Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
JENKINS-45964 : Assuming Role does not work in AWS-China
- Allow user to pass in role ARN
  • Loading branch information
indyaah committed Aug 13, 2017
1 parent 54896f8 commit 53e2890
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/main/java/de/taimos/pipeline/aws/WithAWSStep.java
Expand Up @@ -60,6 +60,7 @@ public class WithAWSStep extends AbstractStepImpl {

static final String AWS_DEFAULT_PARTITION_NAME = "aws";
static final String AWS_CN_PARTITION_NAME = "aws-cn";
static final Pattern IAM_ROLE_PATTERN = Pattern.compile("arn:(aws|aws-cn)::iam::[0-9]{12}:role/[\\w+=,.@-]{1,64}");

private String role = "";
private String roleAccount = "";
Expand Down Expand Up @@ -206,7 +207,7 @@ private void withRole(@Nonnull EnvVars localEnv) {
accountId = sts.getCallerIdentity(new GetCallerIdentityRequest()).getAccount();
}

String roleARN = String.format("arn:%s:iam::%s:role/%s", selectPartitionName(), accountId, this.step.getRole());
String roleARN = validRoleArn(this.step.getRole()) ? this.step.getRole() : String.format("arn:%s:iam::%s:role/%s", selectPartitionName(), accountId, this.step.getRole());

AssumeRoleRequest request = new AssumeRoleRequest()
.withRoleArn(roleARN)
Expand Down Expand Up @@ -259,6 +260,10 @@ private String selectPartitionName() {
return AWS_DEFAULT_PARTITION_NAME;
}

private boolean validRoleArn(String role) {
return (IAM_ROLE_PATTERN.matcher(role).matches());
}

@Override
public void stop(@Nonnull Throwable throwable) throws Exception {
//
Expand Down

0 comments on commit 53e2890

Please sign in to comment.