github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/iam/getSessionContext.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package iam 5 6 import ( 7 "context" 8 "reflect" 9 10 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 11 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 12 ) 13 14 // This data source provides information on the IAM source role of an STS assumed role. For non-role ARNs, this data source simply passes the ARN through in `issuerArn`. 15 // 16 // For some AWS resources, multiple types of principals are allowed in the same argument (e.g., IAM users and IAM roles). However, these arguments often do not allow assumed-role (i.e., STS, temporary credential) principals. Given an STS ARN, this data source provides the ARN for the source IAM role. 17 // 18 // ## Example Usage 19 // 20 // ### Basic Example 21 // 22 // <!--Start PulumiCodeChooser --> 23 // ```go 24 // package main 25 // 26 // import ( 27 // 28 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 29 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 30 // 31 // ) 32 // 33 // func main() { 34 // pulumi.Run(func(ctx *pulumi.Context) error { 35 // _, err := iam.GetSessionContext(ctx, &iam.GetSessionContextArgs{ 36 // Arn: "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes", 37 // }, nil) 38 // if err != nil { 39 // return err 40 // } 41 // return nil 42 // }) 43 // } 44 // 45 // ``` 46 // <!--End PulumiCodeChooser --> 47 // 48 // ### Find the Runner's Source Role 49 // 50 // Combined with `getCallerIdentity`, you can get the current user's source IAM role ARN (`issuerArn`) if you're using an assumed role. If you're not using an assumed role, the caller's (e.g., an IAM user's) ARN will simply be passed through. In environments where both IAM users and individuals using assumed roles need to apply the same configurations, this data source enables seamless use. 51 // 52 // <!--Start PulumiCodeChooser --> 53 // ```go 54 // package main 55 // 56 // import ( 57 // 58 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" 59 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 60 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 61 // 62 // ) 63 // 64 // func main() { 65 // pulumi.Run(func(ctx *pulumi.Context) error { 66 // current, err := aws.GetCallerIdentity(ctx, nil, nil) 67 // if err != nil { 68 // return err 69 // } 70 // _, err = iam.GetSessionContext(ctx, &iam.GetSessionContextArgs{ 71 // Arn: current.Arn, 72 // }, nil) 73 // if err != nil { 74 // return err 75 // } 76 // return nil 77 // }) 78 // } 79 // 80 // ``` 81 // <!--End PulumiCodeChooser --> 82 func GetSessionContext(ctx *pulumi.Context, args *GetSessionContextArgs, opts ...pulumi.InvokeOption) (*GetSessionContextResult, error) { 83 opts = internal.PkgInvokeDefaultOpts(opts) 84 var rv GetSessionContextResult 85 err := ctx.Invoke("aws:iam/getSessionContext:getSessionContext", args, &rv, opts...) 86 if err != nil { 87 return nil, err 88 } 89 return &rv, nil 90 } 91 92 // A collection of arguments for invoking getSessionContext. 93 type GetSessionContextArgs struct { 94 // ARN for an assumed role. 95 // 96 // > If `arn` is a non-role ARN, Pulumi gives no error and `issuerArn` will be equal to the `arn` value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist. 97 Arn string `pulumi:"arn"` 98 } 99 100 // A collection of values returned by getSessionContext. 101 type GetSessionContextResult struct { 102 Arn string `pulumi:"arn"` 103 // The provider-assigned unique ID for this managed resource. 104 Id string `pulumi:"id"` 105 // IAM source role ARN if `arn` corresponds to an STS assumed role. Otherwise, `issuerArn` is equal to `arn`. 106 IssuerArn string `pulumi:"issuerArn"` 107 // Unique identifier of the IAM role that issues the STS assumed role. 108 IssuerId string `pulumi:"issuerId"` 109 // Name of the source role. Only available if `arn` corresponds to an STS assumed role. 110 IssuerName string `pulumi:"issuerName"` 111 // Name of the STS session. Only available if `arn` corresponds to an STS assumed role. 112 SessionName string `pulumi:"sessionName"` 113 } 114 115 func GetSessionContextOutput(ctx *pulumi.Context, args GetSessionContextOutputArgs, opts ...pulumi.InvokeOption) GetSessionContextResultOutput { 116 return pulumi.ToOutputWithContext(context.Background(), args). 117 ApplyT(func(v interface{}) (GetSessionContextResult, error) { 118 args := v.(GetSessionContextArgs) 119 r, err := GetSessionContext(ctx, &args, opts...) 120 var s GetSessionContextResult 121 if r != nil { 122 s = *r 123 } 124 return s, err 125 }).(GetSessionContextResultOutput) 126 } 127 128 // A collection of arguments for invoking getSessionContext. 129 type GetSessionContextOutputArgs struct { 130 // ARN for an assumed role. 131 // 132 // > If `arn` is a non-role ARN, Pulumi gives no error and `issuerArn` will be equal to the `arn` value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist. 133 Arn pulumi.StringInput `pulumi:"arn"` 134 } 135 136 func (GetSessionContextOutputArgs) ElementType() reflect.Type { 137 return reflect.TypeOf((*GetSessionContextArgs)(nil)).Elem() 138 } 139 140 // A collection of values returned by getSessionContext. 141 type GetSessionContextResultOutput struct{ *pulumi.OutputState } 142 143 func (GetSessionContextResultOutput) ElementType() reflect.Type { 144 return reflect.TypeOf((*GetSessionContextResult)(nil)).Elem() 145 } 146 147 func (o GetSessionContextResultOutput) ToGetSessionContextResultOutput() GetSessionContextResultOutput { 148 return o 149 } 150 151 func (o GetSessionContextResultOutput) ToGetSessionContextResultOutputWithContext(ctx context.Context) GetSessionContextResultOutput { 152 return o 153 } 154 155 func (o GetSessionContextResultOutput) Arn() pulumi.StringOutput { 156 return o.ApplyT(func(v GetSessionContextResult) string { return v.Arn }).(pulumi.StringOutput) 157 } 158 159 // The provider-assigned unique ID for this managed resource. 160 func (o GetSessionContextResultOutput) Id() pulumi.StringOutput { 161 return o.ApplyT(func(v GetSessionContextResult) string { return v.Id }).(pulumi.StringOutput) 162 } 163 164 // IAM source role ARN if `arn` corresponds to an STS assumed role. Otherwise, `issuerArn` is equal to `arn`. 165 func (o GetSessionContextResultOutput) IssuerArn() pulumi.StringOutput { 166 return o.ApplyT(func(v GetSessionContextResult) string { return v.IssuerArn }).(pulumi.StringOutput) 167 } 168 169 // Unique identifier of the IAM role that issues the STS assumed role. 170 func (o GetSessionContextResultOutput) IssuerId() pulumi.StringOutput { 171 return o.ApplyT(func(v GetSessionContextResult) string { return v.IssuerId }).(pulumi.StringOutput) 172 } 173 174 // Name of the source role. Only available if `arn` corresponds to an STS assumed role. 175 func (o GetSessionContextResultOutput) IssuerName() pulumi.StringOutput { 176 return o.ApplyT(func(v GetSessionContextResult) string { return v.IssuerName }).(pulumi.StringOutput) 177 } 178 179 // Name of the STS session. Only available if `arn` corresponds to an STS assumed role. 180 func (o GetSessionContextResultOutput) SessionName() pulumi.StringOutput { 181 return o.ApplyT(func(v GetSessionContextResult) string { return v.SessionName }).(pulumi.StringOutput) 182 } 183 184 func init() { 185 pulumi.RegisterOutputType(GetSessionContextResultOutput{}) 186 }