// Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Apply defaults where parameters are not set. if p.Client == nil { p.Client = sts.New(nil) } if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. p.RoleSessionName = fmt.Sprintf("%d", time.Now().UTC().UnixNano()) } if p.Duration == 0 { // Expire as often as AWS permits. p.Duration = 15 * time.Minute } roleOutput, err := p.Client.AssumeRole(&sts.AssumeRoleInput{ DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, }) if err != nil { return credentials.Value{}, err } // We will proactively generate new credentials before they expire. p.SetExpiration(*roleOutput.Credentials.Expiration, p.ExpiryWindow) return credentials.Value{ AccessKeyID: *roleOutput.Credentials.AccessKeyId, SecretAccessKey: *roleOutput.Credentials.SecretAccessKey, SessionToken: *roleOutput.Credentials.SessionToken, }, nil }
func ExampleSTS_DecodeAuthorizationMessage() { svc := sts.New(nil) params := &sts.DecodeAuthorizationMessageInput{ EncodedMessage: aws.String("encodedMessageType"), // Required } resp, err := svc.DecodeAuthorizationMessage(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
func ExampleSTS_GetSessionToken() { svc := sts.New(nil) params := &sts.GetSessionTokenInput{ DurationSeconds: aws.Int64(1), SerialNumber: aws.String("serialNumberType"), TokenCode: aws.String("tokenCodeType"), } resp, err := svc.GetSessionToken(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
func ExampleSTS_GetFederationToken() { svc := sts.New(nil) params := &sts.GetFederationTokenInput{ Name: aws.String("userNameType"), // Required DurationSeconds: aws.Int64(1), Policy: aws.String("sessionPolicyDocumentType"), } resp, err := svc.GetFederationToken(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
func ExampleSTS_AssumeRoleWithSAML() { svc := sts.New(nil) params := &sts.AssumeRoleWithSAMLInput{ PrincipalArn: aws.String("arnType"), // Required RoleArn: aws.String("arnType"), // Required SAMLAssertion: aws.String("SAMLAssertionType"), // Required DurationSeconds: aws.Int64(1), Policy: aws.String("sessionPolicyDocumentType"), } resp, err := svc.AssumeRoleWithSAML(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
func ExampleSTS_AssumeRoleWithWebIdentity() { svc := sts.New(nil) params := &sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String("arnType"), // Required RoleSessionName: aws.String("userNameType"), // Required WebIdentityToken: aws.String("clientTokenType"), // Required DurationSeconds: aws.Int64(1), Policy: aws.String("sessionPolicyDocumentType"), ProviderId: aws.String("urlType"), } resp, err := svc.AssumeRoleWithWebIdentity(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
func ExampleSTS_AssumeRole() { svc := sts.New(nil) params := &sts.AssumeRoleInput{ RoleArn: aws.String("arnType"), // Required RoleSessionName: aws.String("userNameType"), // Required DurationSeconds: aws.Int64(1), ExternalId: aws.String("externalIdType"), Policy: aws.String("sessionPolicyDocumentType"), SerialNumber: aws.String("serialNumberType"), TokenCode: aws.String("tokenCodeType"), } resp, err := svc.AssumeRole(params) if err != nil { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) return } // Pretty-print the response data. fmt.Println(resp) }
package sts_test import ( "testing" "github.com/stretchr/testify/assert" "github.com/upstartmobile/aws-sdk-go/aws" "github.com/upstartmobile/aws-sdk-go/service/sts" ) var svc = sts.New(&aws.Config{ Region: aws.String("mock-region"), }) func TestUnsignedRequest_AssumeRoleWithSAML(t *testing.T) { req, _ := svc.AssumeRoleWithSAMLRequest(&sts.AssumeRoleWithSAMLInput{ PrincipalArn: aws.String("ARN01234567890123456789"), RoleArn: aws.String("ARN01234567890123456789"), SAMLAssertion: aws.String("ASSERT"), }) err := req.Sign() assert.NoError(t, err) assert.Equal(t, "", req.HTTPRequest.Header.Get("Authorization")) } func TestUnsignedRequest_AssumeRoleWithWebIdentity(t *testing.T) { req, _ := svc.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String("ARN01234567890123456789"), RoleSessionName: aws.String("SESSION"), WebIdentityToken: aws.String("TOKEN"),
func TestInterface(t *testing.T) { assert.Implements(t, (*stsiface.STSAPI)(nil), sts.New(nil)) }
func init() { Before("@sts", func() { World["client"] = sts.New(nil) }) }