Skip to content

Commit 873e21c

Browse files
kneemaakneemaa
authored
Merge pull request #22 from leigh-hogarth/feature/fix-key-count-logic
Always allow key creation where less than 2 exist
2 parents b2da1d7 + 5728316 commit 873e21c

File tree

2 files changed

+15
-9
lines changed

2 files changed

+15
-9
lines changed

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,14 @@
33

44
# Rotate AWS Access token stored in Github Repository secrets
55

6+
Performs the following actions:
7+
1. Checks for existing IAM access and secret key pairs of the provided IAM user (`IAM_USERNAME`)
8+
1. If 2 sets of keys exists, the action will fail
9+
1. If 0 or 1 set of keys exists, the action will:
10+
1. Create a new key pair for the IAM user
11+
1. Update the Github secrets (`GITHUB_ACCESS_KEY_NAME` and `GITHUB_SECRET_KEY_NAME`) for all provided repositories (`OWBER_REPOSITORY`)
12+
1. Delete the original key pair from the IAM user (if 1 already exists)
13+
614
## Environment Variables
715

816
| Variable | Required | Description | Default |

rotate_keys.py

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -26,15 +26,12 @@ def main_function():
2626
list_ret = iam.list_access_keys(UserName=iam_username)
2727
starting_num_keys = len(list_ret["AccessKeyMetadata"])
2828

29-
# save current id for deletion later
30-
current_access_id = list_ret["AccessKeyMetadata"][0]["AccessKeyId"]
31-
3229
# Check if two keys already exist, if so, exit 1
33-
if starting_num_keys != 1:
34-
print("There are already 2 keys for this user, Cannot rotate tokens")
30+
if starting_num_keys >= 2:
31+
print("There are already 2 keys for this user. Cannot rotate tokens.")
3532
sys.exit(1)
3633
else:
37-
print(f"I have {starting_num_keys} token, proceeding.")
34+
print(f"Validated <2 keys exist (current count: {starting_num_keys}), proceeding.")
3835

3936
# generate new credentials
4037
(new_access_key, new_secret_key) = create_new_keys(iam_username)
@@ -52,7 +49,8 @@ def main_function():
5249
upload_secret(repos, secret_key_name, encrypted_secret_key, pub_key_id, github_token)
5350

5451
# delete old keys
55-
delete_old_keys(iam_username, current_access_id)
52+
if starting_num_keys == 1:
53+
delete_old_keys(iam_username, list_ret["AccessKeyMetadata"][0]["AccessKeyId"])
5654

5755
sys.exit(0)
5856

@@ -82,9 +80,9 @@ def create_new_keys(iam_username):
8280

8381
# check to see if the keys were created
8482
second_list_ret = iam.list_access_keys(UserName=iam_username)
85-
second_num_keys = len(second_list_ret["AccessKeyMetadata"])
83+
access_keys = [k['AccessKeyId'] for k in second_list_ret["AccessKeyMetadata"]]
8684

87-
if second_num_keys != 2:
85+
if new_access_key not in access_keys:
8886
print("new keys failed to generate.")
8987
sys.exit(1)
9088
else:

0 commit comments

Comments
 (0)