diff options
Diffstat (limited to 'vendor/github.com/minio/minio-go/v7/pkg/credentials')
5 files changed, 31 insertions, 2 deletions
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go index cd0a641bd..415b07095 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/assume_role.go @@ -104,6 +104,8 @@ type STSAssumeRoleOptions struct { RoleARN string RoleSessionName string ExternalID string + + TokenRevokeType string // Optional, used for token revokation (MinIO only extension) } // NewSTSAssumeRole returns a pointer to a new @@ -161,6 +163,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume if opts.ExternalID != "" { v.Set("ExternalId", opts.ExternalID) } + if opts.TokenRevokeType != "" { + v.Set("TokenRevokeType", opts.TokenRevokeType) + } u, err := url.Parse(endpoint) if err != nil { diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go index 0021f9315..162f460ee 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_custom_identity.go @@ -69,6 +69,9 @@ type CustomTokenIdentity struct { // RequestedExpiry is to set the validity of the generated credentials // (this value bounded by server). RequestedExpiry time.Duration + + // Optional, used for token revokation + TokenRevokeType string } // RetrieveWithCredContext with Retrieve optionally cred context @@ -98,6 +101,9 @@ func (c *CustomTokenIdentity) RetrieveWithCredContext(cc *CredContext) (value Va if c.RequestedExpiry != 0 { v.Set("DurationSeconds", fmt.Sprintf("%d", int(c.RequestedExpiry.Seconds()))) } + if c.TokenRevokeType != "" { + v.Set("TokenRevokeType", c.TokenRevokeType) + } u.RawQuery = v.Encode() diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go index e63997e6e..31fe10ae0 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go @@ -73,6 +73,9 @@ type LDAPIdentity struct { // RequestedExpiry is the configured expiry duration for credentials // requested from LDAP. RequestedExpiry time.Duration + + // Optional, used for token revokation + TokenRevokeType string } // NewLDAPIdentity returns new credentials object that uses LDAP @@ -152,6 +155,9 @@ func (k *LDAPIdentity) RetrieveWithCredContext(cc *CredContext) (value Value, er if k.RequestedExpiry != 0 { v.Set("DurationSeconds", fmt.Sprintf("%d", int(k.RequestedExpiry.Seconds()))) } + if k.TokenRevokeType != "" { + v.Set("TokenRevokeType", k.TokenRevokeType) + } req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode())) if err != nil { diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go index c904bbeac..2a35a51a4 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_tls_identity.go @@ -80,6 +80,9 @@ type STSCertificateIdentity struct { // Certificate is the client certificate that is used for // STS authentication. Certificate tls.Certificate + + // Optional, used for token revokation + TokenRevokeType string } // NewSTSCertificateIdentity returns a STSCertificateIdentity that authenticates @@ -122,6 +125,9 @@ func (i *STSCertificateIdentity) RetrieveWithCredContext(cc *CredContext) (Value queryValues := url.Values{} queryValues.Set("Action", "AssumeRoleWithCertificate") queryValues.Set("Version", STSVersion) + if i.TokenRevokeType != "" { + queryValues.Set("TokenRevokeType", i.TokenRevokeType) + } endpointURL.RawQuery = queryValues.Encode() req, err := http.NewRequest(http.MethodPost, endpointURL.String(), nil) diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go index 235258893..a9987255e 100644 --- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go +++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go @@ -93,6 +93,9 @@ type STSWebIdentity struct { // roleSessionName is the identifier for the assumed role session. roleSessionName string + + // Optional, used for token revokation + TokenRevokeType string } // NewSTSWebIdentity returns a pointer to a new @@ -135,7 +138,7 @@ func WithPolicy(policy string) func(*STSWebIdentity) { } func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSessionName string, policy string, - getWebIDTokenExpiry func() (*WebIdentityToken, error), + getWebIDTokenExpiry func() (*WebIdentityToken, error), tokenRevokeType string, ) (AssumeRoleWithWebIdentityResponse, error) { idToken, err := getWebIDTokenExpiry() if err != nil { @@ -168,6 +171,9 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession v.Set("Policy", policy) } v.Set("Version", STSVersion) + if tokenRevokeType != "" { + v.Set("TokenRevokeType", tokenRevokeType) + } u, err := url.Parse(endpoint) if err != nil { @@ -236,7 +242,7 @@ func (m *STSWebIdentity) RetrieveWithCredContext(cc *CredContext) (Value, error) return Value{}, errors.New("STS endpoint unknown") } - a, err := getWebIdentityCredentials(client, stsEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry) + a, err := getWebIdentityCredentials(client, stsEndpoint, m.RoleARN, m.roleSessionName, m.Policy, m.GetWebIDTokenExpiry, m.TokenRevokeType) if err != nil { return Value{}, err } |