6ff564ac42d624200dfb6f0e19573bd595e7a Mon Sep 17 00:00:00 2001 From: DuaneB-TD Date: Mon, 20 Sep 2021 16:14:17 -0700 Subject: [PATCH 4/4] fixed if statement to check for use_session_token --- actions/assume_role.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/assume_role.py b/actions/assume_role.py index aeb5d28..d3c99aa 100644 --- a/actions/assume_role.py +++ b/actions/assume_role.py @@ -25,7 +25,7 @@ def run(self, role_arn, sts_kwargs['aws_access_key_id'] = aws_access_key_id sts_kwargs['aws_secret_access_key'] = aws_secret_access_key - if aws_session_token: + if use_session_token: sts_kwargs['aws_session_token'] = aws_session_token client = boto3.client('sts', **sts_kwargs)