Skip to content

Commit

Permalink
Support External Id and Session Token (#1887)
Browse files Browse the repository at this point in the history
  • Loading branch information
ekristen authored Oct 11, 2023
1 parent e783c9b commit 4c868ef
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion pkg/credentials/assume_role.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,16 @@ type STSAssumeRoleOptions struct {
AccessKey string
SecretKey string

Policy string // Optional to assign a policy to the assumed role
SessionToken string // Optional if the first request is made with temporary credentials.
Policy string // Optional to assign a policy to the assumed role

Location string // Optional commonly needed with AWS STS.
DurationSeconds int // Optional defaults to 1 hour.

// Optional only valid if using with AWS STS
RoleARN string
RoleSessionName string
ExternalID string
}

// NewSTSAssumeRole returns a pointer to a new
Expand Down Expand Up @@ -161,6 +163,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume
if opts.Policy != "" {
v.Set("Policy", opts.Policy)
}
if opts.ExternalID != "" {
v.Set("ExternalId", opts.ExternalID)
}

u, err := url.Parse(endpoint)
if err != nil {
Expand All @@ -181,6 +186,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(hash.Sum(nil)))
if opts.SessionToken != "" {
req.Header.Set("X-Amz-Security-Token", opts.SessionToken)
}
req = signer.SignV4STS(*req, opts.AccessKey, opts.SecretKey, opts.Location)

resp, err := clnt.Do(req)
Expand Down

0 comments on commit 4c868ef

Please sign in to comment.