mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-18 21:29:50 +00:00
40ad4163cb
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) and [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang). Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.30.7 to 1.31.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.31.1/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/mgn/v1.30.7...service/s3/v1.31.1) Updates `github.com/prometheus/client_golang` from 1.20.3 to 1.20.4 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.20.3...v1.20.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
243 lines
9.8 KiB
Go
243 lines
9.8 KiB
Go
// Code generated by smithy-go-codegen DO NOT EDIT.
|
|
|
|
package sts
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
|
"github.com/aws/aws-sdk-go-v2/service/sts/types"
|
|
"github.com/aws/smithy-go/middleware"
|
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
|
)
|
|
|
|
// Returns a set of temporary credentials for an Amazon Web Services account or
|
|
// IAM user. The credentials consist of an access key ID, a secret access key, and
|
|
// a security token. Typically, you use GetSessionToken if you want to use MFA to
|
|
// protect programmatic calls to specific Amazon Web Services API operations like
|
|
// Amazon EC2 StopInstances .
|
|
//
|
|
// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that is
|
|
// associated with their MFA device. Using the temporary security credentials that
|
|
// the call returns, IAM users can then make programmatic calls to API operations
|
|
// that require MFA authentication. An incorrect MFA code causes the API to return
|
|
// an access denied error. For a comparison of GetSessionToken with the other API
|
|
// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide.
|
|
//
|
|
// No permissions are required for users to perform this operation. The purpose of
|
|
// the sts:GetSessionToken operation is to authenticate the user using MFA. You
|
|
// cannot use policies to control authentication operations. For more information,
|
|
// see [Permissions for GetSessionToken]in the IAM User Guide.
|
|
//
|
|
// # Session Duration
|
|
//
|
|
// The GetSessionToken operation must be called by using the long-term Amazon Web
|
|
// Services security credentials of an IAM user. Credentials that are created by
|
|
// IAM users are valid for the duration that you specify. This duration can range
|
|
// from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours),
|
|
// with a default of 43,200 seconds (12 hours). Credentials based on account
|
|
// credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1
|
|
// hour), with a default of 1 hour.
|
|
//
|
|
// # Permissions
|
|
//
|
|
// The temporary security credentials created by GetSessionToken can be used to
|
|
// make API calls to any Amazon Web Services service with the following exceptions:
|
|
//
|
|
// - You cannot call any IAM API operations unless MFA authentication
|
|
// information is included in the request.
|
|
//
|
|
// - You cannot call any STS API except AssumeRole or GetCallerIdentity .
|
|
//
|
|
// The credentials that GetSessionToken returns are based on permissions
|
|
// associated with the IAM user whose credentials were used to call the operation.
|
|
// The temporary credentials have the same permissions as the IAM user.
|
|
//
|
|
// Although it is possible to call GetSessionToken using the security credentials
|
|
// of an Amazon Web Services account root user rather than an IAM user, we do not
|
|
// recommend it. If GetSessionToken is called using root user credentials, the
|
|
// temporary credentials have root user permissions. For more information, see [Safeguard your root user credentials and don't use them for everyday tasks]in
|
|
// the IAM User Guide
|
|
//
|
|
// For more information about using GetSessionToken to create temporary
|
|
// credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide.
|
|
//
|
|
// [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
|
// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
|
// [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
|
// [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
|
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
|
func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
|
|
if params == nil {
|
|
params = &GetSessionTokenInput{}
|
|
}
|
|
|
|
result, metadata, err := c.invokeOperation(ctx, "GetSessionToken", params, optFns, c.addOperationGetSessionTokenMiddlewares)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
out := result.(*GetSessionTokenOutput)
|
|
out.ResultMetadata = metadata
|
|
return out, nil
|
|
}
|
|
|
|
type GetSessionTokenInput struct {
|
|
|
|
// The duration, in seconds, that the credentials should remain valid. Acceptable
|
|
// durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
|
|
// seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for
|
|
// Amazon Web Services account owners are restricted to a maximum of 3,600 seconds
|
|
// (one hour). If the duration is longer than one hour, the session for Amazon Web
|
|
// Services account owners defaults to one hour.
|
|
DurationSeconds *int32
|
|
|
|
// The identification number of the MFA device that is associated with the IAM
|
|
// user who is making the GetSessionToken call. Specify this value if the IAM user
|
|
// has a policy that requires MFA authentication. The value is either the serial
|
|
// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
|
|
// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
|
|
// can find the device for an IAM user by going to the Amazon Web Services
|
|
// Management Console and viewing the user's security credentials.
|
|
//
|
|
// The regex used to validate this parameter is a string of characters consisting
|
|
// of upper- and lower-case alphanumeric characters with no spaces. You can also
|
|
// include underscores or any of the following characters: =,.@:/-
|
|
SerialNumber *string
|
|
|
|
// The value provided by the MFA device, if MFA is required. If any policy
|
|
// requires the IAM user to submit an MFA code, specify this value. If MFA
|
|
// authentication is required, the user must provide a code when requesting a set
|
|
// of temporary security credentials. A user who fails to provide the code receives
|
|
// an "access denied" response when requesting resources that require MFA
|
|
// authentication.
|
|
//
|
|
// The format for this parameter, as described by its regex pattern, is a sequence
|
|
// of six numeric digits.
|
|
TokenCode *string
|
|
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
// Contains the response to a successful GetSessionToken request, including temporary Amazon Web
|
|
// Services credentials that can be used to make Amazon Web Services requests.
|
|
type GetSessionTokenOutput struct {
|
|
|
|
// The temporary security credentials, which include an access key ID, a secret
|
|
// access key, and a security (or session) token.
|
|
//
|
|
// The size of the security token that STS API operations return is not fixed. We
|
|
// strongly recommend that you make no assumptions about the maximum size.
|
|
Credentials *types.Credentials
|
|
|
|
// Metadata pertaining to the operation's result.
|
|
ResultMetadata middleware.Metadata
|
|
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
|
|
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
|
|
return err
|
|
}
|
|
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetSessionToken{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetSessionToken{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err := addProtocolFinalizerMiddlewares(stack, options, "GetSessionToken"); err != nil {
|
|
return fmt.Errorf("add protocol finalizers: %v", err)
|
|
}
|
|
|
|
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addClientRequestID(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addComputeContentLength(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addComputePayloadSHA256(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRetry(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addRawResponseToMetadata(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRecordResponseTiming(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addSpanRetryLoop(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addClientUserAgent(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addTimeOffsetBuild(stack, c); err != nil {
|
|
return err
|
|
}
|
|
if err = addUserAgentRetryMode(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
|
|
return err
|
|
}
|
|
if err = addRecursionDetection(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResponseErrorMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestResponseLogging(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addSpanInitializeStart(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addSpanInitializeEnd(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addSpanBuildRequestStart(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addSpanBuildRequestEnd(stack); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func newServiceMetadataMiddleware_opGetSessionToken(region string) *awsmiddleware.RegisterServiceMetadata {
|
|
return &awsmiddleware.RegisterServiceMetadata{
|
|
Region: region,
|
|
ServiceID: ServiceID,
|
|
OperationName: "GetSessionToken",
|
|
}
|
|
}
|