MCPcopy
hub / github.com/minio/minio-go / getWebIdentityCredentials

Function getWebIdentityCredentials

pkg/credentials/sts_web_identity.go:140–221  ·  view source on GitHub ↗
(clnt *http.Client, endpoint, roleARN, roleSessionName string, policy string,
	getWebIDTokenExpiry func() (*WebIdentityToken, error), tokenRevokeType string,
)

Source from the content-addressed store, hash-verified

138}
139
140func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSessionName string, policy string,
141 getWebIDTokenExpiry func() (*WebIdentityToken, error), tokenRevokeType string,
142) (AssumeRoleWithWebIdentityResponse, error) {
143 idToken, err := getWebIDTokenExpiry()
144 if err != nil {
145 return AssumeRoleWithWebIdentityResponse{}, err
146 }
147
148 v := url.Values{}
149 v.Set("Action", "AssumeRoleWithWebIdentity")
150 if len(roleARN) > 0 {
151 v.Set("RoleArn", roleARN)
152
153 if len(roleSessionName) == 0 {
154 roleSessionName = strconv.FormatInt(time.Now().UnixNano(), 10)
155 }
156 v.Set("RoleSessionName", roleSessionName)
157 }
158 v.Set("WebIdentityToken", idToken.Token)
159 if idToken.AccessToken != "" {
160 // Usually set when server is using extended userInfo endpoint.
161 v.Set("WebIdentityAccessToken", idToken.AccessToken)
162 }
163 if idToken.RefreshToken != "" {
164 // Usually set when server is using extended userInfo endpoint.
165 v.Set("WebIdentityRefreshToken", idToken.RefreshToken)
166 }
167 if idToken.Expiry > 0 {
168 v.Set("DurationSeconds", fmt.Sprintf("%d", idToken.Expiry))
169 }
170 if policy != "" {
171 v.Set("Policy", policy)
172 }
173 v.Set("Version", STSVersion)
174 if tokenRevokeType != "" {
175 v.Set("TokenRevokeType", tokenRevokeType)
176 }
177
178 u, err := url.Parse(endpoint)
179 if err != nil {
180 return AssumeRoleWithWebIdentityResponse{}, err
181 }
182
183 req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode()))
184 if err != nil {
185 return AssumeRoleWithWebIdentityResponse{}, err
186 }
187
188 req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
189
190 resp, err := clnt.Do(req)
191 if err != nil {
192 return AssumeRoleWithWebIdentityResponse{}, err
193 }
194
195 defer resp.Body.Close()
196 if resp.StatusCode != http.StatusOK {
197 var errResp ErrorResponse

Callers 1

Calls 5

DoMethod · 0.80
xmlDecodeAndBodyFunction · 0.70
SetMethod · 0.45
StringMethod · 0.45
CloseMethod · 0.45

Tested by

no test coverage detected