mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.6 to 1.18.10. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.6...config/v1.18.10) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
1852e977f8
commit
7d4295b298
10
go.mod
10
go.mod
@ -5,7 +5,7 @@ go 1.19
|
||||
require (
|
||||
github.com/IBM/keyprotect-go-client v0.10.0
|
||||
github.com/aws/aws-sdk-go v1.44.249
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.6
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
|
||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||
// TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag
|
||||
github.com/ceph/go-ceph v0.21.0
|
||||
@ -50,10 +50,10 @@ require (
|
||||
require (
|
||||
github.com/ansel1/merry v1.6.2 // indirect
|
||||
github.com/ansel1/merry/v2 v2.0.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.6 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 // indirect
|
||||
github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
|
||||
github.com/aws/smithy-go v1.13.5 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/blang/semver/v4 v4.0.0 // indirect
|
||||
|
20
go.sum
20
go.sum
@ -157,16 +157,16 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
|
||||
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.44.249 h1:UbUvh/oYHdAD3vZjNi316M0NIupJsrqAcJckVuhaCB8=
|
||||
github.com/aws/aws-sdk-go v1.44.249/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.6 h1:Y773UK7OBqhzi5VDXMi1zVGsoj+CVHs2eaC2bDsLwi0=
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 h1:y+8n9AGDjikyXoMBTRaHHHSaFEB8267ykmvyPodJfys=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 h1:r+Kv+SEJquhAZXaJ7G4u44cIwXV3f8K+N482NNAzJZA=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCHav6viBwiyDns3OXqhqAbGjfIB4uVu2ayhk=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 h1:rIFn5J3yDoeuKCE9sESXqM5POTAhOP1du3bv/qTL+tE=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.6/go.mod h1:48WJ9l3dwP0GSHWGc5sFGGlCkuA82Mc2xnw+T6Q8aDw=
|
||||
github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
|
||||
github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 h1:6UbNM/KJhMBfOI5+lpVcJ/8OA7cBSz0O6OX37SRKlSw=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.18.10/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
|
||||
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
|
||||
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
|
||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package aws
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.17.6"
|
||||
const goModuleVersion = "1.18.0"
|
||||
|
94
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
generated
vendored
Normal file
94
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
generated
vendored
Normal file
@ -0,0 +1,94 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/aws/smithy-go/middleware"
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
const envAwsLambdaFunctionName = "AWS_LAMBDA_FUNCTION_NAME"
|
||||
const envAmznTraceID = "_X_AMZN_TRACE_ID"
|
||||
const amznTraceIDHeader = "X-Amzn-Trace-Id"
|
||||
|
||||
// AddRecursionDetection adds recursionDetection to the middleware stack
|
||||
func AddRecursionDetection(stack *middleware.Stack) error {
|
||||
return stack.Build.Add(&RecursionDetection{}, middleware.After)
|
||||
}
|
||||
|
||||
// RecursionDetection detects Lambda environment and sets its X-Ray trace ID to request header if absent
|
||||
// to avoid recursion invocation in Lambda
|
||||
type RecursionDetection struct{}
|
||||
|
||||
// ID returns the middleware identifier
|
||||
func (m *RecursionDetection) ID() string {
|
||||
return "RecursionDetection"
|
||||
}
|
||||
|
||||
// HandleBuild detects Lambda environment and adds its trace ID to request header if absent
|
||||
func (m *RecursionDetection) HandleBuild(
|
||||
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
|
||||
) (
|
||||
out middleware.BuildOutput, metadata middleware.Metadata, err error,
|
||||
) {
|
||||
req, ok := in.Request.(*smithyhttp.Request)
|
||||
if !ok {
|
||||
return out, metadata, fmt.Errorf("unknown request type %T", req)
|
||||
}
|
||||
|
||||
_, hasLambdaEnv := os.LookupEnv(envAwsLambdaFunctionName)
|
||||
xAmznTraceID, hasTraceID := os.LookupEnv(envAmznTraceID)
|
||||
value := req.Header.Get(amznTraceIDHeader)
|
||||
// only set the X-Amzn-Trace-Id header when it is not set initially, the
|
||||
// current environment is Lambda and the _X_AMZN_TRACE_ID env variable exists
|
||||
if value != "" || !hasLambdaEnv || !hasTraceID {
|
||||
return next.HandleBuild(ctx, in)
|
||||
}
|
||||
|
||||
req.Header.Set(amznTraceIDHeader, percentEncode(xAmznTraceID))
|
||||
return next.HandleBuild(ctx, in)
|
||||
}
|
||||
|
||||
func percentEncode(s string) string {
|
||||
upperhex := "0123456789ABCDEF"
|
||||
hexCount := 0
|
||||
for i := 0; i < len(s); i++ {
|
||||
c := s[i]
|
||||
if shouldEncode(c) {
|
||||
hexCount++
|
||||
}
|
||||
}
|
||||
|
||||
if hexCount == 0 {
|
||||
return s
|
||||
}
|
||||
|
||||
required := len(s) + 2*hexCount
|
||||
t := make([]byte, required)
|
||||
j := 0
|
||||
for i := 0; i < len(s); i++ {
|
||||
if c := s[i]; shouldEncode(c) {
|
||||
t[j] = '%'
|
||||
t[j+1] = upperhex[c>>4]
|
||||
t[j+2] = upperhex[c&15]
|
||||
j += 3
|
||||
} else {
|
||||
t[j] = c
|
||||
j++
|
||||
}
|
||||
}
|
||||
return string(t)
|
||||
}
|
||||
|
||||
func shouldEncode(c byte) bool {
|
||||
if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
|
||||
return false
|
||||
}
|
||||
switch c {
|
||||
case '-', '=', ';', ':', '+', '&', '[', ']', '{', '}', '"', '\'', ',':
|
||||
return false
|
||||
default:
|
||||
return true
|
||||
}
|
||||
}
|
5
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
5
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
generated
vendored
@ -95,8 +95,13 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
|
||||
var timeoutErr interface{ Timeout() bool }
|
||||
var urlErr *url.Error
|
||||
var netOpErr *net.OpError
|
||||
var dnsError *net.DNSError
|
||||
|
||||
switch {
|
||||
case errors.As(err, &dnsError):
|
||||
// NXDOMAIN errors should not be retried
|
||||
retryable = !dnsError.IsNotFound && dnsError.IsTemporary
|
||||
|
||||
case errors.As(err, &conErr) && conErr.ConnectionError():
|
||||
retryable = true
|
||||
|
||||
|
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
generated
vendored
@ -7,6 +7,7 @@ var IgnoredHeaders = Rules{
|
||||
"Authorization": struct{}{},
|
||||
"User-Agent": struct{}{},
|
||||
"X-Amzn-Trace-Id": struct{}{},
|
||||
"Expect": struct{}{},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
@ -1,3 +1,15 @@
|
||||
# v1.1.33 (2023-04-24)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.1.32 (2023-04-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.1.31 (2023-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.1.30 (2023-03-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package configsources
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.1.30"
|
||||
const goModuleVersion = "1.1.33"
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
@ -1,3 +1,15 @@
|
||||
# v2.4.27 (2023-04-24)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.4.26 (2023-04-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.4.25 (2023-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v2.4.24 (2023-03-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package endpoints
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "2.4.24"
|
||||
const goModuleVersion = "2.4.27"
|
||||
|
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
@ -1,3 +1,15 @@
|
||||
# v1.9.27 (2023-04-24)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.9.26 (2023-04-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.9.25 (2023-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.9.24 (2023-03-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
@ -3,4 +3,4 @@
|
||||
package presignedurl
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.9.24"
|
||||
const goModuleVersion = "1.9.27"
|
||||
|
16
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
16
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
@ -1,3 +1,19 @@
|
||||
# v1.18.10 (2023-04-24)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.18.9 (2023-04-10)
|
||||
|
||||
* No change notes available for this release.
|
||||
|
||||
# v1.18.8 (2023-04-07)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.18.7 (2023-03-21)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
||||
# v1.18.6 (2023-03-10)
|
||||
|
||||
* **Dependency Update**: Updated to the latest SDK module versions
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
generated
vendored
@ -117,7 +117,7 @@ type Options struct {
|
||||
Retryer aws.Retryer
|
||||
|
||||
// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
|
||||
// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
|
||||
// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
|
||||
// should not populate this structure programmatically, or rely on the values here
|
||||
// within your applications.
|
||||
RuntimeEnvironment aws.RuntimeEnvironment
|
||||
|
156
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
156
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
generated
vendored
@ -16,16 +16,13 @@ import (
|
||||
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
|
||||
// within your account or for cross-account access. For a comparison of AssumeRole
|
||||
// with other API operations that produce temporary credentials, see Requesting
|
||||
// Temporary Security Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
||||
// AssumeRole can be used to make API calls to any Amazon Web Services service with
|
||||
// the following exception: You cannot call the Amazon Web Services STS
|
||||
// AssumeRole can be used to make API calls to any Amazon Web Services service
|
||||
// with the following exception: You cannot call the Amazon Web Services STS
|
||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
||||
// inline or managed session policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
@ -36,8 +33,7 @@ import (
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. When you create a role, you create two policies: A role
|
||||
// trust policy that specifies who can assume the role and a permissions policy
|
||||
// that specifies what can be done with the role. You specify the trusted principal
|
||||
@ -48,37 +44,29 @@ import (
|
||||
// that access to users in the account. A user who wants to access a role in a
|
||||
// different account must also have permissions that are delegated from the user
|
||||
// account administrator. The administrator must attach a policy that allows the
|
||||
// user to call AssumeRole for the ARN of the role in the other account. To allow a
|
||||
// user to assume a role in the same account, you can do either of the
|
||||
// following:
|
||||
// user to call AssumeRole for the ARN of the role in the other account. To allow
|
||||
// a user to assume a role in the same account, you can do either of the following:
|
||||
//
|
||||
// * Attach a policy to the user that allows the user to call
|
||||
// AssumeRole (as long as the role's trust policy trusts the account).
|
||||
// - Attach a policy to the user that allows the user to call AssumeRole (as long
|
||||
// as the role's trust policy trusts the account).
|
||||
// - Add the user as a principal directly in the role's trust policy.
|
||||
//
|
||||
// * Add the
|
||||
// user as a principal directly in the role's trust policy.
|
||||
//
|
||||
// You can do either
|
||||
// because the role’s trust policy acts as an IAM resource-based policy. When a
|
||||
// resource-based policy grants access to a principal in the same account, no
|
||||
// additional identity-based policy is required. For more information about trust
|
||||
// policies and resource-based policies, see IAM Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the
|
||||
// IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
|
||||
// You can do either because the role’s trust policy acts as an IAM resource-based
|
||||
// policy. When a resource-based policy grants access to a principal in the same
|
||||
// account, no additional identity-based policy is required. For more information
|
||||
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
||||
// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
|
||||
// session. These tags are called session tags. For more information about session
|
||||
// tags, see Passing Session Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. An administrator must grant you the permissions necessary to
|
||||
// pass session tags. The administrator can also create granular permissions to
|
||||
// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
||||
// to pass session tags. The administrator can also create granular permissions to
|
||||
// allow you to pass only specific session tags. For more information, see
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles with
|
||||
// Session Tags
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
|
||||
// multi-factor authentication (MFA) information when you call AssumeRole. This is
|
||||
// multi-factor authentication (MFA) information when you call AssumeRole . This is
|
||||
// useful for cross-account scenarios to ensure that the user that assumes the role
|
||||
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
|
||||
// the trust policy of the role being assumed includes a condition that tests for
|
||||
@ -86,12 +74,11 @@ import (
|
||||
// request to assume the role is denied. The condition in a trust policy that tests
|
||||
// for MFA authentication might look like the following example. "Condition":
|
||||
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
|
||||
// Configuring MFA-Protected API Access
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) in the
|
||||
// IAM User Guide guide. To use MFA with AssumeRole, you pass values for the
|
||||
// SerialNumber and TokenCode parameters. The SerialNumber value identifies the
|
||||
// user's hardware or virtual MFA device. The TokenCode is the time-based one-time
|
||||
// password (TOTP) that the MFA device produces.
|
||||
// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
|
||||
// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
|
||||
// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
|
||||
// the user's hardware or virtual MFA device. The TokenCode is the time-based
|
||||
// one-time password (TOTP) that the MFA device produces.
|
||||
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleInput{}
|
||||
@ -143,16 +130,14 @@ type AssumeRoleInput struct {
|
||||
// maximum session duration setting for your role. However, if you assume a role
|
||||
// using role chaining and provide a DurationSeconds parameter value greater than
|
||||
// one hour, the operation fails. To learn how to view the maximum value for your
|
||||
// role, see View the Maximum Session Duration Setting for a Role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
DurationSeconds *int32
|
||||
|
||||
@ -165,8 +150,7 @@ type AssumeRoleInput struct {
|
||||
// administrator of the trusted account. That way, only someone with the ID can
|
||||
// assume the role, rather than everyone in the account. For more information about
|
||||
// the external ID, see How to Use an External ID When Granting Access to Your
|
||||
// Amazon Web Services Resources to a Third Party
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
|
||||
// Amazon Web Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
@ -181,8 +165,7 @@ type AssumeRoleInput struct {
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
@ -200,9 +183,8 @@ type AssumeRoleInput struct {
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
|
||||
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
|
||||
// the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
@ -214,17 +196,16 @@ type AssumeRoleInput struct {
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
// The identification number of the MFA device that is associated with the user who
|
||||
// is making the AssumeRole call. Specify this value if the trust policy of the
|
||||
// role being assumed includes a condition that requires MFA authentication. The
|
||||
// value is either the serial number for a hardware device (such as GAHT12345678)
|
||||
// or an Amazon Resource Name (ARN) for a virtual device (such as
|
||||
// arn:aws:iam::123456789012:mfa/user). The regex used to validate this parameter
|
||||
// The identification number of the MFA device that is associated with the user
|
||||
// who is making the AssumeRole call. Specify this value if the trust policy of
|
||||
// the role being assumed includes a condition that requires MFA authentication.
|
||||
// The value is either the serial number for a hardware device (such as
|
||||
// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
|
||||
// arn:aws:iam::123456789012:mfa/user ). The regex used to validate this parameter
|
||||
// is a string of characters consisting of upper- and lower-case alphanumeric
|
||||
// characters with no spaces. You can also include underscores or any of the
|
||||
// following characters: =,.@-
|
||||
@ -237,24 +218,21 @@ type AssumeRoleInput struct {
|
||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
||||
// to further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see Monitor
|
||||
// and control actions taken with assumed roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-. You cannot use a value that begins with the text aws:. This prefix is
|
||||
// =,.@-. You cannot use a value that begins with the text aws: . This prefix is
|
||||
// reserved for Amazon Web Services internal use.
|
||||
SourceIdentity *string
|
||||
|
||||
// A list of session tags that you want to pass. Each session tag consists of a key
|
||||
// name and an associated value. For more information about session tags, see
|
||||
// Tagging Amazon Web Services STS Sessions
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. This parameter is optional. You can pass up to 50 session tags.
|
||||
// The plaintext session tag keys can’t exceed 128 characters, and the values can’t
|
||||
// exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// A list of session tags that you want to pass. Each session tag consists of a
|
||||
// key name and an associated value. For more information about session tags, see
|
||||
// Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
||||
// tags. The plaintext session tag keys can’t exceed 128 characters, and the values
|
||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
@ -264,16 +242,15 @@ type AssumeRoleInput struct {
|
||||
// same key as a tag that is already attached to the role. When you do, session
|
||||
// tags override a role tag with the same key. Tag key–value pairs are not case
|
||||
// sensitive, but case is preserved. This means that you cannot have separate
|
||||
// Department and department tag keys. Assume that the role has the
|
||||
// Department=Marketing tag and you pass the department=engineering session tag.
|
||||
// Department and department are not saved as separate tags, and the session tag
|
||||
// passed in the request takes precedence over the role tag. Additionally, if you
|
||||
// used temporary credentials to perform this operation, the new session inherits
|
||||
// any transitive session tags from the calling session. If you pass a session tag
|
||||
// with the same key as an inherited tag, the operation fails. To view the
|
||||
// inherited tags for a session, see the CloudTrail logs. For more information, see
|
||||
// Viewing Session Tags in CloudTrail
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
|
||||
// Department and department tag keys. Assume that the role has the Department =
|
||||
// Marketing tag and you pass the department = engineering session tag. Department
|
||||
// and department are not saved as separate tags, and the session tag passed in
|
||||
// the request takes precedence over the role tag. Additionally, if you used
|
||||
// temporary credentials to perform this operation, the new session inherits any
|
||||
// transitive session tags from the calling session. If you pass a session tag with
|
||||
// the same key as an inherited tag, the operation fails. To view the inherited
|
||||
// tags for a session, see the CloudTrail logs. For more information, see Viewing
|
||||
// Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
|
||||
// in the IAM User Guide.
|
||||
Tags []types.Tag
|
||||
|
||||
@ -285,11 +262,10 @@ type AssumeRoleInput struct {
|
||||
// sequence of six numeric digits.
|
||||
TokenCode *string
|
||||
|
||||
// A list of keys for session tags that you want to set as transitive. If you set a
|
||||
// tag key as transitive, the corresponding key and value passes to subsequent
|
||||
// A list of keys for session tags that you want to set as transitive. If you set
|
||||
// a tag key as transitive, the corresponding key and value passes to subsequent
|
||||
// sessions in a role chain. For more information, see Chaining Roles with Session
|
||||
// Tags
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. This parameter is optional. When you set session tags as
|
||||
// transitive, the session policy and session tags packed binary limit is not
|
||||
// affected. If you choose not to specify a transitive tag key, then no tags are
|
||||
@ -308,7 +284,7 @@ type AssumeRoleOutput struct {
|
||||
// that you can use to refer to the resulting temporary security credentials. For
|
||||
// example, you can reference these credentials as a principal in a resource-based
|
||||
// policy by using the ARN or assumed role ID. The ARN and ID include the
|
||||
// RoleSessionName that you specified when you called AssumeRole.
|
||||
// RoleSessionName that you specified when you called AssumeRole .
|
||||
AssumedRoleUser *types.AssumedRoleUser
|
||||
|
||||
// The temporary security credentials, which include an access key ID, a secret
|
||||
@ -330,8 +306,7 @@ type AssumeRoleOutput struct {
|
||||
// who took actions with a role. You can use the aws:SourceIdentity condition key
|
||||
// to further control access to Amazon Web Services resources based on the value of
|
||||
// source identity. For more information about using source identity, see Monitor
|
||||
// and control actions taken with assumed roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
@ -395,6 +370,9 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
138
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
138
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
generated
vendored
@ -15,10 +15,8 @@ import (
|
||||
// mechanism for tying an enterprise identity store or directory to role-based
|
||||
// Amazon Web Services access without user-specific credentials or configuration.
|
||||
// For a comparison of AssumeRoleWithSAML with the other API operations that
|
||||
// produce temporary credentials, see Requesting Temporary Security Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. The temporary security credentials returned by this
|
||||
// operation consist of an access key ID, a secret access key, and a security
|
||||
// token. Applications can use these temporary security credentials to sign calls
|
||||
@ -31,15 +29,12 @@ import (
|
||||
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
|
||||
// duration setting for the role. This setting can have a value from 1 hour to 12
|
||||
// hours. To learn how to view the maximum value for your role, see View the
|
||||
// Maximum Session Duration Setting for a Role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
||||
// limit does not apply when you use those operations to create a console URL. For
|
||||
// more information, see Using IAM Roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
|
||||
// User Guide. Role chaining
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
|
||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
||||
// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
|
||||
// limits your CLI or Amazon Web Services API role session to a maximum of one
|
||||
// hour. When you use the AssumeRole API operation to assume a role, you can
|
||||
// specify the duration of your role session with the DurationSeconds parameter.
|
||||
@ -50,8 +45,7 @@ import (
|
||||
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
|
||||
// Amazon Web Services service with the following exception: you cannot call the
|
||||
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
|
||||
// pass inline or managed session policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
@ -62,8 +56,7 @@ import (
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
|
||||
// Amazon Web Services security credentials. The identity of the caller is
|
||||
// validated by using keys in the metadata document that is uploaded for the SAML
|
||||
@ -71,16 +64,14 @@ import (
|
||||
// result in an entry in your CloudTrail logs. The entry includes the value in the
|
||||
// NameID element of the SAML assertion. We recommend that you use a NameIDType
|
||||
// that is not associated with any personally identifiable information (PII). For
|
||||
// example, you could instead use the persistent identifier
|
||||
// (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). Tags (Optional) You can
|
||||
// example, you could instead use the persistent identifier (
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
|
||||
// configure your IdP to pass attributes into your SAML assertion as session tags.
|
||||
// Each session tag consists of a key name and an associated value. For more
|
||||
// information about session tags, see Passing Session Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
|
||||
// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
|
||||
// these and additional limits, see IAM and STS Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
@ -91,36 +82,25 @@ import (
|
||||
// override the role's tags with the same key. An administrator must grant you the
|
||||
// permissions necessary to pass session tags. The administrator can also create
|
||||
// granular permissions to allow you to pass only specific session tags. For more
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles with
|
||||
// Session Tags
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. SAML Configuration Before your application can call
|
||||
// AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to
|
||||
// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
|
||||
// issue the claims required by Amazon Web Services. Additionally, you must use
|
||||
// Identity and Access Management (IAM) to create a SAML provider entity in your
|
||||
// Amazon Web Services account that represents your identity provider. You must
|
||||
// also create an IAM role that specifies this SAML provider in its trust policy.
|
||||
// For more information, see the following resources:
|
||||
//
|
||||
// * About SAML 2.0-based
|
||||
// Federation
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// * Creating SAML Identity Providers
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// * Configuring a Relying Party and Claims
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// * Creating a Role for SAML 2.0 Federation
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
|
||||
// in the IAM User Guide.
|
||||
// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
|
||||
// in the IAM User Guide.
|
||||
// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
|
||||
// in the IAM User Guide.
|
||||
// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
|
||||
// in the IAM User Guide.
|
||||
// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
|
||||
// in the IAM User Guide.
|
||||
func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleWithSAMLInput{}
|
||||
@ -150,8 +130,7 @@ type AssumeRoleWithSAMLInput struct {
|
||||
RoleArn *string
|
||||
|
||||
// The base64 encoded SAML authentication response provided by the IdP. For more
|
||||
// information, see Configuring a Relying Party and Adding Claims
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
|
||||
// information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This member is required.
|
||||
@ -166,16 +145,14 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// than this setting, the operation fails. For example, if you specify a session
|
||||
// duration of 12 hours, but your administrator set the maximum session duration to
|
||||
// 6 hours, your operation fails. To learn how to view the maximum value for your
|
||||
// role, see View the Maximum Session Duration Setting for a Role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
DurationSeconds *int32
|
||||
|
||||
@ -187,8 +164,7 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
@ -206,9 +182,8 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
|
||||
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
|
||||
// the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
@ -220,8 +195,7 @@ type AssumeRoleWithSAMLInput struct {
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
@ -251,19 +225,12 @@ type AssumeRoleWithSAMLOutput struct {
|
||||
Issuer *string
|
||||
|
||||
// A hash value based on the concatenation of the following:
|
||||
//
|
||||
// * The Issuer response
|
||||
// value.
|
||||
//
|
||||
// * The Amazon Web Services account ID.
|
||||
//
|
||||
// * The friendly name (the last
|
||||
// part of the ARN) of the SAML provider in IAM.
|
||||
//
|
||||
// The combination of NameQualifier
|
||||
// and Subject can be used to uniquely identify a federated user. The following
|
||||
// pseudocode shows how the hash value is calculated: BASE64 ( SHA1 (
|
||||
// "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
||||
// - The Issuer response value.
|
||||
// - The Amazon Web Services account ID.
|
||||
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
|
||||
// The combination of NameQualifier and Subject can be used to uniquely identify a
|
||||
// federated user. The following pseudocode shows how the hash value is calculated:
|
||||
// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
|
||||
NameQualifier *string
|
||||
|
||||
// A percentage value that indicates the packed size of the session policies and
|
||||
@ -272,20 +239,18 @@ type AssumeRoleWithSAMLOutput struct {
|
||||
// allowed space.
|
||||
PackedPolicySize *int32
|
||||
|
||||
// The value in the SourceIdentity attribute in the SAML assertion. You can require
|
||||
// users to set a source identity value when they assume a role. You do this by
|
||||
// using the sts:SourceIdentity condition key in a role trust policy. That way,
|
||||
// actions that are taken with the role are associated with that user. After the
|
||||
// source identity is set, the value cannot be changed. It is present in the
|
||||
// The value in the SourceIdentity attribute in the SAML assertion. You can
|
||||
// require users to set a source identity value when they assume a role. You do
|
||||
// this by using the sts:SourceIdentity condition key in a role trust policy. That
|
||||
// way, actions that are taken with the role are associated with that user. After
|
||||
// the source identity is set, the value cannot be changed. It is present in the
|
||||
// request for all actions that are taken by the role and persists across chained
|
||||
// role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// sessions. You can configure your SAML identity provider to use an attribute
|
||||
// associated with your users, like user name or email, as the source identity when
|
||||
// calling AssumeRoleWithSAML. You do this by adding an attribute to the SAML
|
||||
// calling AssumeRoleWithSAML . You do this by adding an attribute to the SAML
|
||||
// assertion. For more information about using source identity, see Monitor and
|
||||
// control actions taken with assumed roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
@ -297,10 +262,10 @@ type AssumeRoleWithSAMLOutput struct {
|
||||
|
||||
// The format of the name ID, as defined by the Format attribute in the NameID
|
||||
// element of the SAML assertion. Typical examples of the format are transient or
|
||||
// persistent. If the format includes the prefix
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format, that prefix is removed. For example,
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient. If
|
||||
// the format includes any other prefix, the format is returned with no
|
||||
// persistent . If the format includes the prefix
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format , that prefix is removed. For example,
|
||||
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
|
||||
// If the format includes any other prefix, the format is returned with no
|
||||
// modifications.
|
||||
SubjectType *string
|
||||
|
||||
@ -355,6 +320,9 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithSAML(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
168
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
168
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
generated
vendored
@ -14,19 +14,15 @@ import (
|
||||
// authenticated in a mobile or web application with a web identity provider.
|
||||
// Example providers include the OAuth 2.0 providers Login with Amazon and
|
||||
// Facebook, or any OpenID Connect-compatible identity provider such as Google or
|
||||
// Amazon Cognito federated identities
|
||||
// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
|
||||
// For mobile applications, we recommend that you use Amazon Cognito. You can use
|
||||
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
|
||||
// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
|
||||
// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify a
|
||||
// user. You can also supply the user with a consistent identity throughout the
|
||||
// lifetime of an application. To learn more about Amazon Cognito, see Amazon
|
||||
// Cognito Overview
|
||||
// (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
|
||||
// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
|
||||
// . For mobile applications, we recommend that you use Amazon Cognito. You can use
|
||||
// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
||||
// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
||||
// to uniquely identify a user. You can also supply the user with a consistent
|
||||
// identity throughout the lifetime of an application. To learn more about Amazon
|
||||
// Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
|
||||
// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
|
||||
// Overview
|
||||
// (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
|
||||
// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
|
||||
// in the Amazon Web Services SDK for iOS Developer Guide. Calling
|
||||
// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
|
||||
// security credentials. Therefore, you can distribute an application (for example,
|
||||
@ -36,32 +32,28 @@ import (
|
||||
// Services credentials. Instead, the identity of the caller is validated by using
|
||||
// a token from the web identity provider. For a comparison of
|
||||
// AssumeRoleWithWebIdentity with the other API operations that produce temporary
|
||||
// credentials, see Requesting Temporary Security Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. The temporary security credentials returned by this API
|
||||
// consist of an access key ID, a secret access key, and a security token.
|
||||
// Applications can use these temporary security credentials to sign calls to
|
||||
// Amazon Web Services service API operations. Session Duration By default, the
|
||||
// temporary security credentials created by AssumeRoleWithWebIdentity last for one
|
||||
// hour. However, you can use the optional DurationSeconds parameter to specify the
|
||||
// duration of your session. You can provide a value from 900 seconds (15 minutes)
|
||||
// up to the maximum session duration setting for the role. This setting can have a
|
||||
// value from 1 hour to 12 hours. To learn how to view the maximum value for your
|
||||
// role, see View the Maximum Session Duration Setting for a Role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// temporary security credentials created by AssumeRoleWithWebIdentity last for
|
||||
// one hour. However, you can use the optional DurationSeconds parameter to
|
||||
// specify the duration of your session. You can provide a value from 900 seconds
|
||||
// (15 minutes) up to the maximum session duration setting for the role. This
|
||||
// setting can have a value from 1 hour to 12 hours. To learn how to view the
|
||||
// maximum value for your role, see View the Maximum Session Duration Setting for
|
||||
// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. The maximum session duration limit applies when you use
|
||||
// the AssumeRole* API operations or the assume-role* CLI commands. However the
|
||||
// limit does not apply when you use those operations to create a console URL. For
|
||||
// more information, see Using IAM Roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
|
||||
// User Guide. Permissions The temporary security credentials created by
|
||||
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
|
||||
// in the IAM User Guide. Permissions The temporary security credentials created by
|
||||
// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
|
||||
// Services service with the following exception: you cannot call the STS
|
||||
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
|
||||
// inline or managed session policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
@ -72,17 +64,14 @@ import (
|
||||
// credentials in subsequent Amazon Web Services API calls to access resources in
|
||||
// the account that owns the role. You cannot use session policies to grant more
|
||||
// permissions than those allowed by the identity-based policy of the role that is
|
||||
// being assumed. For more information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
|
||||
// attributes into your web identity token as session tags. Each session tag
|
||||
// consists of a key name and an associated value. For more information about
|
||||
// session tags, see Passing Session Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
|
||||
// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
|
||||
// these and additional limits, see IAM and STS Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
|
||||
// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
|
||||
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
@ -93,52 +82,38 @@ import (
|
||||
// overrides the role tag with the same key. An administrator must grant you the
|
||||
// permissions necessary to pass session tags. The administrator can also create
|
||||
// granular permissions to allow you to pass only specific session tags. For more
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. You can set the session tags as transitive. Transitive
|
||||
// tags persist during role chaining. For more information, see Chaining Roles with
|
||||
// Session Tags
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// tags persist during role chaining. For more information, see Chaining Roles
|
||||
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
|
||||
// in the IAM User Guide. Identities Before your application can call
|
||||
// AssumeRoleWithWebIdentity, you must have an identity token from a supported
|
||||
// AssumeRoleWithWebIdentity , you must have an identity token from a supported
|
||||
// identity provider and create a role that the application can assume. The role
|
||||
// that your application assumes must trust the identity provider that is
|
||||
// associated with the identity token. In other words, the identity provider must
|
||||
// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
|
||||
// result in an entry in your CloudTrail logs. The entry includes the Subject
|
||||
// (http://openid.net/specs/openid-connect-core-1_0.html#Claims) of the provided
|
||||
// web identity token. We recommend that you avoid using any personally
|
||||
// identifiable information (PII) in this field. For example, you could instead use
|
||||
// a GUID or a pairwise identifier, as suggested in the OIDC specification
|
||||
// (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). For more
|
||||
// information about how to use web identity federation and the
|
||||
// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
|
||||
// of the provided web identity token. We recommend that you avoid using any
|
||||
// personally identifiable information (PII) in this field. For example, you could
|
||||
// instead use a GUID or a pairwise identifier, as suggested in the OIDC
|
||||
// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
|
||||
// . For more information about how to use web identity federation and the
|
||||
// AssumeRoleWithWebIdentity API, see the following resources:
|
||||
//
|
||||
// * Using Web
|
||||
// Identity Federation API Operations for Mobile Apps
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
|
||||
// and Federation Through a Web-based Identity Provider
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
|
||||
//
|
||||
// *
|
||||
// Web Identity Federation Playground
|
||||
// (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
|
||||
// Walk through the process of authenticating through Login with Amazon, Facebook,
|
||||
// or Google, getting temporary security credentials, and then using those
|
||||
// credentials to make a request to Amazon Web Services.
|
||||
//
|
||||
// * Amazon Web Services SDK
|
||||
// for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and Amazon Web
|
||||
// Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
|
||||
// These toolkits contain sample apps that show how to invoke the identity
|
||||
// providers. The toolkits then show how to use the information from these
|
||||
// providers to get and use temporary security credentials.
|
||||
//
|
||||
// * Web Identity
|
||||
// Federation with Mobile Applications
|
||||
// (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
|
||||
// This article discusses web identity federation and shows an example of how to
|
||||
// use web identity federation to get access to content in Amazon S3.
|
||||
// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
|
||||
// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// .
|
||||
// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
|
||||
// . Walk through the process of authenticating through Login with Amazon,
|
||||
// Facebook, or Google, getting temporary security credentials, and then using
|
||||
// those credentials to make a request to Amazon Web Services.
|
||||
// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
|
||||
// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
|
||||
// . These toolkits contain sample apps that show how to invoke the identity
|
||||
// providers. The toolkits then show how to use the information from these
|
||||
// providers to get and use temporary security credentials.
|
||||
// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
|
||||
// . This article discusses web identity federation and shows an example of how to
|
||||
// use web identity federation to get access to content in Amazon S3.
|
||||
func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
|
||||
if params == nil {
|
||||
params = &AssumeRoleWithWebIdentityInput{}
|
||||
@ -187,16 +162,14 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// higher than this setting, the operation fails. For example, if you specify a
|
||||
// session duration of 12 hours, but your administrator set the maximum session
|
||||
// duration to 6 hours, your operation fails. To learn how to view the maximum
|
||||
// value for your role, see View the Maximum Session Duration Setting for a Role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// value for your role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
|
||||
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
|
||||
// DurationSeconds parameter is separate from the duration of a console session
|
||||
// that you might request using the returned credentials. The request to the
|
||||
// federation endpoint for a console sign-in token takes a SessionDuration
|
||||
// parameter that specifies the maximum length of the console session. For more
|
||||
// information, see Creating a URL that Enables Federated Users to Access the
|
||||
// Amazon Web Services Management Console
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
|
||||
// in the IAM User Guide.
|
||||
DurationSeconds *int32
|
||||
|
||||
@ -208,8 +181,7 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// access resources in the account that owns the role. You cannot use session
|
||||
// policies to grant more permissions than those allowed by the identity-based
|
||||
// policy of the role that is being assumed. For more information, see Session
|
||||
// Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The plaintext that you use for both inline and managed
|
||||
// session policies can't exceed 2,048 characters. The JSON policy characters can
|
||||
// be any ASCII character from the space character to the end of the valid
|
||||
@ -227,9 +199,8 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// the role. This parameter is optional. You can provide up to 10 managed policy
|
||||
// ARNs. However, the plaintext that you use for both inline and managed session
|
||||
// policies can't exceed 2,048 characters. For more information about ARNs, see
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
|
||||
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
|
||||
// the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
|
||||
// compresses the passed inline session policy, managed policy ARNs, and session
|
||||
// tags into a packed binary format that has a separate limit. Your request can
|
||||
// fail for this limit even if your plaintext meets the other requirements. The
|
||||
@ -241,8 +212,7 @@ type AssumeRoleWithWebIdentityInput struct {
|
||||
// Services API calls to access resources in the account that owns the role. You
|
||||
// cannot use session policies to grant more permissions than those allowed by the
|
||||
// identity-based policy of the role that is being assumed. For more information,
|
||||
// see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide.
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
@ -265,7 +235,7 @@ type AssumeRoleWithWebIdentityOutput struct {
|
||||
// that you can use to refer to the resulting temporary security credentials. For
|
||||
// example, you can reference these credentials as a principal in a resource-based
|
||||
// policy by using the ARN or assumed role ID. The ARN and ID include the
|
||||
// RoleSessionName that you specified when you called AssumeRole.
|
||||
// RoleSessionName that you specified when you called AssumeRole .
|
||||
AssumedRoleUser *types.AssumedRoleUser
|
||||
|
||||
// The intended audience (also known as client ID) of the web identity token. This
|
||||
@ -285,10 +255,10 @@ type AssumeRoleWithWebIdentityOutput struct {
|
||||
// allowed space.
|
||||
PackedPolicySize *int32
|
||||
|
||||
// The issuing authority of the web identity token presented. For OpenID Connect ID
|
||||
// tokens, this contains the value of the iss field. For OAuth 2.0 access tokens,
|
||||
// this contains the value of the ProviderId parameter that was passed in the
|
||||
// AssumeRoleWithWebIdentity request.
|
||||
// The issuing authority of the web identity token presented. For OpenID Connect
|
||||
// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
|
||||
// tokens, this contains the value of the ProviderId parameter that was passed in
|
||||
// the AssumeRoleWithWebIdentity request.
|
||||
Provider *string
|
||||
|
||||
// The value of the source identity that is returned in the JSON web token (JWT)
|
||||
@ -297,17 +267,14 @@ type AssumeRoleWithWebIdentityOutput struct {
|
||||
// key in a role trust policy. That way, actions that are taken with the role are
|
||||
// associated with that user. After the source identity is set, the value cannot be
|
||||
// changed. It is present in the request for all actions that are taken by the role
|
||||
// and persists across chained role
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// and persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
|
||||
// sessions. You can configure your identity provider to use an attribute
|
||||
// associated with your users, like user name or email, as the source identity when
|
||||
// calling AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
|
||||
// token. To learn more about OIDC tokens and claims, see Using Tokens with User
|
||||
// Pools
|
||||
// (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
|
||||
// calling AssumeRoleWithWebIdentity . You do this by adding a claim to the JSON
|
||||
// web token. To learn more about OIDC tokens and claims, see Using Tokens with
|
||||
// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
|
||||
// in the Amazon Cognito Developer Guide. For more information about using source
|
||||
// identity, see Monitor and control actions taken with assumed roles
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
|
||||
// in the IAM User Guide. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
@ -373,6 +340,9 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
35
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
35
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
generated
vendored
@ -22,27 +22,17 @@ import (
|
||||
// encoded because the details of the authorization status can contain privileged
|
||||
// information that the user who requested the operation should not see. To decode
|
||||
// an authorization status message, a user must be granted permissions through an
|
||||
// IAM policy
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to
|
||||
// request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
|
||||
// The decoded message includes the following type of information:
|
||||
//
|
||||
// * Whether the
|
||||
// request was denied due to an explicit deny or due to the absence of an explicit
|
||||
// allow. For more information, see Determining Whether a Request is Allowed or
|
||||
// Denied
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// * The principal who made the request.
|
||||
//
|
||||
// * The requested
|
||||
// action.
|
||||
//
|
||||
// * The requested resource.
|
||||
//
|
||||
// * The values of condition keys in the
|
||||
// context of the user's request.
|
||||
// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
|
||||
// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
|
||||
// action. The decoded message includes the following type of information:
|
||||
// - Whether the request was denied due to an explicit deny or due to the
|
||||
// absence of an explicit allow. For more information, see Determining Whether a
|
||||
// Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
|
||||
// in the IAM User Guide.
|
||||
// - The principal who made the request.
|
||||
// - The requested action.
|
||||
// - The requested resource.
|
||||
// - The values of condition keys in the context of the user's request.
|
||||
func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
|
||||
if params == nil {
|
||||
params = &DecodeAuthorizationMessageInput{}
|
||||
@ -133,6 +123,9 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
16
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
16
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
generated
vendored
@ -11,21 +11,18 @@ import (
|
||||
)
|
||||
|
||||
// Returns the account identifier for the specified access key ID. Access keys
|
||||
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a
|
||||
// secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For
|
||||
// more information about access keys, see Managing Access Keys for IAM Users
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
|
||||
// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
|
||||
// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
|
||||
// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
|
||||
// in the IAM User Guide. When you pass an access key ID to this operation, it
|
||||
// returns the ID of the Amazon Web Services account to which the keys belong.
|
||||
// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
|
||||
// the Amazon Web Services account root user. Access key IDs beginning with ASIA
|
||||
// are temporary credentials that are created using STS operations. If the account
|
||||
// in the response belongs to you, you can sign in as the root user and review your
|
||||
// root user access keys. Then, you can pull a credentials report
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
|
||||
// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
|
||||
// to learn which IAM user owns the keys. To learn who requested the temporary
|
||||
// credentials for an ASIA access key, view the STS events in your CloudTrail logs
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
|
||||
// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
|
||||
// in the IAM User Guide. This operation does not indicate the state of the access
|
||||
// key. The key might be active, inactive, or deleted. Active keys might not have
|
||||
// permissions to perform an operation. Providing a deleted access key might return
|
||||
@ -119,6 +116,9 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAccessKeyInfo(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
15
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
15
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
generated
vendored
@ -15,9 +15,8 @@ import (
|
||||
// administrator adds a policy to your IAM user or role that explicitly denies
|
||||
// access to the sts:GetCallerIdentity action, you can still perform this
|
||||
// operation. Permissions are not required because the same information is returned
|
||||
// when an IAM user or role is denied access. To view an example response, see I Am
|
||||
// Not Authorized to Perform: iam:DeleteVirtualMFADevice
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
|
||||
// when an IAM user or role is denied access. To view an example response, see I
|
||||
// Am Not Authorized to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
|
||||
// in the IAM User Guide.
|
||||
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
|
||||
if params == nil {
|
||||
@ -49,10 +48,9 @@ type GetCallerIdentityOutput struct {
|
||||
// The Amazon Web Services ARN associated with the calling entity.
|
||||
Arn *string
|
||||
|
||||
// The unique identifier of the calling entity. The exact value depends on the type
|
||||
// of entity that is making the call. The values returned are those listed in the
|
||||
// aws:userid column in the Principal table
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
|
||||
// The unique identifier of the calling entity. The exact value depends on the
|
||||
// type of entity that is making the call. The values returned are those listed in
|
||||
// the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
|
||||
// found on the Policy Variables reference page in the IAM User Guide.
|
||||
UserId *string
|
||||
|
||||
@ -110,6 +108,9 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
144
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
144
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
generated
vendored
@ -11,50 +11,41 @@ import (
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
// Returns a set of temporary security credentials (consisting of an access key ID,
|
||||
// a secret access key, and a security token) for a federated user. A typical use
|
||||
// is in a proxy application that gets temporary security credentials on behalf of
|
||||
// distributed applications inside a corporate network. You must call the
|
||||
// Returns a set of temporary security credentials (consisting of an access key
|
||||
// ID, a secret access key, and a security token) for a federated user. A typical
|
||||
// use is in a proxy application that gets temporary security credentials on behalf
|
||||
// of distributed applications inside a corporate network. You must call the
|
||||
// GetFederationToken operation using the long-term security credentials of an IAM
|
||||
// user. As a result, this call is appropriate in contexts where those credentials
|
||||
// can be safely stored, usually in a server-based application. For a comparison of
|
||||
// GetFederationToken with the other API operations that produce temporary
|
||||
// credentials, see Requesting Temporary Security Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
||||
// can authenticate users using a web identity provider like Login with Amazon,
|
||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
||||
// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
|
||||
// Web-based Identity Provider
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// in the IAM User Guide. You can also call GetFederationToken using the security
|
||||
// credentials of an Amazon Web Services account root user, but we do not recommend
|
||||
// it. Instead, we recommend that you create an IAM user for the purpose of the
|
||||
// proxy application. Then attach a policy to the IAM user that limits federated
|
||||
// users to only the actions and resources that they need to access. For more
|
||||
// information, see IAM Best Practices
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the
|
||||
// IAM User Guide. Session duration The temporary credentials are valid for the
|
||||
// specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
|
||||
// information, see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
|
||||
// in the IAM User Guide. Session duration The temporary credentials are valid for
|
||||
// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
|
||||
// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
|
||||
// Temporary credentials obtained by using the Amazon Web Services account root
|
||||
// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
|
||||
// You can use the temporary credentials created by GetFederationToken in any
|
||||
// Amazon Web Services service with the following exceptions:
|
||||
// - You cannot call any IAM operations using the CLI or the Amazon Web Services
|
||||
// API. This limitation does not apply to console sessions.
|
||||
// - You cannot call any STS operations except GetCallerIdentity .
|
||||
//
|
||||
// * You cannot call
|
||||
// any IAM operations using the CLI or the Amazon Web Services API. This limitation
|
||||
// does not apply to console sessions.
|
||||
//
|
||||
// * You cannot call any STS operations except
|
||||
// GetCallerIdentity.
|
||||
//
|
||||
// You can use temporary credentials for single sign-on (SSO)
|
||||
// to the console. You must pass an inline or managed session policy
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// You can use temporary credentials for single sign-on (SSO) to the console. You
|
||||
// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
@ -65,38 +56,33 @@ import (
|
||||
// policies and the session policies that you pass. This gives you a way to further
|
||||
// restrict the permissions for a federated user. You cannot use session policies
|
||||
// to grant more permissions than those that are defined in the permissions policy
|
||||
// of the IAM user. For more information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. For information about using GetFederationToken to create
|
||||
// temporary security credentials, see GetFederationToken—Federation Through a
|
||||
// Custom Identity Broker
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
|
||||
// You can use the credentials to access a resource that has a resource-based
|
||||
// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
|
||||
// . You can use the credentials to access a resource that has a resource-based
|
||||
// policy. If that policy specifically references the federated user session in the
|
||||
// Principal element of the policy, the session has the permissions allowed by the
|
||||
// policy. These permissions are granted in addition to the permissions granted by
|
||||
// the session policies. Tags (Optional) You can pass tag key-value pairs to your
|
||||
// session. These are called session tags. For more information about session tags,
|
||||
// see Passing Session Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. You can create a mobile-based or browser-based app that can
|
||||
// authenticate users using a web identity provider like Login with Amazon,
|
||||
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You can create a mobile-based or browser-based app that
|
||||
// can authenticate users using a web identity provider like Login with Amazon,
|
||||
// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
|
||||
// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
|
||||
// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
|
||||
// Web-based Identity Provider
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
|
||||
// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
|
||||
// in the IAM User Guide. An administrator must grant you the permissions necessary
|
||||
// to pass session tags. The administrator can also create granular permissions to
|
||||
// allow you to pass only specific session tags. For more information, see
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
|
||||
// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
|
||||
// preserved. This means that you cannot have separate Department and department
|
||||
// tag keys. Assume that the user that you are federating has the
|
||||
// Department=Marketing tag and you pass the department=engineering session tag.
|
||||
// Department and department are not saved as separate tags, and the session tag
|
||||
// passed in the request takes precedence over the user tag.
|
||||
// tag keys. Assume that the user that you are federating has the Department =
|
||||
// Marketing tag and you pass the department = engineering session tag. Department
|
||||
// and department are not saved as separate tags, and the session tag passed in
|
||||
// the request takes precedence over the user tag.
|
||||
func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
|
||||
if params == nil {
|
||||
params = &GetFederationTokenInput{}
|
||||
@ -115,26 +101,27 @@ func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTo
|
||||
type GetFederationTokenInput struct {
|
||||
|
||||
// The name of the federated user. The name is used as an identifier for the
|
||||
// temporary security credentials (such as Bob). For example, you can reference the
|
||||
// federated user name in a resource-based policy, such as in an Amazon S3 bucket
|
||||
// policy. The regex used to validate this parameter is a string of characters
|
||||
// consisting of upper- and lower-case alphanumeric characters with no spaces. You
|
||||
// can also include underscores or any of the following characters: =,.@-
|
||||
// temporary security credentials (such as Bob ). For example, you can reference
|
||||
// the federated user name in a resource-based policy, such as in an Amazon S3
|
||||
// bucket policy. The regex used to validate this parameter is a string of
|
||||
// characters consisting of upper- and lower-case alphanumeric characters with no
|
||||
// spaces. You can also include underscores or any of the following characters:
|
||||
// =,.@-
|
||||
//
|
||||
// This member is required.
|
||||
Name *string
|
||||
|
||||
// The duration, in seconds, that the session should last. Acceptable durations for
|
||||
// federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36
|
||||
// hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using
|
||||
// Amazon Web Services account root user credentials are restricted to a maximum of
|
||||
// 3,600 seconds (one hour). If the specified duration is longer than one hour, the
|
||||
// session obtained by using root user credentials defaults to one hour.
|
||||
// The duration, in seconds, that the session should last. Acceptable durations
|
||||
// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
|
||||
// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
|
||||
// using Amazon Web Services account root user credentials are restricted to a
|
||||
// maximum of 3,600 seconds (one hour). If the specified duration is longer than
|
||||
// one hour, the session obtained by using root user credentials defaults to one
|
||||
// hour.
|
||||
DurationSeconds *int32
|
||||
|
||||
// An IAM policy in JSON format that you want to use as an inline session policy.
|
||||
// You must pass an inline or managed session policy
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. This parameter is
|
||||
@ -144,8 +131,7 @@ type GetFederationTokenInput struct {
|
||||
// session policies that you pass. This gives you a way to further restrict the
|
||||
// permissions for a federated user. You cannot use session policies to grant more
|
||||
// permissions than those that are defined in the permissions policy of the IAM
|
||||
// user. For more information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
||||
// resource that has a resource-based policy. If that policy specifically
|
||||
// references the federated user session in the Principal element of the policy,
|
||||
@ -166,24 +152,21 @@ type GetFederationTokenInput struct {
|
||||
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
|
||||
// use as a managed session policy. The policies must exist in the same account as
|
||||
// the IAM user that is requesting federated access. You must pass an inline or
|
||||
// managed session policy
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// to this operation. You can pass a single JSON policy document to use as an
|
||||
// inline session policy. You can also specify up to 10 managed policy Amazon
|
||||
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
|
||||
// use for both inline and managed session policies can't exceed 2,048 characters.
|
||||
// You can provide up to 10 managed policy ARNs. For more information about ARNs,
|
||||
// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
|
||||
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
|
||||
// the Amazon Web Services General Reference. This parameter is optional. However,
|
||||
// if you do not pass any session policies, then the resulting federated user
|
||||
// session has no permissions. When you pass session policies, the session
|
||||
// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference. This parameter is optional.
|
||||
// However, if you do not pass any session policies, then the resulting federated
|
||||
// user session has no permissions. When you pass session policies, the session
|
||||
// permissions are the intersection of the IAM user policies and the session
|
||||
// policies that you pass. This gives you a way to further restrict the permissions
|
||||
// for a federated user. You cannot use session policies to grant more permissions
|
||||
// than those that are defined in the permissions policy of the IAM user. For more
|
||||
// information, see Session Policies
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
|
||||
// in the IAM User Guide. The resulting credentials can be used to access a
|
||||
// resource that has a resource-based policy. If that policy specifically
|
||||
// references the federated user session in the Principal element of the policy,
|
||||
@ -192,20 +175,18 @@ type GetFederationTokenInput struct {
|
||||
// An Amazon Web Services conversion compresses the passed inline session policy,
|
||||
// managed policy ARNs, and session tags into a packed binary format that has a
|
||||
// separate limit. Your request can fail for this limit even if your plaintext
|
||||
// meets the other requirements. The PackedPolicySize response element indicates by
|
||||
// percentage how close the policies and tags for your request are to the upper
|
||||
// meets the other requirements. The PackedPolicySize response element indicates
|
||||
// by percentage how close the policies and tags for your request are to the upper
|
||||
// size limit.
|
||||
PolicyArns []types.PolicyDescriptorType
|
||||
|
||||
// A list of session tags. Each session tag consists of a key name and an
|
||||
// associated value. For more information about session tags, see Passing Session
|
||||
// Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. This parameter is optional. You can pass up to 50 session tags.
|
||||
// The plaintext session tag keys can’t exceed 128 characters and the values can’t
|
||||
// exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
|
||||
// tags. The plaintext session tag keys can’t exceed 128 characters and the values
|
||||
// can’t exceed 256 characters. For these and additional limits, see IAM and STS
|
||||
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
|
||||
// inline session policy, managed policy ARNs, and session tags into a packed
|
||||
// binary format that has a separate limit. Your request can fail for this limit
|
||||
@ -216,9 +197,9 @@ type GetFederationTokenInput struct {
|
||||
// you do, session tags override a user tag with the same key. Tag key–value pairs
|
||||
// are not case sensitive, but case is preserved. This means that you cannot have
|
||||
// separate Department and department tag keys. Assume that the role has the
|
||||
// Department=Marketing tag and you pass the department=engineering session tag.
|
||||
// Department and department are not saved as separate tags, and the session tag
|
||||
// passed in the request takes precedence over the role tag.
|
||||
// Department = Marketing tag and you pass the department = engineering session
|
||||
// tag. Department and department are not saved as separate tags, and the session
|
||||
// tag passed in the request takes precedence over the role tag.
|
||||
Tags []types.Tag
|
||||
|
||||
noSmithyDocumentSerde
|
||||
@ -236,7 +217,7 @@ type GetFederationTokenOutput struct {
|
||||
Credentials *types.Credentials
|
||||
|
||||
// Identifiers for the federated user associated with the credentials (such as
|
||||
// arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob). You can use
|
||||
// arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob ). You can use
|
||||
// the federated user's ARN in your resource-based policies, such as an Amazon S3
|
||||
// bucket policy.
|
||||
FederatedUser *types.FederatedUser
|
||||
@ -304,6 +285,9 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetFederationToken(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
75
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
75
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
generated
vendored
@ -11,26 +11,23 @@ import (
|
||||
smithyhttp "github.com/aws/smithy-go/transport/http"
|
||||
)
|
||||
|
||||
// Returns a set of temporary credentials for an Amazon Web Services account or IAM
|
||||
// user. The credentials consist of an access key ID, a secret access key, and a
|
||||
// security token. Typically, you use GetSessionToken if you want to use MFA to
|
||||
// Returns a set of temporary credentials for an Amazon Web Services account or
|
||||
// IAM user. The credentials consist of an access key ID, a secret access key, and
|
||||
// a security token. Typically, you use GetSessionToken if you want to use MFA to
|
||||
// protect programmatic calls to specific Amazon Web Services API operations like
|
||||
// Amazon EC2 StopInstances. MFA-enabled IAM users would need to call
|
||||
// Amazon EC2 StopInstances . MFA-enabled IAM users would need to call
|
||||
// GetSessionToken and submit an MFA code that is associated with their MFA device.
|
||||
// Using the temporary security credentials that are returned from the call, IAM
|
||||
// users can then make programmatic calls to API operations that require MFA
|
||||
// authentication. If you do not supply a correct MFA code, then the API returns an
|
||||
// access denied error. For a comparison of GetSessionToken with the other API
|
||||
// operations that produce temporary credentials, see Requesting Temporary Security
|
||||
// Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// operations that produce temporary credentials, see Requesting Temporary
|
||||
// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
|
||||
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
|
||||
// in the IAM User Guide. No permissions are required for users to perform this
|
||||
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
|
||||
// the user using MFA. You cannot use policies to control authentication
|
||||
// operations. For more information, see Permissions for GetSessionToken
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
|
||||
// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
|
||||
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
|
||||
// called by using the long-term Amazon Web Services security credentials of the
|
||||
// Amazon Web Services account root user or an IAM user. Credentials that are
|
||||
@ -41,18 +38,12 @@ import (
|
||||
// (1 hour), with a default of 1 hour. Permissions The temporary security
|
||||
// credentials created by GetSessionToken can be used to make API calls to any
|
||||
// Amazon Web Services service with the following exceptions:
|
||||
// - You cannot call any IAM API operations unless MFA authentication
|
||||
// information is included in the request.
|
||||
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
|
||||
//
|
||||
// * You cannot call
|
||||
// any IAM API operations unless MFA authentication information is included in the
|
||||
// request.
|
||||
//
|
||||
// * You cannot call any STS API except AssumeRole or
|
||||
// GetCallerIdentity.
|
||||
//
|
||||
// We recommend that you do not call GetSessionToken with
|
||||
// Amazon Web Services account root user credentials. Instead, follow our best
|
||||
// practices
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
|
||||
// We recommend that you do not call GetSessionToken with Amazon Web Services
|
||||
// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
|
||||
// by creating one or more IAM users, giving them the necessary permissions, and
|
||||
// using IAM users for everyday interaction with Amazon Web Services. The
|
||||
// credentials that are returned by GetSessionToken are based on permissions
|
||||
@ -62,8 +53,7 @@ import (
|
||||
// GetSessionToken is called using the credentials of an IAM user, the temporary
|
||||
// credentials have the same permissions as the IAM user. For more information
|
||||
// about using GetSessionToken to create temporary credentials, go to Temporary
|
||||
// Credentials for Users in Untrusted Environments
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
|
||||
// Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
|
||||
// in the IAM User Guide.
|
||||
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
|
||||
if params == nil {
|
||||
@ -90,25 +80,25 @@ type GetSessionTokenInput struct {
|
||||
// Services account owners defaults to one hour.
|
||||
DurationSeconds *int32
|
||||
|
||||
// The identification number of the MFA device that is associated with the IAM user
|
||||
// who is making the GetSessionToken call. Specify this value if the IAM user has a
|
||||
// policy that requires MFA authentication. The value is either the serial number
|
||||
// for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN)
|
||||
// for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find
|
||||
// the device for an IAM user by going to the Amazon Web Services Management
|
||||
// Console and viewing the user's security credentials. The regex used to validate
|
||||
// this parameter is a string of characters consisting of upper- and lower-case
|
||||
// alphanumeric characters with no spaces. You can also include underscores or any
|
||||
// of the following characters: =,.@:/-
|
||||
// The identification number of the MFA device that is associated with the IAM
|
||||
// user who is making the GetSessionToken call. Specify this value if the IAM user
|
||||
// has a policy that requires MFA authentication. The value is either the serial
|
||||
// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
|
||||
// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
|
||||
// can find the device for an IAM user by going to the Amazon Web Services
|
||||
// Management Console and viewing the user's security credentials. The regex used
|
||||
// to validate this parameter is a string of characters consisting of upper- and
|
||||
// lower-case alphanumeric characters with no spaces. You can also include
|
||||
// underscores or any of the following characters: =,.@:/-
|
||||
SerialNumber *string
|
||||
|
||||
// The value provided by the MFA device, if MFA is required. If any policy requires
|
||||
// the IAM user to submit an MFA code, specify this value. If MFA authentication is
|
||||
// required, the user must provide a code when requesting a set of temporary
|
||||
// security credentials. A user who fails to provide the code receives an "access
|
||||
// denied" response when requesting resources that require MFA authentication. The
|
||||
// format for this parameter, as described by its regex pattern, is a sequence of
|
||||
// six numeric digits.
|
||||
// The value provided by the MFA device, if MFA is required. If any policy
|
||||
// requires the IAM user to submit an MFA code, specify this value. If MFA
|
||||
// authentication is required, the user must provide a code when requesting a set
|
||||
// of temporary security credentials. A user who fails to provide the code receives
|
||||
// an "access denied" response when requesting resources that require MFA
|
||||
// authentication. The format for this parameter, as described by its regex
|
||||
// pattern, is a sequence of six numeric digits.
|
||||
TokenCode *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
@ -179,6 +169,9 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
|
||||
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
||||
return err
|
||||
}
|
||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
generated
vendored
@ -7,6 +7,6 @@
|
||||
// temporary, limited-privilege credentials for Identity and Access Management
|
||||
// (IAM) users or for users that you authenticate (federated users). This guide
|
||||
// provides descriptions of the STS API. For more information about using this
|
||||
// service, see Temporary Security Credentials
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
|
||||
// service, see Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
|
||||
// .
|
||||
package sts
|
||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
||||
package sts
|
||||
|
||||
// goModuleVersion is the tagged release for this module
|
||||
const goModuleVersion = "1.18.6"
|
||||
const goModuleVersion = "1.18.10"
|
||||
|
19
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
generated
vendored
19
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
generated
vendored
@ -183,12 +183,10 @@ func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { retu
|
||||
// compresses the session policy document, session policy ARNs, and session tags
|
||||
// into a packed binary format that has a separate limit. The error message
|
||||
// indicates by percentage how close the policies and tags are to the upper size
|
||||
// limit. For more information, see Passing Session Tags in STS
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide. You could receive this error even though you meet other defined
|
||||
// session policy and session tag limits. For more information, see IAM and STS
|
||||
// Entity Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
|
||||
// limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide. You could receive this error even though you meet other
|
||||
// defined session policy and session tag limits. For more information, see IAM
|
||||
// and STS Entity Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide.
|
||||
type PackedPolicyTooLargeException struct {
|
||||
Message *string
|
||||
@ -215,11 +213,10 @@ func (e *PackedPolicyTooLargeException) ErrorCode() string {
|
||||
}
|
||||
func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
|
||||
|
||||
// STS is not activated in the requested region for the account that is being asked
|
||||
// to generate credentials. The account administrator must use the IAM console to
|
||||
// activate STS in that region. For more information, see Activating and
|
||||
// Deactivating Amazon Web Services STS in an Amazon Web Services Region
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
|
||||
// STS is not activated in the requested region for the account that is being
|
||||
// asked to generate credentials. The account administrator must use the IAM
|
||||
// console to activate STS in that region. For more information, see Activating
|
||||
// and Deactivating Amazon Web Services STS in an Amazon Web Services Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
|
||||
// in the IAM User Guide.
|
||||
type RegionDisabledException struct {
|
||||
Message *string
|
||||
|
32
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
generated
vendored
32
vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
generated
vendored
@ -13,9 +13,8 @@ type AssumedRoleUser struct {
|
||||
|
||||
// The ARN of the temporary security credentials that are returned from the
|
||||
// AssumeRole action. For more information about ARNs and how to use them in
|
||||
// policies, see IAM Identifiers
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
|
||||
// the IAM User Guide.
|
||||
// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This member is required.
|
||||
Arn *string
|
||||
@ -62,9 +61,8 @@ type FederatedUser struct {
|
||||
|
||||
// The ARN that specifies the federated user that is associated with the
|
||||
// credentials. For more information about ARNs and how to use them in policies,
|
||||
// see IAM Identifiers
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
|
||||
// the IAM User Guide.
|
||||
// see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This member is required.
|
||||
Arn *string
|
||||
@ -84,26 +82,23 @@ type PolicyDescriptorType struct {
|
||||
|
||||
// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
|
||||
// policy for the role. For more information about ARNs, see Amazon Resource Names
|
||||
// (ARNs) and Amazon Web Services Service Namespaces
|
||||
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
|
||||
// the Amazon Web Services General Reference.
|
||||
// (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
|
||||
// in the Amazon Web Services General Reference.
|
||||
Arn *string
|
||||
|
||||
noSmithyDocumentSerde
|
||||
}
|
||||
|
||||
// You can pass custom key-value pair attributes when you assume a role or federate
|
||||
// a user. These are called session tags. You can then use the session tags to
|
||||
// control access to resources. For more information, see Tagging Amazon Web
|
||||
// Services STS Sessions
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
|
||||
// IAM User Guide.
|
||||
// You can pass custom key-value pair attributes when you assume a role or
|
||||
// federate a user. These are called session tags. You can then use the session
|
||||
// tags to control access to resources. For more information, see Tagging Amazon
|
||||
// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
|
||||
// in the IAM User Guide.
|
||||
type Tag struct {
|
||||
|
||||
// The key for a session tag. You can pass up to 50 session tags. The plain text
|
||||
// session tag keys can’t exceed 128 characters. For these and additional limits,
|
||||
// see IAM and STS Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This member is required.
|
||||
@ -111,8 +106,7 @@ type Tag struct {
|
||||
|
||||
// The value for a session tag. You can pass up to 50 session tags. The plain text
|
||||
// session tag values can’t exceed 256 characters. For these and additional limits,
|
||||
// see IAM and STS Character Limits
|
||||
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
|
||||
// in the IAM User Guide.
|
||||
//
|
||||
// This member is required.
|
||||
|
10
vendor/modules.txt
vendored
10
vendor/modules.txt
vendored
@ -53,7 +53,7 @@ github.com/aws/aws-sdk-go/service/sso
|
||||
github.com/aws/aws-sdk-go/service/sso/ssoiface
|
||||
github.com/aws/aws-sdk-go/service/sts
|
||||
github.com/aws/aws-sdk-go/service/sts/stsiface
|
||||
# github.com/aws/aws-sdk-go-v2 v1.17.6
|
||||
# github.com/aws/aws-sdk-go-v2 v1.18.0
|
||||
## explicit; go 1.15
|
||||
github.com/aws/aws-sdk-go-v2/aws
|
||||
github.com/aws/aws-sdk-go-v2/aws/defaults
|
||||
@ -70,16 +70,16 @@ github.com/aws/aws-sdk-go-v2/internal/sdk
|
||||
github.com/aws/aws-sdk-go-v2/internal/strings
|
||||
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
|
||||
github.com/aws/aws-sdk-go-v2/internal/timeconv
|
||||
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30
|
||||
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33
|
||||
## explicit; go 1.15
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources
|
||||
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24
|
||||
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27
|
||||
## explicit; go 1.15
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
|
||||
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24
|
||||
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27
|
||||
## explicit; go 1.15
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
|
||||
# github.com/aws/aws-sdk-go-v2/service/sts v1.18.6
|
||||
# github.com/aws/aws-sdk-go-v2/service/sts v1.18.10
|
||||
## explicit; go 1.15
|
||||
github.com/aws/aws-sdk-go-v2/service/sts
|
||||
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
|
||||
|
Loading…
Reference in New Issue
Block a user