// NewCredentials returns a pointer to a new Credentials object wrapping the // AssumeRoleProvider. The credentials will expire every 15 minutes and the // role will be named after a nanosecond timestamp of this operation. // // The sts and roleARN parameters are used for building the "AssumeRole" call. // Pass nil as sts to use the default client. // // Window is the expiry window that will be subtracted from the expiry returned // by the role credential request. This is done so that the credentials will // expire sooner than their actual lifespan. func NewCredentials(client AssumeRoler, roleARN string, window time.Duration) *credentials.Credentials { return credentials.NewCredentials(&AssumeRoleProvider{ Client: client, RoleARN: roleARN, ExpiryWindow: window, }) }
func TestPreResignRequestExpiredCreds(t *testing.T) { provider := &credentials.StaticProvider{credentials.Value{"AKID", "SECRET", "SESSION"}} creds := credentials.NewCredentials(provider) r := aws.NewRequest( aws.NewService(&aws.Config{Credentials: creds}), &aws.Operation{ Name: "BatchGetItem", HTTPMethod: "POST", HTTPPath: "/", }, nil, nil, ) r.ExpireTime = time.Minute * 10 Sign(r) querySig := r.HTTPRequest.URL.Query().Get("X-Amz-Signature") creds.Expire() r.Time = time.Now().Add(time.Hour * 48) Sign(r) assert.NotEqual(t, querySig, r.HTTPRequest.URL.Query().Get("X-Amz-Signature")) }