get IAM_USERNAME from AWS credentials if env var IAM_USERNAME is not set

marcohutzsch1234 · marcohutzsch1234 · commit 86037ae4b802 · 2020-09-14T07:21:43.000+02:00
diff --git a/README.md b/README.md
@@ -14,8 +14,8 @@
 - Description: Session Token for the current AWS session. Only required if you assume a role first.
 
 #### IAM_USERNAME
-- Required: ***True***
-- Description: Name of IAM user being rotated
+- Required: ***False***
+- Description: Name of IAM user being rotated, if not set the username which is used in the AWS credentials is used
 
 #### PERSONAL_ACCESS_TOKEN
 - Required: ***True***
diff --git a/rotate_keys.py b/rotate_keys.py
@@ -22,7 +22,7 @@
 )
 
 def main_function():
-    iam_username = os.environ['IAM_USERNAME']
+    iam_username = os.environ['IAM_USERNAME'] if 'IAM_USERNAME' in os.environ else who_am_i()
     github_token = os.environ['PERSONAL_ACCESS_TOKEN']
     owner_repository = os.environ['OWNER_REPOSITORY']
 
@@ -59,6 +59,19 @@ def main_function():
 
     sys.exit(0)
 
+def who_am_i():
+    # ask the aws backend for myself with a boto3 sts client
+    sts = boto3.client(
+        'sts',
+        aws_access_key_id = os.environ['AWS_ACCESS_KEY_ID'],
+        aws_secret_access_key = os.environ['AWS_SECRET_ACCESS_KEY'],
+        aws_session_token = os.environ['AWS_SESSION_TOKEN'] if 'AWS_SESSION_TOKEN' in os.environ else None
+    )
+
+    user = sts.get_caller_identity()
+    # return last element of splitted list to get username
+    return user['Arn'].split("/")[-1]
+
 def create_new_keys(iam_username):
     # create the keys
     create_ret = iam.create_access_key(
