awssign

package

v0.5.3-alpha01 Latest Latest Go to latest Published: May 25, 2026 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stackql/any-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

type AssumeRoleConfig
type AwsTemporaryCredentials
- func AssumeRole(ctx context.Context, cfg AssumeRoleConfig) (AwsTemporaryCredentials, error)
type Transport
- func NewAwsSignTransport(underlyingTransport http.RoundTripper, id, secret, token string, ...) (Transport, error)
- func NewAwsSignTransportWithCredentials(underlyingTransport http.RoundTripper, id, secret, token string, ...) (Transport, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AssumeRoleConfig ¶

type AssumeRoleConfig struct {
	BaseAccessKeyID     string
	BaseSecretAccessKey string
	BaseSessionToken    string
	RoleARN             string
	RoleSessionName     string
	ExternalID          string
	Region              string
	DurationSeconds     int32
	// Endpoint optionally overrides the STS endpoint. Primarily useful for
	// testing against a mock, or for non-default partitions / private endpoints.
	Endpoint string
	// HTTPClient optionally supplies the HTTP client used for the STS call.
	HTTPClient aws.HTTPClient
}

AssumeRoleConfig describes an STS AssumeRole exchange: the base (long-lived) credentials that authenticate the AssumeRole call, the target role, and a set of optional refinements.

type AwsTemporaryCredentials ¶

type AwsTemporaryCredentials struct {
	AccessKeyID     string
	SecretAccessKey string
	SessionToken    string
}

AwsTemporaryCredentials holds the short-lived credentials returned by an STS AssumeRole call.

func AssumeRole ¶

func AssumeRole(ctx context.Context, cfg AssumeRoleConfig) (AwsTemporaryCredentials, error)

AssumeRole exchanges base credentials for temporary credentials scoped to the supplied role, via the AWS STS AssumeRole API. The returned credentials are suitable for NewAwsSignTransportWithCredentials.

type Transport ¶

type Transport interface {
	RoundTrip(req *http.Request) (*http.Response, error)
}

func NewAwsSignTransport ¶

func NewAwsSignTransport(
	underlyingTransport http.RoundTripper,
	id, secret, token string,
	options ...func(*v4.SignerOptions),
) (Transport, error)

func NewAwsSignTransportWithCredentials ¶

func NewAwsSignTransportWithCredentials(
	underlyingTransport http.RoundTripper,
	id, secret, token string,
	options ...func(*v4.SignerOptions),
) (Transport, error)

NewAwsSignTransportWithCredentials builds a signing transport from an explicit (id, secret, token) triple, using all three verbatim. Unlike NewAwsSignTransport it never falls back to AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY when a session token is present, which is required for assumed-role credentials whose id and secret are themselves temporary and do not live in the environment.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL