func ExampleSTS_GetSessionToken() { svc := sts.New(nil) params := &sts.GetSessionTokenInput{ DurationSeconds: aws.Int64(1), SerialNumber: aws.String("serialNumberType"), TokenCode: aws.String("tokenCodeType"), } resp, err := svc.GetSessionToken(params) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // Generic AWS error with Code, Message, and original error (if any) fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr()) if reqErr, ok := err.(awserr.RequestFailure); ok { // A service error occurred fmt.Println(reqErr.Code(), reqErr.Message(), reqErr.StatusCode(), reqErr.RequestID()) } } else { // This case should never be hit, the SDK should always return an // error which satisfies the awserr.Error interface. fmt.Println(err.Error()) } } // Pretty-print the response data. fmt.Println(awsutil.Prettify(resp)) }
func ExampleSTS_AssumeRoleWithWebIdentity() { svc := sts.New(nil) params := &sts.AssumeRoleWithWebIdentityInput{ RoleARN: aws.String("arnType"), // Required RoleSessionName: aws.String("userNameType"), // Required WebIdentityToken: aws.String("clientTokenType"), // Required DurationSeconds: aws.Int64(1), Policy: aws.String("sessionPolicyDocumentType"), ProviderID: aws.String("urlType"), } resp, err := svc.AssumeRoleWithWebIdentity(params) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // Generic AWS error with Code, Message, and original error (if any) fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr()) if reqErr, ok := err.(awserr.RequestFailure); ok { // A service error occurred fmt.Println(reqErr.Code(), reqErr.Message(), reqErr.StatusCode(), reqErr.RequestID()) } } else { // This case should never be hit, the SDK should always return an // error which satisfies the awserr.Error interface. fmt.Println(err.Error()) } } // Pretty-print the response data. fmt.Println(awsutil.Prettify(resp)) }
func ExampleSTS_DecodeAuthorizationMessage() { svc := sts.New(nil) params := &sts.DecodeAuthorizationMessageInput{ EncodedMessage: aws.String("encodedMessageType"), // Required } resp, err := svc.DecodeAuthorizationMessage(params) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // Generic AWS error with Code, Message, and original error (if any) fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr()) if reqErr, ok := err.(awserr.RequestFailure); ok { // A service error occurred fmt.Println(reqErr.Code(), reqErr.Message(), reqErr.StatusCode(), reqErr.RequestID()) } } else { // This case should never be hit, the SDK should always return an // error which satisfies the awserr.Error interface. fmt.Println(err.Error()) } } // Pretty-print the response data. fmt.Println(awsutil.Prettify(resp)) }
// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.Client == nil { p.Client = sts.New(nil) } if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = 15 * time.Minute } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleARN: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyID, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
package sts_test import ( "testing" "github.com/gunosy/aws-sdk-go/aws" "github.com/gunosy/aws-sdk-go/service/sts" "github.com/stretchr/testify/assert" ) var svc = sts.New(&aws.Config{ Region: aws.String("mock-region"), }) func TestUnsignedRequest_AssumeRoleWithSAML(t *testing.T) { req, _ := svc.AssumeRoleWithSAMLRequest(&sts.AssumeRoleWithSAMLInput{ PrincipalARN: aws.String("ARN"), RoleARN: aws.String("ARN"), SAMLAssertion: aws.String("ASSERT"), }) err := req.Sign() assert.NoError(t, err) assert.Equal(t, "", req.HTTPRequest.Header.Get("Authorization")) } func TestUnsignedRequest_AssumeRoleWithWebIdentity(t *testing.T) { req, _ := svc.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{ RoleARN: aws.String("ARN"), RoleSessionName: aws.String("SESSION"), WebIdentityToken: aws.String("TOKEN"),
func TestInterface(t *testing.T) { assert.Implements(t, (*stsiface.STSAPI)(nil), sts.New(nil)) }
func init() { Before("@sts", func() { World["client"] = sts.New(nil) }) }