diff --git a/README.md b/README.md index 9b6bbbec3..1aa85a188 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ The MinIO Go Client SDK provides simple APIs to access any Amazon S3 compatible object storage. -This quickstart guide will show you how to install the MinIO client SDK, connect to MinIO, and provide a walkthrough for a simple file uploader. For a complete list of APIs and examples, please take a look at the [Go Client API Reference](https://min.io/docs/minio/linux/developers/go/API.html). +This quickstart guide will show you how to install the MinIO client SDK, connect to MinIO, and provide a walkthrough for a simple file uploader. +For a complete list of APIs and examples, please take a look at the [godoc documentation](https://pkg.go.dev/github.com/minio/minio-go/v7) or [Go Client API Reference](https://min.io/docs/minio/linux/developers/go/API.html). This document assumes that you have a working [Go development environment](https://golang.org/doc/install). @@ -236,6 +237,7 @@ The full API Reference is available here. * [presignedpostpolicy.go](https://github.com/minio/minio-go/blob/master/examples/s3/presignedpostpolicy.go) ## Explore Further +* [Godoc Documentation](https://pkg.go.dev/github.com/minio/minio-go/v7) * [Complete Documentation](https://min.io/docs/minio/kubernetes/upstream/index.html) * [MinIO Go Client SDK API Reference](https://min.io/docs/minio/linux/developers/go/API.html) diff --git a/pkg/credentials/assume_role.go b/pkg/credentials/assume_role.go index 1c73d1008..800c4a294 100644 --- a/pkg/credentials/assume_role.go +++ b/pkg/credentials/assume_role.go @@ -93,7 +93,8 @@ type STSAssumeRoleOptions struct { AccessKey string SecretKey string - Policy string // Optional to assign a policy to the assumed role + SessionToken string // Optional if the first request is made with temporary credentials. + Policy string // Optional to assign a policy to the assumed role Location string // Optional commonly needed with AWS STS. DurationSeconds int // Optional defaults to 1 hour. @@ -101,6 +102,7 @@ type STSAssumeRoleOptions struct { // Optional only valid if using with AWS STS RoleARN string RoleSessionName string + ExternalID string } // NewSTSAssumeRole returns a pointer to a new @@ -161,6 +163,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume if opts.Policy != "" { v.Set("Policy", opts.Policy) } + if opts.ExternalID != "" { + v.Set("ExternalId", opts.ExternalID) + } u, err := url.Parse(endpoint) if err != nil { @@ -181,6 +186,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume } req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(hash.Sum(nil))) + if opts.SessionToken != "" { + req.Header.Set("X-Amz-Security-Token", opts.SessionToken) + } req = signer.SignV4STS(*req, opts.AccessKey, opts.SecretKey, opts.Location) resp, err := clnt.Do(req)