rebase: bump github.com/aws/aws-sdk-go-v2/service/sts

Bumps the github-dependencies group with 1 update: [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.32.4 to 1.33.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.33.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.4...service/s3/v1.33.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2024-11-18 20:23:55 +00:00 committed by mergify[bot]
parent d457840d21
commit ecb62d6462
28 changed files with 692 additions and 99 deletions

14
go.mod
View File

@ -5,7 +5,7 @@ go 1.22.7
require ( require (
github.com/IBM/keyprotect-go-client v0.15.1 github.com/IBM/keyprotect-go-client v0.15.1
github.com/aws/aws-sdk-go v1.55.5 github.com/aws/aws-sdk-go v1.55.5
github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 github.com/aws/aws-sdk-go-v2/service/sts v1.33.1
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
github.com/ceph/go-ceph v0.30.1-0.20241102143109-75d1af3ed638 github.com/ceph/go-ceph v0.30.1-0.20241102143109-75d1af3ed638
github.com/container-storage-interface/spec v1.10.0 github.com/container-storage-interface/spec v1.10.0
@ -60,12 +60,12 @@ require (
github.com/ansel1/merry/v2 v2.0.1 // indirect github.com/ansel1/merry/v2 v2.0.1 // indirect
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
github.com/aws/aws-sdk-go-v2 v1.32.4 // indirect github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
github.com/aws/smithy-go v1.22.0 // indirect github.com/aws/smithy-go v1.22.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect

28
go.sum
View File

@ -1411,20 +1411,20 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.32.4 h1:S13INUiTxgrPueTmrm5DZ+MiAo99zYzHEFh1UNkOxNE= github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo=
github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 h1:A2w6m6Tmr+BNXjDsr7M90zkWjsu4JXHwrzPg235STs4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23/go.mod h1:35EVp9wyeANdujZruvHiQUAo9E3vbhnIO1mTCAxMlY0= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 h1:pgYW9FCabt2M25MoHYCfMrVY2ghiiBKYWUVXfwZs+sU= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23/go.mod h1:c48kLgzO19wAu3CPkDWC28JbaJ+hfQlsdl7I2+oqIbk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 h1:yDxvkz3/uOKfxnv8YhzOi9m+2OGIxF+on3KOISbK5IU= github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.4/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8= github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg=
github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM= github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=

View File

@ -3,4 +3,4 @@
package aws package aws
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.32.4" const goModuleVersion = "1.32.5"

View File

@ -1,3 +1,8 @@
# v1.3.24 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.23 (2024-11-06) # v1.3.23 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions * **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package configsources package configsources
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.3.23" const goModuleVersion = "1.3.24"

View File

@ -1,3 +1,8 @@
# v2.6.24 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.23 (2024-11-06) # v2.6.23 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions * **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package endpoints package endpoints
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "2.6.23" const goModuleVersion = "2.6.24"

View File

@ -1,3 +1,7 @@
# v1.12.1 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
# v1.12.0 (2024-10-04) # v1.12.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics. * **Feature**: Add support for HTTP client metrics.

View File

@ -3,4 +3,4 @@
package acceptencoding package acceptencoding
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.12.0" const goModuleVersion = "1.12.1"

View File

@ -1,3 +1,8 @@
# v1.12.5 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.4 (2024-11-06) # v1.12.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions * **Dependency Update**: Updated to the latest SDK module versions

View File

@ -3,4 +3,4 @@
package presignedurl package presignedurl
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.12.4" const goModuleVersion = "1.12.5"

View File

@ -1,3 +1,12 @@
# v1.33.1 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.0 (2024-11-14)
* **Feature**: This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.
# v1.32.4 (2024-11-06) # v1.32.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions * **Dependency Update**: Updated to the latest SDK module versions

View File

@ -16,7 +16,7 @@ import (
// Amazon Web Services resources. These temporary credentials consist of an access // Amazon Web Services resources. These temporary credentials consist of an access
// key ID, a secret access key, and a security token. Typically, you use AssumeRole // key ID, a secret access key, and a security token. Typically, you use AssumeRole
// within your account or for cross-account access. For a comparison of AssumeRole // within your account or for cross-account access. For a comparison of AssumeRole
// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the // with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the
// IAM User Guide. // IAM User Guide.
// //
// # Permissions // # Permissions
@ -26,16 +26,16 @@ import (
// cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken // cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
// API operations. // API operations.
// //
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a // (Optional) You can pass inline or managed session policies to this operation.
// single JSON policy document to use as an inline session policy. You can also // You can pass a single JSON policy document to use as an inline session policy.
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed // You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use
// session policies. The plaintext that you use for both inline and managed session // as managed session policies. The plaintext that you use for both inline and
// policies can't exceed 2,048 characters. Passing policies to this operation // managed session policies can't exceed 2,048 characters. Passing policies to this
// returns new temporary credentials. The resulting session's permissions are the // operation returns new temporary credentials. The resulting session's permissions
// intersection of the role's identity-based policy and the session policies. You // are the intersection of the role's identity-based policy and the session
// can use the role's temporary credentials in subsequent Amazon Web Services API // policies. You can use the role's temporary credentials in subsequent Amazon Web
// calls to access resources in the account that owns the role. You cannot use // Services API calls to access resources in the account that owns the role. You
// session policies to grant more permissions than those allowed by the // cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information, // identity-based policy of the role that is being assumed. For more information,
// see [Session Policies]in the IAM User Guide. // see [Session Policies]in the IAM User Guide.
// //
@ -104,10 +104,9 @@ import (
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html // [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) { func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
if params == nil { if params == nil {
@ -141,10 +140,18 @@ type AssumeRoleInput struct {
// the temporary security credentials will expose the role session name to the // the temporary security credentials will expose the role session name to the
// external account in their CloudTrail logs. // external account in their CloudTrail logs.
// //
// For security purposes, administrators can view this field in [CloudTrail logs] to help identify
// who performed an action in Amazon Web Services. Your administrator might require
// that you specify your user name as the session name when you assume the role.
// For more information, see [sts:RoleSessionName]sts:RoleSessionName .
//
// The regex used to validate this parameter is a string of characters consisting // The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also // of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@- // include underscores or any of the following characters: =,.@-
// //
// [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
// [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
//
// This member is required. // This member is required.
RoleSessionName *string RoleSessionName *string
@ -163,7 +170,7 @@ type AssumeRoleInput struct {
// 43200 seconds (12 hours), depending on the maximum session duration setting for // 43200 seconds (12 hours), depending on the maximum session duration setting for
// your role. However, if you assume a role using role chaining and provide a // your role. However, if you assume a role using role chaining and provide a
// DurationSeconds parameter value greater than one hour, the operation fails. To // DurationSeconds parameter value greater than one hour, the operation fails. To
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. // learn how to view the maximum value for your role, see [Update the maximum session duration for a role].
// //
// By default, the value is set to 3600 seconds. // By default, the value is set to 3600 seconds.
// //
@ -173,7 +180,7 @@ type AssumeRoleInput struct {
// parameter that specifies the maximum length of the console session. For more // parameter that specifies the maximum length of the console session. For more
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide. // information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
// //
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session // [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html // [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
DurationSeconds *int32 DurationSeconds *int32
@ -218,7 +225,10 @@ type AssumeRoleInput struct {
// by percentage how close the policies and tags for your request are to the upper // by percentage how close the policies and tags for your request are to the upper
// size limit. // size limit.
// //
// For more information about role session permissions, see [Session policies].
//
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy *string Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -273,10 +283,10 @@ type AssumeRoleInput struct {
SerialNumber *string SerialNumber *string
// The source identity specified by the principal that is calling the AssumeRole // The source identity specified by the principal that is calling the AssumeRole
// operation. // operation. The source identity value persists across [chained role]sessions.
// //
// You can require users to specify a source identity when they assume a role. You // You can require users to specify a source identity when they assume a role. You
// do this by using the sts:SourceIdentity condition key in a role trust policy. // do this by using the [sts:SourceIdentity]sts:SourceIdentity condition key in a role trust policy.
// You can use source identity information in CloudTrail logs to determine who took // You can use source identity information in CloudTrail logs to determine who took
// actions with a role. You can use the aws:SourceIdentity condition key to // actions with a role. You can use the aws:SourceIdentity condition key to
// further control access to Amazon Web Services resources based on the value of // further control access to Amazon Web Services resources based on the value of
@ -289,7 +299,9 @@ type AssumeRoleInput struct {
// value that begins with the text aws: . This prefix is reserved for Amazon Web // value that begins with the text aws: . This prefix is reserved for Amazon Web
// Services internal use. // Services internal use.
// //
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
// [sts:SourceIdentity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity
SourceIdentity *string SourceIdentity *string
// A list of session tags that you want to pass. Each session tag consists of a // A list of session tags that you want to pass. Each session tag consists of a
@ -342,8 +354,8 @@ type AssumeRoleInput struct {
// a tag key as transitive, the corresponding key and value passes to subsequent // a tag key as transitive, the corresponding key and value passes to subsequent
// sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide. // sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
// //
// This parameter is optional. When you set session tags as transitive, the // This parameter is optional. The transitive status of a session tag does not
// session policy and session tags packed binary limit is not affected. // impact its packed binary size.
// //
// If you choose not to specify a transitive tag key, then no tags are passed from // If you choose not to specify a transitive tag key, then no tags are passed from
// this session to any subsequent sessions. // this session to any subsequent sessions.

View File

@ -16,7 +16,7 @@ import (
// mechanism for tying an enterprise identity store or directory to role-based // mechanism for tying an enterprise identity store or directory to role-based
// Amazon Web Services access without user-specific credentials or configuration. // Amazon Web Services access without user-specific credentials or configuration.
// For a comparison of AssumeRoleWithSAML with the other API operations that // For a comparison of AssumeRoleWithSAML with the other API operations that
// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. // produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide.
// //
// The temporary security credentials returned by this operation consist of an // The temporary security credentials returned by this operation consist of an
// access key ID, a secret access key, and a security token. Applications can use // access key ID, a secret access key, and a security token. Applications can use
@ -130,10 +130,10 @@ import (
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session // [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
// [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html // [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length // [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
// [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html // [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
// [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html // [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
// [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining // [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining
@ -219,6 +219,8 @@ type AssumeRoleWithSAMLInput struct {
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters. // return (\u000D) characters.
// //
// For more information about role session permissions, see [Session policies].
//
// An Amazon Web Services conversion compresses the passed inline session policy, // An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a // managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext // separate limit. Your request can fail for this limit even if your plaintext
@ -227,6 +229,7 @@ type AssumeRoleWithSAMLInput struct {
// size limit. // size limit.
// //
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy *string Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -304,7 +307,8 @@ type AssumeRoleWithSAMLOutput struct {
// allowed space. // allowed space.
PackedPolicySize *int32 PackedPolicySize *int32
// The value in the SourceIdentity attribute in the SAML assertion. // The value in the SourceIdentity attribute in the SAML assertion. The source
// identity value persists across [chained role]sessions.
// //
// You can require users to set a source identity value when they assume a role. // You can require users to set a source identity value when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust // You do this by using the sts:SourceIdentity condition key in a role trust
@ -321,7 +325,7 @@ type AssumeRoleWithSAMLOutput struct {
// of upper- and lower-case alphanumeric characters with no spaces. You can also // of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@- // include underscores or any of the following characters: =,.@-
// //
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
SourceIdentity *string SourceIdentity *string

View File

@ -31,7 +31,7 @@ import (
// Services credentials. Instead, the identity of the caller is validated by using // Services credentials. Instead, the identity of the caller is validated by using
// a token from the web identity provider. For a comparison of // a token from the web identity provider. For a comparison of
// AssumeRoleWithWebIdentity with the other API operations that produce temporary // AssumeRoleWithWebIdentity with the other API operations that produce temporary
// credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. // credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide.
// //
// The temporary security credentials returned by this API consist of an access // The temporary security credentials returned by this API consist of an access
// key ID, a secret access key, and a security token. Applications can use these // key ID, a secret access key, and a security token. Applications can use these
@ -45,7 +45,7 @@ import (
// DurationSeconds parameter to specify the duration of your session. You can // DurationSeconds parameter to specify the duration of your session. You can
// provide a value from 900 seconds (15 minutes) up to the maximum session duration // provide a value from 900 seconds (15 minutes) up to the maximum session duration
// setting for the role. This setting can have a value from 1 hour to 12 hours. To // setting for the role. This setting can have a value from 1 hour to 12 hours. To
// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. // learn how to view the maximum value for your role, see [Update the maximum session duration for a role]in the IAM User Guide.
// The maximum session duration limit applies when you use the AssumeRole* API // The maximum session duration limit applies when you use the AssumeRole* API
// operations or the assume-role* CLI commands. However the limit does not apply // operations or the assume-role* CLI commands. However the limit does not apply
// when you use those operations to create a console URL. For more information, see // when you use those operations to create a console URL. For more information, see
@ -111,34 +111,23 @@ import (
// that you avoid using any personally identifiable information (PII) in this // that you avoid using any personally identifiable information (PII) in this
// field. For example, you could instead use a GUID or a pairwise identifier, as [suggested in the OIDC specification]. // field. For example, you could instead use a GUID or a pairwise identifier, as [suggested in the OIDC specification].
// //
// For more information about how to use web identity federation and the // For more information about how to use OIDC federation and the
// AssumeRoleWithWebIdentity API, see the following resources: // AssumeRoleWithWebIdentity API, see the following resources:
// //
// [Using Web Identity Federation API Operations for Mobile Apps] // [Using Web Identity Federation API Operations for Mobile Apps]
// - and [Federation Through a Web-based Identity Provider]. // - and [Federation Through a Web-based Identity Provider].
// //
// [Web Identity Federation Playground]
// - . Walk through the process of authenticating through Login with Amazon,
// Facebook, or Google, getting temporary security credentials, and then using
// those credentials to make a request to Amazon Web Services.
//
// [Amazon Web Services SDK for iOS Developer Guide] // [Amazon Web Services SDK for iOS Developer Guide]
// - and [Amazon Web Services SDK for Android Developer Guide]. These toolkits contain sample apps that show how to invoke the // - and [Amazon Web Services SDK for Android Developer Guide]. These toolkits contain sample apps that show how to invoke the
// identity providers. The toolkits then show how to use the information from these // identity providers. The toolkits then show how to use the information from these
// providers to get and use temporary security credentials. // providers to get and use temporary security credentials.
// //
// [Web Identity Federation with Mobile Applications]
// - . This article discusses web identity federation and shows an example of
// how to use web identity federation to get access to content in Amazon S3.
//
// [Amazon Web Services SDK for iOS Developer Guide]: http://aws.amazon.com/sdkforios/ // [Amazon Web Services SDK for iOS Developer Guide]: http://aws.amazon.com/sdkforios/
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
// [Web Identity Federation Playground]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
// [Amazon Web Services SDK for Android Developer Guide]: http://aws.amazon.com/sdkforandroid/ // [Amazon Web Services SDK for Android Developer Guide]: http://aws.amazon.com/sdkforandroid/
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length // [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Subject]: http://openid.net/specs/openid-connect-core-1_0.html#Claims // [Subject]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
// [Amazon Cognito identity pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html // [Amazon Cognito identity pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
@ -148,7 +137,7 @@ import (
// [Amazon Cognito federated identities]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html // [Amazon Cognito federated identities]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
// [Web Identity Federation with Mobile Applications]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications // [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
// [Using Web Identity Federation API Operations for Mobile Apps]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html // [Using Web Identity Federation API Operations for Mobile Apps]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
// [suggested in the OIDC specification]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes // [suggested in the OIDC specification]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) { func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
@ -170,6 +159,17 @@ type AssumeRoleWithWebIdentityInput struct {
// The Amazon Resource Name (ARN) of the role that the caller is assuming. // The Amazon Resource Name (ARN) of the role that the caller is assuming.
// //
// Additional considerations apply to Amazon Cognito identity pools that assume [cross-account IAM roles].
// The trust policies of these roles must accept the cognito-identity.amazonaws.com
// service principal and must contain the cognito-identity.amazonaws.com:aud
// condition key to restrict role assumption to users from your intended identity
// pools. A policy that trusts Amazon Cognito identity pools without this condition
// creates a risk that a user from an unintended identity pool can assume the role.
// For more information, see [Trust policies for IAM roles in Basic (Classic) authentication]in the Amazon Cognito Developer Guide.
//
// [cross-account IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html
// [Trust policies for IAM roles in Basic (Classic) authentication]: https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#trust-policies
//
// This member is required. // This member is required.
RoleArn *string RoleArn *string
@ -179,17 +179,26 @@ type AssumeRoleWithWebIdentityInput struct {
// associated with that user. This session name is included as part of the ARN and // associated with that user. This session name is included as part of the ARN and
// assumed role ID in the AssumedRoleUser response element. // assumed role ID in the AssumedRoleUser response element.
// //
// For security purposes, administrators can view this field in [CloudTrail logs] to help identify
// who performed an action in Amazon Web Services. Your administrator might require
// that you specify your user name as the session name when you assume the role.
// For more information, see [sts:RoleSessionName]sts:RoleSessionName .
//
// The regex used to validate this parameter is a string of characters consisting // The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also // of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@- // include underscores or any of the following characters: =,.@-
// //
// [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
// [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
//
// This member is required. // This member is required.
RoleSessionName *string RoleSessionName *string
// The OAuth 2.0 access token or OpenID Connect ID token that is provided by the // The OAuth 2.0 access token or OpenID Connect ID token that is provided by the
// identity provider. Your application must get this token by authenticating the // identity provider. Your application must get this token by authenticating the
// user who is using your application with a web identity provider before the // user who is using your application with a web identity provider before the
// application makes an AssumeRoleWithWebIdentity call. Only tokens with RSA // application makes an AssumeRoleWithWebIdentity call. Timestamps in the token
// must be formatted as either an integer or a long integer. Only tokens with RSA
// algorithms (RS256) are supported. // algorithms (RS256) are supported.
// //
// This member is required. // This member is required.
@ -232,6 +241,8 @@ type AssumeRoleWithWebIdentityInput struct {
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters. // return (\u000D) characters.
// //
// For more information about role session permissions, see [Session policies].
//
// An Amazon Web Services conversion compresses the passed inline session policy, // An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a // managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext // separate limit. Your request can fail for this limit even if your plaintext
@ -240,6 +251,7 @@ type AssumeRoleWithWebIdentityInput struct {
// size limit. // size limit.
// //
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy *string Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -337,7 +349,7 @@ type AssumeRoleWithWebIdentityOutput struct {
// of upper- and lower-case alphanumeric characters with no spaces. You can also // of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@- // include underscores or any of the following characters: =,.@-
// //
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
// [Using Tokens with User Pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html // [Using Tokens with User Pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
SourceIdentity *string SourceIdentity *string

View File

@ -0,0 +1,221 @@
// Code generated by smithy-go-codegen DO NOT EDIT.
package sts
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/service/sts/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Returns a set of short term credentials you can use to perform privileged tasks
// in a member account.
//
// Before you can launch a privileged session, you must have enabled centralized
// root access in your organization. For steps to enable this feature, see [Centralize root access for member accounts]in the
// IAM User Guide.
//
// The global endpoint is not supported for AssumeRoot. You must send this request
// to a Regional STS endpoint. For more information, see [Endpoints].
//
// You can track AssumeRoot in CloudTrail logs to determine what actions were
// performed in a session. For more information, see [Track privileged tasks in CloudTrail]in the IAM User Guide.
//
// [Endpoints]: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints
// [Track privileged tasks in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html
// [Centralize root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html
func (c *Client) AssumeRoot(ctx context.Context, params *AssumeRootInput, optFns ...func(*Options)) (*AssumeRootOutput, error) {
if params == nil {
params = &AssumeRootInput{}
}
result, metadata, err := c.invokeOperation(ctx, "AssumeRoot", params, optFns, c.addOperationAssumeRootMiddlewares)
if err != nil {
return nil, err
}
out := result.(*AssumeRootOutput)
out.ResultMetadata = metadata
return out, nil
}
type AssumeRootInput struct {
// The member account principal ARN or account ID.
//
// This member is required.
TargetPrincipal *string
// The identity based policy that scopes the session to the privileged tasks that
// can be performed. You can use one of following Amazon Web Services managed
// policies to scope root session actions. You can add additional customer managed
// policies to further limit the permissions for the root session.
//
// [IAMAuditRootUserCredentials]
//
// [IAMCreateRootUserPassword]
//
// [IAMDeleteRootUserCredentials]
//
// [S3UnlockBucketPolicy]
//
// [SQSUnlockQueuePolicy]
//
// [IAMDeleteRootUserCredentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials
// [IAMCreateRootUserPassword]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword
// [IAMAuditRootUserCredentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials
// [S3UnlockBucketPolicy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy
// [SQSUnlockQueuePolicy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy
//
// This member is required.
TaskPolicyArn *types.PolicyDescriptorType
// The duration, in seconds, of the privileged session. The value can range from 0
// seconds up to the maximum session duration of 900 seconds (15 minutes). If you
// specify a value higher than this setting, the operation fails.
//
// By default, the value is set to 900 seconds.
DurationSeconds *int32
noSmithyDocumentSerde
}
type AssumeRootOutput struct {
// The temporary security credentials, which include an access key ID, a secret
// access key, and a security token.
//
// The size of the security token that STS API operations return is not fixed. We
// strongly recommend that you make no assumptions about the maximum size.
Credentials *types.Credentials
// The source identity specified by the principal that is calling the AssumeRoot
// operation.
//
// You can use the aws:SourceIdentity condition key to control access based on the
// value of source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]
// in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@-
//
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
SourceIdentity *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoot{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsAwsquery_deserializeOpAssumeRoot{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoot"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = addClientRequestID(stack); err != nil {
return err
}
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetry(stack, options); err != nil {
return err
}
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpAssumeRootValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoot(options.Region), middleware.Before); err != nil {
return err
}
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opAssumeRoot(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "AssumeRoot",
}
}

View File

@ -20,7 +20,7 @@ import (
// credentials of an IAM user. As a result, this call is appropriate in contexts // credentials of an IAM user. As a result, this call is appropriate in contexts
// where those credentials can be safeguarded, usually in a server-based // where those credentials can be safeguarded, usually in a server-based
// application. For a comparison of GetFederationToken with the other API // application. For a comparison of GetFederationToken with the other API
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. // operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide.
// //
// Although it is possible to call GetFederationToken using the security // Although it is possible to call GetFederationToken using the security
// credentials of an Amazon Web Services account root user rather than an IAM user // credentials of an Amazon Web Services account root user rather than an IAM user
@ -104,9 +104,9 @@ import (
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [GetFederationToken—Federation Through a Custom Identity Broker]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken // [GetFederationToken—Federation Through a Custom Identity Broker]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials // [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) { func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
if params == nil { if params == nil {

View File

@ -22,7 +22,7 @@ import (
// the call returns, IAM users can then make programmatic calls to API operations // the call returns, IAM users can then make programmatic calls to API operations
// that require MFA authentication. An incorrect MFA code causes the API to return // that require MFA authentication. An incorrect MFA code causes the API to return
// an access denied error. For a comparison of GetSessionToken with the other API // an access denied error. For a comparison of GetSessionToken with the other API
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. // operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide.
// //
// No permissions are required for users to perform this operation. The purpose of // No permissions are required for users to perform this operation. The purpose of
// the sts:GetSessionToken operation is to authenticate the user using MFA. You // the sts:GetSessionToken operation is to authenticate the user using MFA. You
@ -63,10 +63,10 @@ import (
// credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide. // credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide.
// //
// [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html // [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
// [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken // [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials // [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) { func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
if params == nil { if params == nil {
params = &GetSessionTokenInput{} params = &GetSessionTokenInput{}

View File

@ -410,6 +410,121 @@ func awsAwsquery_deserializeOpErrorAssumeRoleWithWebIdentity(response *smithyhtt
} }
} }
type awsAwsquery_deserializeOpAssumeRoot struct {
}
func (*awsAwsquery_deserializeOpAssumeRoot) ID() string {
return "OperationDeserializer"
}
func (m *awsAwsquery_deserializeOpAssumeRoot) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
out, metadata, err = next.HandleDeserialize(ctx, in)
if err != nil {
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
}
if response.StatusCode < 200 || response.StatusCode >= 300 {
return out, metadata, awsAwsquery_deserializeOpErrorAssumeRoot(response, &metadata)
}
output := &AssumeRootOutput{}
out.Result = output
var buff [1024]byte
ringBuffer := smithyio.NewRingBuffer(buff[:])
body := io.TeeReader(response.Body, ringBuffer)
rootDecoder := xml.NewDecoder(body)
t, err := smithyxml.FetchRootElement(rootDecoder)
if err == io.EOF {
return out, metadata, nil
}
if err != nil {
var snapshot bytes.Buffer
io.Copy(&snapshot, ringBuffer)
return out, metadata, &smithy.DeserializationError{
Err: fmt.Errorf("failed to decode response body, %w", err),
Snapshot: snapshot.Bytes(),
}
}
decoder := smithyxml.WrapNodeDecoder(rootDecoder, t)
t, err = decoder.GetElement("AssumeRootResult")
if err != nil {
var snapshot bytes.Buffer
io.Copy(&snapshot, ringBuffer)
err = &smithy.DeserializationError{
Err: fmt.Errorf("failed to decode response body, %w", err),
Snapshot: snapshot.Bytes(),
}
return out, metadata, err
}
decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t)
err = awsAwsquery_deserializeOpDocumentAssumeRootOutput(&output, decoder)
if err != nil {
var snapshot bytes.Buffer
io.Copy(&snapshot, ringBuffer)
err = &smithy.DeserializationError{
Err: fmt.Errorf("failed to decode response body, %w", err),
Snapshot: snapshot.Bytes(),
}
return out, metadata, err
}
return out, metadata, err
}
func awsAwsquery_deserializeOpErrorAssumeRoot(response *smithyhttp.Response, metadata *middleware.Metadata) error {
var errorBuffer bytes.Buffer
if _, err := io.Copy(&errorBuffer, response.Body); err != nil {
return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)}
}
errorBody := bytes.NewReader(errorBuffer.Bytes())
errorCode := "UnknownError"
errorMessage := errorCode
errorComponents, err := awsxml.GetErrorResponseComponents(errorBody, false)
if err != nil {
return err
}
if reqID := errorComponents.RequestID; len(reqID) != 0 {
awsmiddleware.SetRequestIDMetadata(metadata, reqID)
}
if len(errorComponents.Code) != 0 {
errorCode = errorComponents.Code
}
if len(errorComponents.Message) != 0 {
errorMessage = errorComponents.Message
}
errorBody.Seek(0, io.SeekStart)
switch {
case strings.EqualFold("ExpiredTokenException", errorCode):
return awsAwsquery_deserializeErrorExpiredTokenException(response, errorBody)
case strings.EqualFold("RegionDisabledException", errorCode):
return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody)
default:
genericError := &smithy.GenericAPIError{
Code: errorCode,
Message: errorMessage,
}
return genericError
}
}
type awsAwsquery_deserializeOpDecodeAuthorizationMessage struct { type awsAwsquery_deserializeOpDecodeAuthorizationMessage struct {
} }
@ -2268,6 +2383,61 @@ func awsAwsquery_deserializeOpDocumentAssumeRoleWithWebIdentityOutput(v **Assume
return nil return nil
} }
func awsAwsquery_deserializeOpDocumentAssumeRootOutput(v **AssumeRootOutput, decoder smithyxml.NodeDecoder) error {
if v == nil {
return fmt.Errorf("unexpected nil of type %T", v)
}
var sv *AssumeRootOutput
if *v == nil {
sv = &AssumeRootOutput{}
} else {
sv = *v
}
for {
t, done, err := decoder.Token()
if err != nil {
return err
}
if done {
break
}
originalDecoder := decoder
decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t)
switch {
case strings.EqualFold("Credentials", t.Name.Local):
nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t)
if err := awsAwsquery_deserializeDocumentCredentials(&sv.Credentials, nodeDecoder); err != nil {
return err
}
case strings.EqualFold("SourceIdentity", t.Name.Local):
val, err := decoder.Value()
if err != nil {
return err
}
if val == nil {
break
}
{
xtv := string(val)
sv.SourceIdentity = ptr.String(xtv)
}
default:
// Do nothing and ignore the unexpected tag element
err = decoder.Decoder.Skip()
if err != nil {
return err
}
}
decoder = originalDecoder
}
*v = sv
return nil
}
func awsAwsquery_deserializeOpDocumentDecodeAuthorizationMessageOutput(v **DecodeAuthorizationMessageOutput, decoder smithyxml.NodeDecoder) error { func awsAwsquery_deserializeOpDocumentDecodeAuthorizationMessageOutput(v **DecodeAuthorizationMessageOutput, decoder smithyxml.NodeDecoder) error {
if v == nil { if v == nil {
return fmt.Errorf("unexpected nil of type %T", v) return fmt.Errorf("unexpected nil of type %T", v)

View File

@ -13,6 +13,7 @@
"api_op_AssumeRole.go", "api_op_AssumeRole.go",
"api_op_AssumeRoleWithSAML.go", "api_op_AssumeRoleWithSAML.go",
"api_op_AssumeRoleWithWebIdentity.go", "api_op_AssumeRoleWithWebIdentity.go",
"api_op_AssumeRoot.go",
"api_op_DecodeAuthorizationMessage.go", "api_op_DecodeAuthorizationMessage.go",
"api_op_GetAccessKeyInfo.go", "api_op_GetAccessKeyInfo.go",
"api_op_GetCallerIdentity.go", "api_op_GetCallerIdentity.go",

View File

@ -3,4 +3,4 @@
package sts package sts
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.32.4" const goModuleVersion = "1.33.1"

View File

@ -226,6 +226,76 @@ func (m *awsAwsquery_serializeOpAssumeRoleWithWebIdentity) HandleSerialize(ctx c
return next.HandleSerialize(ctx, in) return next.HandleSerialize(ctx, in)
} }
type awsAwsquery_serializeOpAssumeRoot struct {
}
func (*awsAwsquery_serializeOpAssumeRoot) ID() string {
return "OperationSerializer"
}
func (m *awsAwsquery_serializeOpAssumeRoot) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
}
input, ok := in.Parameters.(*AssumeRootInput)
_ = input
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)}
}
operationPath := "/"
if len(request.Request.URL.Path) == 0 {
request.Request.URL.Path = operationPath
} else {
request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath)
if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' {
request.Request.URL.Path += "/"
}
}
request.Request.Method = "POST"
httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header)
if err != nil {
return out, metadata, &smithy.SerializationError{Err: err}
}
httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded")
bodyWriter := bytes.NewBuffer(nil)
bodyEncoder := query.NewEncoder(bodyWriter)
body := bodyEncoder.Object()
body.Key("Action").String("AssumeRoot")
body.Key("Version").String("2011-06-15")
if err := awsAwsquery_serializeOpDocumentAssumeRootInput(input, bodyEncoder.Value); err != nil {
return out, metadata, &smithy.SerializationError{Err: err}
}
err = bodyEncoder.Encode()
if err != nil {
return out, metadata, &smithy.SerializationError{Err: err}
}
if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil {
return out, metadata, &smithy.SerializationError{Err: err}
}
if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil {
return out, metadata, &smithy.SerializationError{Err: err}
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
type awsAwsquery_serializeOpDecodeAuthorizationMessage struct { type awsAwsquery_serializeOpDecodeAuthorizationMessage struct {
} }
@ -821,6 +891,30 @@ func awsAwsquery_serializeOpDocumentAssumeRoleWithWebIdentityInput(v *AssumeRole
return nil return nil
} }
func awsAwsquery_serializeOpDocumentAssumeRootInput(v *AssumeRootInput, value query.Value) error {
object := value.Object()
_ = object
if v.DurationSeconds != nil {
objectKey := object.Key("DurationSeconds")
objectKey.Integer(*v.DurationSeconds)
}
if v.TargetPrincipal != nil {
objectKey := object.Key("TargetPrincipal")
objectKey.String(*v.TargetPrincipal)
}
if v.TaskPolicyArn != nil {
objectKey := object.Key("TaskPolicyArn")
if err := awsAwsquery_serializeDocumentPolicyDescriptorType(v.TaskPolicyArn, objectKey); err != nil {
return err
}
}
return nil
}
func awsAwsquery_serializeOpDocumentDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput, value query.Value) error { func awsAwsquery_serializeOpDocumentDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput, value query.Value) error {
object := value.Object() object := value.Object()
_ = object _ = object

View File

@ -95,8 +95,8 @@ func (e *IDPRejectedClaimException) ErrorCode() string {
func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The error returned if the message passed to DecodeAuthorizationMessage was // The error returned if the message passed to DecodeAuthorizationMessage was
// invalid. This can happen if the token contains invalid characters, such as // invalid. This can happen if the token contains invalid characters, such as line
// linebreaks. // breaks, or if the message has expired.
type InvalidAuthorizationMessageException struct { type InvalidAuthorizationMessageException struct {
Message *string Message *string
@ -218,10 +218,10 @@ func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return
// STS is not activated in the requested region for the account that is being // STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM // asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]in the IAM // console to activate STS in that region. For more information, see [Activating and Deactivating STS in an Amazon Web Services Region]in the IAM
// User Guide. // User Guide.
// //
// [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html // [Activating and Deactivating STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
type RegionDisabledException struct { type RegionDisabledException struct {
Message *string Message *string

View File

@ -70,6 +70,26 @@ func (m *validateOpAssumeRoleWithWebIdentity) HandleInitialize(ctx context.Conte
return next.HandleInitialize(ctx, in) return next.HandleInitialize(ctx, in)
} }
type validateOpAssumeRoot struct {
}
func (*validateOpAssumeRoot) ID() string {
return "OperationInputValidation"
}
func (m *validateOpAssumeRoot) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
input, ok := in.Parameters.(*AssumeRootInput)
if !ok {
return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters)
}
if err := validateOpAssumeRootInput(input); err != nil {
return out, metadata, err
}
return next.HandleInitialize(ctx, in)
}
type validateOpDecodeAuthorizationMessage struct { type validateOpDecodeAuthorizationMessage struct {
} }
@ -142,6 +162,10 @@ func addOpAssumeRoleWithWebIdentityValidationMiddleware(stack *middleware.Stack)
return stack.Initialize.Add(&validateOpAssumeRoleWithWebIdentity{}, middleware.After) return stack.Initialize.Add(&validateOpAssumeRoleWithWebIdentity{}, middleware.After)
} }
func addOpAssumeRootValidationMiddleware(stack *middleware.Stack) error {
return stack.Initialize.Add(&validateOpAssumeRoot{}, middleware.After)
}
func addOpDecodeAuthorizationMessageValidationMiddleware(stack *middleware.Stack) error { func addOpDecodeAuthorizationMessageValidationMiddleware(stack *middleware.Stack) error {
return stack.Initialize.Add(&validateOpDecodeAuthorizationMessage{}, middleware.After) return stack.Initialize.Add(&validateOpDecodeAuthorizationMessage{}, middleware.After)
} }
@ -254,6 +278,24 @@ func validateOpAssumeRoleWithWebIdentityInput(v *AssumeRoleWithWebIdentityInput)
} }
} }
func validateOpAssumeRootInput(v *AssumeRootInput) error {
if v == nil {
return nil
}
invalidParams := smithy.InvalidParamsError{Context: "AssumeRootInput"}
if v.TargetPrincipal == nil {
invalidParams.Add(smithy.NewErrParamRequired("TargetPrincipal"))
}
if v.TaskPolicyArn == nil {
invalidParams.Add(smithy.NewErrParamRequired("TaskPolicyArn"))
}
if invalidParams.Len() > 0 {
return invalidParams
} else {
return nil
}
}
func validateOpDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput) error { func validateOpDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput) error {
if v == nil { if v == nil {
return nil return nil

View File

@ -1,3 +1,12 @@
# Release (2024-11-15)
## General Highlights
* **Dependency Update**: Updated to the latest SDK module versions
## Module Highlights
* `github.com/aws/smithy-go`: v1.22.1
* **Bug Fix**: Fix failure to replace URI path segments when their names overlap.
# Release (2024-10-03) # Release (2024-10-03)
## General Highlights ## General Highlights

View File

@ -22,33 +22,33 @@ func bufCap(b []byte, n int) []byte {
// replacePathElement replaces a single element in the path []byte. // replacePathElement replaces a single element in the path []byte.
// Escape is used to control whether the value will be escaped using Amazon path escape style. // Escape is used to control whether the value will be escaped using Amazon path escape style.
func replacePathElement(path, fieldBuf []byte, key, val string, escape bool) ([]byte, []byte, error) { func replacePathElement(path, fieldBuf []byte, key, val string, escape bool) ([]byte, []byte, error) {
fieldBuf = bufCap(fieldBuf, len(key)+3) // { <key> [+] } // search for "{<key>}". If not found, search for the greedy version "{<key>+}". If none are found, return error
fieldBuf = bufCap(fieldBuf, len(key)+2) // { <key> }
fieldBuf = append(fieldBuf, uriTokenStart) fieldBuf = append(fieldBuf, uriTokenStart)
fieldBuf = append(fieldBuf, key...) fieldBuf = append(fieldBuf, key...)
fieldBuf = append(fieldBuf, uriTokenStop)
start := bytes.Index(path, fieldBuf) start := bytes.Index(path, fieldBuf)
end := start + len(fieldBuf)
if start < 0 || len(path[end:]) == 0 {
// TODO what to do about error?
return path, fieldBuf, fmt.Errorf("invalid path index, start=%d,end=%d. %s", start, end, path)
}
encodeSep := true encodeSep := true
if path[end] == uriTokenSkip { if start < 0 {
// '+' token means do not escape slashes fieldBuf = bufCap(fieldBuf, len(key)+3) // { <key> [+] }
fieldBuf = append(fieldBuf, uriTokenStart)
fieldBuf = append(fieldBuf, key...)
fieldBuf = append(fieldBuf, uriTokenSkip)
fieldBuf = append(fieldBuf, uriTokenStop)
start = bytes.Index(path, fieldBuf)
if start < 0 {
return path, fieldBuf, fmt.Errorf("invalid path index, start=%d. %s", start, path)
}
encodeSep = false encodeSep = false
end++
} }
end := start + len(fieldBuf)
if escape { if escape {
val = EscapePath(val, encodeSep) val = EscapePath(val, encodeSep)
} }
if path[end] != uriTokenStop {
return path, fieldBuf, fmt.Errorf("invalid path element, does not contain token stop, %s", path)
}
end++
fieldBuf = bufCap(fieldBuf, len(val)) fieldBuf = bufCap(fieldBuf, len(val))
fieldBuf = append(fieldBuf, val...) fieldBuf = append(fieldBuf, val...)

View File

@ -3,4 +3,4 @@
package smithy package smithy
// goModuleVersion is the tagged release for this module // goModuleVersion is the tagged release for this module
const goModuleVersion = "1.22.0" const goModuleVersion = "1.22.1"

14
vendor/modules.txt vendored
View File

@ -126,7 +126,7 @@ github.com/aws/aws-sdk-go/service/sso/ssoiface
github.com/aws/aws-sdk-go/service/ssooidc github.com/aws/aws-sdk-go/service/ssooidc
github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts
github.com/aws/aws-sdk-go/service/sts/stsiface github.com/aws/aws-sdk-go/service/sts/stsiface
# github.com/aws/aws-sdk-go-v2 v1.32.4 # github.com/aws/aws-sdk-go-v2 v1.32.5
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/aws github.com/aws/aws-sdk-go-v2/aws
github.com/aws/aws-sdk-go-v2/aws/defaults github.com/aws/aws-sdk-go-v2/aws/defaults
@ -149,24 +149,24 @@ github.com/aws/aws-sdk-go-v2/internal/sdk
github.com/aws/aws-sdk-go-v2/internal/strings github.com/aws/aws-sdk-go-v2/internal/strings
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
github.com/aws/aws-sdk-go-v2/internal/timeconv github.com/aws/aws-sdk-go-v2/internal/timeconv
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 # github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/internal/configsources github.com/aws/aws-sdk-go-v2/internal/configsources
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 # github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 # github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 # github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
# github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 # github.com/aws/aws-sdk-go-v2/service/sts v1.33.1
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/aws-sdk-go-v2/service/sts
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
github.com/aws/aws-sdk-go-v2/service/sts/types github.com/aws/aws-sdk-go-v2/service/sts/types
# github.com/aws/smithy-go v1.22.0 # github.com/aws/smithy-go v1.22.1
## explicit; go 1.21 ## explicit; go 1.21
github.com/aws/smithy-go github.com/aws/smithy-go
github.com/aws/smithy-go/auth github.com/aws/smithy-go/auth