Add AssumeRoleWithWebIdentity

ex-aws · Oct 16, 2019 · b2ffac6 · b2ffac6
1 parent 9f89d86
commit b2ffac6
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 1 deletion.
diff --git a/lib/ex_aws/sts.ex b/lib/ex_aws/sts.ex
@@ -28,6 +28,28 @@ defmodule ExAws.STS do
     request(:assume_role, params)
   end
 
+  @type assume_role_with_web_identity_opt ::
+          {:duration, pos_integer}
+          | {:provider_id, binary}
+          | {:policy, policy}
+
+  @doc "Assume Role with Web Identity"
+  @spec assume_role_with_web_identity(
+          role_arn :: String.t(),
+          role_session_name :: String.t(),
+          web_identity_token :: String.t(),
+          [assume_role_with_web_identity_opt]
+        ) :: ExAws.Operation.Query.t()
+  def assume_role_with_web_identity(role_arn, role_session_name, web_identity_token, opts \\ []) do
+    params =
+      parse_opts(opts)
+      |> Map.put("RoleArn", role_arn)
+      |> Map.put("RoleSessionName", role_session_name)
+      |> Map.put("WebIdentityToken", web_identity_token)
+
+    request(:assume_role_with_web_identity, params)
+  end
+
   @doc "Decode Authorization Message"
   @spec decode_authorization_message(message :: String.t()) :: ExAws.Operation.Query.t()
   def decode_authorization_message(message) do
@@ -96,5 +118,6 @@ defmodule ExAws.STS do
   defp parse_opt(opts, {:duration, val}), do: Map.put(opts, "DurationSeconds", val)
   defp parse_opt(opts, {:token_code, val}), do: Map.put(opts, "TokenCode", val)
   defp parse_opt(opts, {:serial_number, val}), do: Map.put(opts, "SerialNumber", val)
+  defp parse_opt(opts, {:provider_id, val}), do: Map.put(opts, "ProviderId", val)
   defp parse_opt(opts, {:policy, val}), do: Map.put(opts, "Policy", Poison.encode!(val))
 end
diff --git a/lib/ex_aws/sts/parsers.ex b/lib/ex_aws/sts/parsers.ex
@@ -18,6 +18,24 @@ if Code.ensure_loaded?(SweetXml) do
       {:ok, Map.put(resp, :body, parsed_body)}
     end
 
+    def parse({:ok, %{body: xml} = resp}, :assume_role_with_web_identity) do
+      parsed_body =
+        xml
+        |> SweetXml.xpath(~x"//AssumeRoleWithWebIdentityResponse",
+          access_key_id: ~x"./AssumeRoleWithWebIdentityResult/Credentials/AccessKeyId/text()"s,
+          secret_access_key:
+            ~x"./AssumeRoleWithWebIdentityResult/Credentials/SecretAccessKey/text()"s,
+          session_token: ~x"./AssumeRoleWithWebIdentityResult/Credentials/SessionToken/text()"s,
+          expiration: ~x"./AssumeRoleWithWebIdentityResult/Credentials/Expiration/text()"s,
+          assumed_role_id:
+            ~x"./AssumeRoleWithWebIdentityResult/AssumedRoleUser/AssumedRoleId/text()"s,
+          assumed_role_arn: ~x"./AssumeRoleWithWebIdentityResult/AssumedRoleUser/Arn/text()"s,
+          request_id: request_id_xpath()
+        )
+
+      {:ok, Map.put(resp, :body, parsed_body)}
+    end
+
     def parse({:ok, %{body: xml} = resp}, :get_caller_identity) do
       parsed_body =
         SweetXml.xpath(xml, ~x"//GetCallerIdentityResponse",

diff --git a/mix.lock b/mix.lock
@@ -12,7 +12,7 @@
   "nimble_parsec": {:hex, :nimble_parsec, "0.5.0", "90e2eca3d0266e5c53f8fbe0079694740b9c91b6747f2b7e3c5d21966bba8300", [:mix], [], "hexpm"},
   "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm"},
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm"},
-  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.4", "f0eafff810d2041e93f915ef59899c923f4568f4585904d010387ed74988e77b", [:make, :mix, :rebar3], [], "hexpm"},
+  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.5", "6eaf7ad16cb568bb01753dbbd7a95ff8b91c7979482b95f38443fe2c8852a79b", [:make, :mix, :rebar3], [], "hexpm"},
   "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm"},
   "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm"},
 }
diff --git a/test/lib/sts_test.exs b/test/lib/sts_test.exs
@@ -23,6 +23,23 @@ defmodule ExAws.STSTest do
     assert expected == STS.assume_role(arn, name).params
   end
 
+  test "#assume_role_with_web_identity" do
+    version = "2011-06-15"
+    arn = "1111111/test_role"
+    name = "test role"
+    token = "atoken"
+
+    expected = %{
+      "Action" => "AssumeRoleWithWebIdentity",
+      "RoleSessionName" => name,
+      "RoleArn" => arn,
+      "WebIdentityToken" => token,
+      "Version" => version
+    }
+
+    assert expected == STS.assume_role_with_web_identity(arn, name, token).params
+  end
+
   test "#decode_authorization_message" do
     version = "2011-06-15"
     message = "msgcontent"